Auth: Replace openidentityplatform/opendj with glauth #98
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
parent
63b14c8df1
commit
0488522868
4 changed files with 70 additions and 28 deletions
41
.ldap.cfg
Normal file
41
.ldap.cfg
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
debug = true
|
||||
[behaviors]
|
||||
# Ignore all capabilities restrictions, for instance allowing every user to perform a search
|
||||
IgnoreCapabilities = true
|
||||
[ldap]
|
||||
enabled = true
|
||||
listen = "0.0.0.0:389"
|
||||
[ldaps]
|
||||
enabled = false
|
||||
listen = "0.0.0.0:636"
|
||||
[api]
|
||||
enabled = true
|
||||
internals = true
|
||||
tls = false
|
||||
listen = "0.0.0.0:5555"
|
||||
[backend]
|
||||
datastore = "config"
|
||||
baseDN = "dc=localssl,dc=dev"
|
||||
[[users]]
|
||||
name = "user"
|
||||
givenname="John"
|
||||
sn="Doe"
|
||||
mail = "jdoe@example.com"
|
||||
passsha256 = "4314c1fe282face45336b1422a3285c5ff31a39c8e24425615fa53a43b718493" # photoprism
|
||||
[[users.customattributes]]
|
||||
photoprismRole = ["user"]
|
||||
photoprismLogin = ["true"]
|
||||
photoprismWebdav = ["true"]
|
||||
[[users.capabilities]]
|
||||
action = "search"
|
||||
object = "*"
|
||||
[[users]]
|
||||
name = "guest"
|
||||
givenname="Guest"
|
||||
mail = "guest@example.com"
|
||||
passsha256 = "4314c1fe282face45336b1422a3285c5ff31a39c8e24425615fa53a43b718493" # photoprism
|
||||
[[users.customattributes]]
|
||||
photoprismRole = ["guest"]
|
||||
[[users.capabilities]]
|
||||
action = "search"
|
||||
object = "*"
|
||||
|
|
@ -46,13 +46,18 @@ services:
|
|||
PHOTOPRISM_REGISTER_URI: "https://keycloak.localssl.dev/admin/"
|
||||
PHOTOPRISM_PASSWORD_RESET_URI: "https://keycloak.localssl.dev/realms/master/login-actions/reset-credentials"
|
||||
## LDAP Authentication (pre-configured for local tests):
|
||||
PHOTOPRISM_LDAP_URI: "ldaps://dummy-ldap:1636"
|
||||
PHOTOPRISM_LDAP_URI: "ldap://dummy-ldap:389"
|
||||
PHOTOPRISM_LDAP_INSECURE: "true"
|
||||
PHOTOPRISM_LDAP_ROLE: "user"
|
||||
PHOTOPRISM_LDAP_WEBDAV: "true"
|
||||
PHOTOPRISM_LDAP_BIND: "simple"
|
||||
PHOTOPRISM_LDAP_BIND_DN: "cn"
|
||||
PHOTOPRISM_LDAP_BASE_DN: "dc=localssl,dc=dev"
|
||||
PHOTOPRISM_LDAP_SYNC: "true"
|
||||
PHOTOPRISM_LDAP_ROLE: "user"
|
||||
PHOTOPRISM_LDAP_ROLE_DN: "photoprismRole"
|
||||
PHOTOPRISM_LDAP_LOGIN: "true"
|
||||
PHOTOPRISM_LDAP_LOGIN_DN: "photoprismLogin"
|
||||
PHOTOPRISM_LDAP_WEBDAV: "false"
|
||||
PHOTOPRISM_LDAP_WEBDAV_DN: "photoprismWebdav"
|
||||
## OpenID Connect (pre-configured for local tests):
|
||||
PHOTOPRISM_OIDC_URI: "https://keycloak.localssl.dev/auth/realms/master"
|
||||
PHOTOPRISM_OIDC_INSECURE: "true"
|
||||
|
|
@ -162,7 +167,7 @@ services:
|
|||
## Login: user / photoprism
|
||||
## Admin: admin / photoprism
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:19.0
|
||||
image: quay.io/keycloak/keycloak:20.0
|
||||
command: "start-dev" # development mode, do not use this in production!
|
||||
container_name: keycloak
|
||||
links:
|
||||
|
|
@ -188,27 +193,22 @@ services:
|
|||
KC_DB_USERNAME: "keycloak"
|
||||
KC_DB_PASSWORD: "keycloak"
|
||||
|
||||
## Dummy LDAP Server
|
||||
## Dummy LDAP Directory Server
|
||||
dummy-ldap:
|
||||
image: openidentityplatform/opendj:latest
|
||||
image: glauth/glauth-plugins:latest
|
||||
container_name: dummy-ldap
|
||||
expose:
|
||||
- 1389
|
||||
- 1636
|
||||
- 4444
|
||||
# ports:
|
||||
# - "1389:1389"
|
||||
# - "1636:1636"
|
||||
# - "4444:4444"
|
||||
user: "1001:1000"
|
||||
environment:
|
||||
OPENDJ_USER: 1001
|
||||
PORT: 1389
|
||||
LDAPS_PORT: 1636
|
||||
BASE_DN: "dc=localssl,dc=dev"
|
||||
ADD_BASE_ENTRY: "--addBaseEntry"
|
||||
ROOT_USER_DN: "cn=user"
|
||||
ROOT_PASSWORD: "photoprism"
|
||||
ports:
|
||||
- "127.0.0.1:389:389"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.ldap.loadbalancer.server.port=5555"
|
||||
- "traefik.http.routers.dummy-ldap.entrypoints=websecure"
|
||||
- "traefik.http.routers.dummy-ldap.rule=Host(`dummy-ldap.localssl.dev`)"
|
||||
- "traefik.http.routers.dummy-ldap.tls.domains[0].main=localssl.dev"
|
||||
- "traefik.http.routers.dummy-ldap.tls.domains[0].sans=*.localssl.dev"
|
||||
- "traefik.http.routers.dummy-ldap.tls=true"
|
||||
volumes:
|
||||
- "./.ldap.cfg:/app/config/config.cfg"
|
||||
|
||||
## Dummy OpenID Connect Provider
|
||||
dummy-oidc:
|
||||
|
|
|
|||
4
go.mod
4
go.mod
|
|
@ -41,7 +41,7 @@ require (
|
|||
github.com/stretchr/testify v1.8.1
|
||||
github.com/studio-b12/gowebdav v0.0.0-20211106090535-29e74efa701f
|
||||
github.com/tensorflow/tensorflow v1.15.2
|
||||
github.com/tidwall/gjson v1.14.3
|
||||
github.com/tidwall/gjson v1.14.4
|
||||
github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6
|
||||
github.com/urfave/cli v1.22.10
|
||||
go4.org v0.0.0-20201209231011-d4a079459e60 // indirect
|
||||
|
|
@ -147,7 +147,7 @@ require (
|
|||
github.com/softlayer/softlayer-go v1.0.6 // indirect
|
||||
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
|
||||
github.com/tidwall/match v1.1.1 // indirect
|
||||
github.com/tidwall/pretty v1.2.0 // indirect
|
||||
github.com/tidwall/pretty v1.2.1 // indirect
|
||||
github.com/ugorji/go/codec v1.2.7 // indirect
|
||||
go.opencensus.io v0.23.0 // indirect
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
|
||||
|
|
|
|||
7
go.sum
7
go.sum
|
|
@ -936,12 +936,13 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod
|
|||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490/go.mod h1:l9q4vc1QiawUB1m3RU+87yLvrrxe54jc0w/kEl4DbSQ=
|
||||
github.com/tensorflow/tensorflow v1.15.2 h1:7/f/A664Tml/nRJg04+p3StcrsT53mkcvmxYHXI21Qo=
|
||||
github.com/tensorflow/tensorflow v1.15.2/go.mod h1:itOSERT4trABok4UOoG+X4BoKds9F3rIsySdn+Lvu90=
|
||||
github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw=
|
||||
github.com/tidwall/gjson v1.14.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
|
||||
github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=
|
||||
github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
|
||||
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
|
||||
github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
|
||||
github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
|
||||
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
|
||||
github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
|
||||
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
github.com/transip/gotransip/v6 v6.17.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
|
||||
github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
|
||||
|
|
|
|||
Loading…
Reference in a new issue