ldap-frontend/README.md

2.1 KiB

ldap frontend for Queeres Zentrum Wiesbaden

Licenced under CC BY-NC-SA 4.0. See LICENCE file for full licence text.

Development

All instructions assume you have the requirements already installed.

Adding translations

Replace <LANG> with your intended language.

  1. run pybabel init -i messages.pot -d translations -l <LANG>
  2. edit translations/<LANG>/LC_MESSAGES/messages.po
  3. For testing, run pybabel compile -d translations

If you changed the translation strings, make sure to run pybabel extract -F babel.cfg -o messages.pot . and pybabel update -i messages.pot -d translations first.

Setting it up

After deploying the repository, change to ldap_frontend directory, then run pybabel compile -d translations.

config.json

{
    "ldap": {
        "server": "ldap://localhost:389",
        "username": "uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",
        "password": "my_super_secure_password",
        "group_base": "ou=Groups,dc=qzwi,dc=de",
        "user_base": "ou=Users,dc=qzwi,dc=de"
    },
    "template": {
        "group_admin": "(&(objectclass=inetOrgPerson)(uid={})(memberOf=ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de))",
        "group_dn": "ou={},ou=Groups,dc=qzwi,dc=de",
        "group_members": "(&(objectclass=inetOrgPerson)(memberOf=ou={},ou=Groups,dc=qzwi,dc=de))",
        "group_nonmembers": "(&(objectclass=inetOrgPerson)(!(memberOf=ou={},ou=Groups,dc=qzwi,dc=de)))",
        "user_dn": "uid={},ou=Users,dc=qzwi,dc=de",
        "user_search": "(&(objectclass=inetOrgPerson)(uid={}))"
    },
    "title": "Usermanagement QZWI"
}

ldap-frontend.service

[Unit]
Description=LDAP frontend
After=network.target
Requires=slapd.service # remove this if your server is not running on same machine

[Service]
User=www-data
Group=www-data
Environment=APP_CONFIG=/opt/ldap-frontend/config.json
Environment=FLASK_SECRET_KEY=reallysecure
WorkingDirectory=/opt/ldap-frontend/src
ExecStart=/opt/ldap-frontend/venv/bin/gunicorn --threads 4 --bind 127.0.0.1:23000 'ldap_frontend:app'

[Install]
WantedBy=multi-user.target