Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP support #26

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

LDAP support #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
59fbf78
add ldap support
fischerman Jan 30, 2016
407df28
Fix typo in config
fischerman Jan 30, 2016
035f03c
Move replace section, so that PLUGIN constant gets replaced properly
fischerman Jan 30, 2016
8fb5846
Add ldap to README
fischerman Jan 31, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ FROM ubuntu
MAINTAINER Christian Lück <[email protected]>

RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
nginx supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \
php5-pgsql php5-mysql php5-mcrypt && apt-get clean && rm -rf /var/lib/apt/lists/*
git nginx supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \
php5-pgsql php5-ldap php5-mysql php5-mcrypt && apt-get clean && rm -rf /var/lib/apt/lists/*

# enable the mcrypt module
RUN php5enmod mcrypt
Expand All @@ -19,6 +19,10 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl --n
&& curl -SL https://tt-rss.org/gitlab/fox/tt-rss/repository/archive.tar.gz?ref=master | tar xzC /var/www --strip-components 1 \
&& apt-get purge -y --auto-remove curl \
&& chown www-data:www-data -R /var/www

RUN git clone https://github.com/hydrian/TTRSS-Auth-LDAP.git /TTRSS-Auth-LDAP && \
cp -r /TTRSS-Auth-LDAP/plugins/auth_ldap plugins/ && \
ls -la /var/www/plugins
RUN cp config.php-dist config.php

# expose only nginx HTTP port
Expand All @@ -32,6 +36,9 @@ ENV DB_NAME ttrss
ENV DB_USER ttrss
ENV DB_PASS ttrss

# auth method, options are: internal, ldap
ENV AUTH_METHOD internal

# always re-configure database with current ENV when RUNning container, then monitor all services
ADD configure-db.php /configure-db.php
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
Expand Down
26 changes: 26 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,32 @@ For more information check out the [official documentation](https://github.com/g
-e SELF_URL_PATH=https://example.org/ttrss
```

### Authentication

This container supports internal and ldap by setting `AUTH_METHOD` to `internal` or `ldap`. Default is `internal`.

```
-e AUTH_METHOD=internal
```

### LDAP

If `AUTH_METHOD` is set to `ldap` you must/can set the following variables:

- `LDAP_AUTH_SERVER_URI`. Default is `ldap://ldap`
- `LDAP_AUTH_USETLS`. Default is `FALSE`
- `LDAP_AUTH_ALLOW_UNTRUSTED_CERT`. Default is `TRUE`
- `LDAP_AUTH_BASEDN`. Require
- `LDAP_AUTH_ANONYMOUSBEFOREBIND`. Default `FALSE`
- `LDAP_AUTH_SEARCHFILTER`. `???` is replaced by the login name. Default `(&(objectClass=user)(sAMAccountName=???))`
- `LDAP_AUTH_BINDDN`. Required
- `LDAP_AUTH_BINDPW`. Required
- `LDAP_AUTH_LOGIN_ATTRIB`. Default is `sAMAccountName`
- `LDAP_AUTH_LOG_ATTEMPTS`. Default is `FALSE`
- `LDAP_AUTH_DEBUG`. Default is `FALSE`

For more information consult https://github.com/hydrian/TTRSS-Auth-LDAP

### Testing ttrss in foreground

For testing purposes it's recommended to initially start this container in foreground.
Expand Down
16 changes: 16 additions & 0 deletions configure-db.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,25 @@
}

$contents = file_get_contents($confpath);
if(getenv('AUTH_METHOD') == "ldap") {
$config['PLUGINS'] = 'auth_ldap, note';
$contents .= "define('LDAP_AUTH_SERVER_URI', '" . env("LDAP_AUTH_SERVER_URI", "ldap://ldap") . "');\n";
$contents .= "define('LDAP_AUTH_USETLS', " . env("LDAP_AUTH_USETLS", "FALSE") . "); \n";
$contents .= "define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', " . env("LDAP_AUTH_ALLOW_UNTRUSTED_CERT", "TRUE") . ");\n";
$contents .= "define('LDAP_AUTH_BASEDN', '" . env("LDAP_AUTH_BASEDN") . "');\n";
$contents .= "define('LDAP_AUTH_ANONYMOUSBEFOREBIND', " . env("LDAP_AUTH_ANONYMOUSBEFOREBIND", "FALSE") . ");\n";
// ??? will be replaced with the entered username(escaped) at login
$contents .= "define('LDAP_AUTH_SEARCHFILTER', '" .env("LDAP_AUTH_SEARCHFILTER", "(&(objectClass=user)(sAMAccountName=???))") . "');\n";
$contents .= "define('LDAP_AUTH_BINDDN', '" . env("LDAP_AUTH_BINDDN") . "');\n";
$contents .= "define('LDAP_AUTH_BINDPW', '" . env("LDAP_AUTH_BINDPW") . "');\n";
$contents .= "define('LDAP_AUTH_LOGIN_ATTRIB', '" . env("LDAP_AUTH_LOGIN_ATTRIB", "sAMAccountName") . "');\n";
$contents .= "define('LDAP_AUTH_LOG_ATTEMPTS', " . env("LDAP_AUTH_LOG_ATTEMPTS", "FALSE") . ");\n";
$contents .= "define('LDAP_AUTH_DEBUG', " . env("LDAP_AUTH_DEBUG", "FALSE") . ");\n";
}
foreach ($config as $name => $value) {
$contents = preg_replace('/(define\s*\(\'' . $name . '\',\s*)(.*)(\);)/', '$1"' . $value . '"$3', $contents);
}

file_put_contents($confpath, $contents);

function env($name, $default = null)
Expand Down