mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Documentation fixes and attempt to fix Travis
This commit is contained in:
parent
925bc0ef9a
commit
3d32de8cad
14
.travis.yml
14
.travis.yml
@ -1,16 +1,14 @@
|
|||||||
sudo: false
|
sudo: required
|
||||||
language: python
|
language: python
|
||||||
|
dist: trusty
|
||||||
python:
|
python:
|
||||||
#- "2.6"
|
- "2.7"
|
||||||
#- "2.7"
|
|
||||||
#- "3.2"
|
|
||||||
- "3.3"
|
|
||||||
- "3.4"
|
|
||||||
- "3.5"
|
|
||||||
after_success:
|
after_success:
|
||||||
- codecov
|
- codecov
|
||||||
|
virtualenv:
|
||||||
|
system_site_packages: true
|
||||||
before_install:
|
before_install:
|
||||||
# codecov.io
|
- apt-get install -qq python-configparser python-cffi
|
||||||
- pip install codecov pytest-cov
|
- pip install codecov pytest-cov
|
||||||
install:
|
install:
|
||||||
- pip install -r requirements.txt
|
- pip install -r requirements.txt
|
||||||
|
10
README.rst
10
README.rst
@ -77,9 +77,9 @@ To install Certidude:
|
|||||||
apt-get install -y python python-pip python-dev cython python-configparser \
|
apt-get install -y python python-pip python-dev cython python-configparser \
|
||||||
python-pysqlite2 python-mysql.connector python-ldap \
|
python-pysqlite2 python-mysql.connector python-ldap \
|
||||||
build-essential libffi-dev libssl-dev libkrb5-dev \
|
build-essential libffi-dev libssl-dev libkrb5-dev \
|
||||||
ldap-utils krb5-user default-mta \
|
ldap-utils krb5-user \
|
||||||
libsasl2-modules-gssapi-mit
|
libsasl2-modules-gssapi-mit
|
||||||
pip3 install certidude
|
pip install certidude
|
||||||
|
|
||||||
Make sure you're running PyOpenSSL 0.15+ from PyPI,
|
Make sure you're running PyOpenSSL 0.15+ from PyPI,
|
||||||
not the outdated one provided by APT.
|
not the outdated one provided by APT.
|
||||||
@ -279,8 +279,8 @@ Restart the services:
|
|||||||
service nginx restart
|
service nginx restart
|
||||||
|
|
||||||
|
|
||||||
Setting up Kerberos authentication
|
Setting up Active Directory authentication
|
||||||
----------------------------------
|
------------------------------------------
|
||||||
|
|
||||||
Following assumes you have already set up Kerberos infrastructure and
|
Following assumes you have already set up Kerberos infrastructure and
|
||||||
Certidude is simply one of the servers making use of that infrastructure.
|
Certidude is simply one of the servers making use of that infrastructure.
|
||||||
@ -349,7 +349,7 @@ Reconfigure /etc/certidude/server.conf:
|
|||||||
backend = ldap
|
backend = ldap
|
||||||
ldap gssapi credential cache = /run/certidude/krb5cc
|
ldap gssapi credential cache = /run/certidude/krb5cc
|
||||||
ldap user filter = (&(objectclass=user)(objectcategory=person)(samaccountname=%s))
|
ldap user filter = (&(objectclass=user)(objectcategory=person)(samaccountname=%s))
|
||||||
ldap admin filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))
|
ldap admin filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))
|
||||||
|
|
||||||
User filter here specified which users can log in to Certidude web interface
|
User filter here specified which users can log in to Certidude web interface
|
||||||
at all eg. for generating user certificates for HTTPS.
|
at all eg. for generating user certificates for HTTPS.
|
||||||
|
@ -12,20 +12,12 @@ backend = posix
|
|||||||
[authorization]
|
[authorization]
|
||||||
backend = posix
|
backend = posix
|
||||||
#backend = ldap
|
#backend = ldap
|
||||||
whitelist admin users = root administrator
|
|
||||||
ldap gssapi credential cache = /run/certidude/krb5cc
|
ldap gssapi credential cache = /run/certidude/krb5cc
|
||||||
|
|
||||||
ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s))
|
ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s))
|
||||||
ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s))
|
ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s))
|
||||||
ldap admins filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=koodur,dc=com)(samaccountname=%s))
|
ldap admins filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))
|
||||||
ldap member of filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)(memberOf=%s))
|
posix user group = users
|
||||||
ldap members filter = (&(objectclass=group)(cn=%s)(member=%s))
|
posix admin group = sudo
|
||||||
|
|
||||||
ldap group filter = (&(objectClass=group)(cn=%s)(member=%s))
|
|
||||||
ldap user group =
|
|
||||||
ldap admin group = domain admins
|
|
||||||
posix user group =
|
|
||||||
posix admin group = certidude
|
|
||||||
user subnets = 0.0.0.0/0
|
user subnets = 0.0.0.0/0
|
||||||
admin subnets = 0.0.0.0/0
|
admin subnets = 0.0.0.0/0
|
||||||
request subnets = 0.0.0.0/0
|
request subnets = 0.0.0.0/0
|
||||||
|
Loading…
Reference in New Issue
Block a user