1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Documentation fixes and attempt to fix Travis

This commit is contained in:
Lauri Võsandi 2016-03-28 00:00:41 +03:00
parent 925bc0ef9a
commit 3d32de8cad
3 changed files with 14 additions and 24 deletions

View File

@ -1,16 +1,14 @@
sudo: false sudo: required
language: python language: python
dist: trusty
python: python:
#- "2.6" - "2.7"
#- "2.7"
#- "3.2"
- "3.3"
- "3.4"
- "3.5"
after_success: after_success:
- codecov - codecov
virtualenv:
system_site_packages: true
before_install: before_install:
# codecov.io - apt-get install -qq python-configparser python-cffi
- pip install codecov pytest-cov - pip install codecov pytest-cov
install: install:
- pip install -r requirements.txt - pip install -r requirements.txt

View File

@ -77,9 +77,9 @@ To install Certidude:
apt-get install -y python python-pip python-dev cython python-configparser \ apt-get install -y python python-pip python-dev cython python-configparser \
python-pysqlite2 python-mysql.connector python-ldap \ python-pysqlite2 python-mysql.connector python-ldap \
build-essential libffi-dev libssl-dev libkrb5-dev \ build-essential libffi-dev libssl-dev libkrb5-dev \
ldap-utils krb5-user default-mta \ ldap-utils krb5-user \
libsasl2-modules-gssapi-mit libsasl2-modules-gssapi-mit
pip3 install certidude pip install certidude
Make sure you're running PyOpenSSL 0.15+ from PyPI, Make sure you're running PyOpenSSL 0.15+ from PyPI,
not the outdated one provided by APT. not the outdated one provided by APT.
@ -279,8 +279,8 @@ Restart the services:
service nginx restart service nginx restart
Setting up Kerberos authentication Setting up Active Directory authentication
---------------------------------- ------------------------------------------
Following assumes you have already set up Kerberos infrastructure and Following assumes you have already set up Kerberos infrastructure and
Certidude is simply one of the servers making use of that infrastructure. Certidude is simply one of the servers making use of that infrastructure.
@ -349,7 +349,7 @@ Reconfigure /etc/certidude/server.conf:
backend = ldap backend = ldap
ldap gssapi credential cache = /run/certidude/krb5cc ldap gssapi credential cache = /run/certidude/krb5cc
ldap user filter = (&(objectclass=user)(objectcategory=person)(samaccountname=%s)) ldap user filter = (&(objectclass=user)(objectcategory=person)(samaccountname=%s))
ldap admin filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s)) ldap admin filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))
User filter here specified which users can log in to Certidude web interface User filter here specified which users can log in to Certidude web interface
at all eg. for generating user certificates for HTTPS. at all eg. for generating user certificates for HTTPS.

View File

@ -12,20 +12,12 @@ backend = posix
[authorization] [authorization]
backend = posix backend = posix
#backend = ldap #backend = ldap
whitelist admin users = root administrator
ldap gssapi credential cache = /run/certidude/krb5cc ldap gssapi credential cache = /run/certidude/krb5cc
ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s)) ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s))
ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)) ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s))
ldap admins filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=koodur,dc=com)(samaccountname=%s)) ldap admins filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))
ldap member of filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)(memberOf=%s)) posix user group = users
ldap members filter = (&(objectclass=group)(cn=%s)(member=%s)) posix admin group = sudo
ldap group filter = (&(objectClass=group)(cn=%s)(member=%s))
ldap user group =
ldap admin group = domain admins
posix user group =
posix admin group = certidude
user subnets = 0.0.0.0/0 user subnets = 0.0.0.0/0
admin subnets = 0.0.0.0/0 admin subnets = 0.0.0.0/0
request subnets = 0.0.0.0/0 request subnets = 0.0.0.0/0