From 3d32de8cad45a57a66542f4d0a4c9d8168c5247f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Mon, 28 Mar 2016 00:00:41 +0300 Subject: [PATCH] Documentation fixes and attempt to fix Travis --- .travis.yml | 14 ++++++-------- README.rst | 10 +++++----- certidude/templates/certidude.conf | 14 +++----------- 3 files changed, 14 insertions(+), 24 deletions(-) diff --git a/.travis.yml b/.travis.yml index 479ef3f..976328b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,16 +1,14 @@ -sudo: false +sudo: required language: python +dist: trusty python: - #- "2.6" - #- "2.7" - #- "3.2" - - "3.3" - - "3.4" - - "3.5" + - "2.7" after_success: - codecov +virtualenv: + system_site_packages: true before_install: - # codecov.io + - apt-get install -qq python-configparser python-cffi - pip install codecov pytest-cov install: - pip install -r requirements.txt diff --git a/README.rst b/README.rst index a7fcf92..1bbd3b0 100644 --- a/README.rst +++ b/README.rst @@ -77,9 +77,9 @@ To install Certidude: apt-get install -y python python-pip python-dev cython python-configparser \ python-pysqlite2 python-mysql.connector python-ldap \ build-essential libffi-dev libssl-dev libkrb5-dev \ - ldap-utils krb5-user default-mta \ + ldap-utils krb5-user \ libsasl2-modules-gssapi-mit - pip3 install certidude + pip install certidude Make sure you're running PyOpenSSL 0.15+ from PyPI, not the outdated one provided by APT. @@ -279,8 +279,8 @@ Restart the services: service nginx restart -Setting up Kerberos authentication ----------------------------------- +Setting up Active Directory authentication +------------------------------------------ Following assumes you have already set up Kerberos infrastructure and Certidude is simply one of the servers making use of that infrastructure. @@ -349,7 +349,7 @@ Reconfigure /etc/certidude/server.conf: backend = ldap ldap gssapi credential cache = /run/certidude/krb5cc ldap user filter = (&(objectclass=user)(objectcategory=person)(samaccountname=%s)) - ldap admin filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s)) + ldap admin filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s)) User filter here specified which users can log in to Certidude web interface at all eg. for generating user certificates for HTTPS. diff --git a/certidude/templates/certidude.conf b/certidude/templates/certidude.conf index 18ddb9d..bbfa228 100644 --- a/certidude/templates/certidude.conf +++ b/certidude/templates/certidude.conf @@ -12,20 +12,12 @@ backend = posix [authorization] backend = posix #backend = ldap -whitelist admin users = root administrator ldap gssapi credential cache = /run/certidude/krb5cc - ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s)) ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)) -ldap admins filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=koodur,dc=com)(samaccountname=%s)) -ldap member of filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)(memberOf=%s)) -ldap members filter = (&(objectclass=group)(cn=%s)(member=%s)) - -ldap group filter = (&(objectClass=group)(cn=%s)(member=%s)) -ldap user group = -ldap admin group = domain admins -posix user group = -posix admin group = certidude +ldap admins filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s)) +posix user group = users +posix admin group = sudo user subnets = 0.0.0.0/0 admin subnets = 0.0.0.0/0 request subnets = 0.0.0.0/0