Documentation fixes and attempt to fix Travis

2025-10-30 17:09:19 +00:00 · 2016-03-28 00:00:41 +03:00
parent 925bc0ef9a
commit 3d32de8cad
3 changed files with 14 additions and 24 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,16 +1,14 @@
-sudo: false
+sudo: required
 language: python
+dist: trusty
 python:
-  #- "2.6"
-  #- "2.7"
-  #- "3.2"
-  - "3.3"
-  - "3.4"
-  - "3.5"
+  - "2.7"
 after_success:
  - codecov
+virtualenv:
+  system_site_packages: true
 before_install:
-  # codecov.io
+  - apt-get install -qq python-configparser python-cffi
  - pip install codecov pytest-cov
 install:
  - pip install -r requirements.txt
--- a/README.rst
+++ b/README.rst
@@ -77,9 +77,9 @@ To install Certidude:
    apt-get install -y python python-pip python-dev cython python-configparser \
        python-pysqlite2 python-mysql.connector python-ldap \
        build-essential libffi-dev libssl-dev libkrb5-dev \
-        ldap-utils krb5-user default-mta \
+        ldap-utils krb5-user \
        libsasl2-modules-gssapi-mit
-    pip3 install certidude
+    pip install certidude

 Make sure you're running PyOpenSSL 0.15+ from PyPI,
 not the outdated one provided by APT.
@@ -279,8 +279,8 @@ Restart the services:
    service nginx restart


-Setting up Kerberos authentication
----------------------------------
+Setting up Active Directory authentication
+------------------------------------------

 Following assumes you have already set up Kerberos infrastructure and
 Certidude is simply one of the servers making use of that infrastructure.
@@ -349,7 +349,7 @@ Reconfigure /etc/certidude/server.conf:
    backend = ldap
    ldap gssapi credential cache = /run/certidude/krb5cc
    ldap user filter = (&(objectclass=user)(objectcategory=person)(samaccountname=%s))
-    ldap admin filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))
+    ldap admin filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))

 User filter here specified which users can log in to Certidude web interface
 at all eg. for generating user certificates for HTTPS.
--- a/certidude/templates/certidude.conf
+++ b/certidude/templates/certidude.conf
@@ -12,20 +12,12 @@ backend = posix
 [authorization]
 backend = posix
 #backend = ldap
-whitelist admin users = root administrator
 ldap gssapi credential cache = /run/certidude/krb5cc
-
 ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s))
 ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s))
-ldap admins filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=koodur,dc=com)(samaccountname=%s))
-ldap member of filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)(memberOf=%s))
-ldap members filter = (&(objectclass=group)(cn=%s)(member=%s))
-
-ldap group filter = (&(objectClass=group)(cn=%s)(member=%s))
-ldap user group =
-ldap admin group = domain admins
-posix user group =
-posix admin group = certidude
+ldap admins filter = (&(memberOf=cn=Domain Admins,cn=Users,dc=example,dc=com)(samaccountname=%s))
+posix user group = users
+posix admin group = sudo
 user subnets = 0.0.0.0/0
 admin subnets = 0.0.0.0/0
 request subnets = 0.0.0.0/0