From d74634720cc8c09f4ab59185ac0fe1545c9fdcb1 Mon Sep 17 00:00:00 2001 From: Trinity POINTARD Date: Fri, 9 Oct 2020 09:59:16 +0200 Subject: [PATCH 1/4] document ldap --- source/environment.html.md | 14 ++++++++++++++ source/installation/config.html.md | 2 ++ 2 files changed, 16 insertions(+) diff --git a/source/environment.html.md b/source/environment.html.md index ef61f32..9edbaa5 100644 --- a/source/environment.html.md +++ b/source/environment.html.md @@ -59,3 +59,17 @@ PLUME_LOGO_192=icons/trwnh/paragraphs/plumeParagraphs192.png PLUME_LOGO_256=icons/trwnh/paragraphs/plumeParagraphs256.png PLUME_LOGO_512=icons/trwnh/paragraphs/plumeParagraphs512.png ``` + +Plume support delegating authentication via LDAP. +- `LDAP_ADDR`: address of the LDAP server +- `LDAP_BASE_DN`: base DN used when binding, see explanation below +- `LDAP_USER_NAME_ATTR`: attribut with user name ised when binding, see explanation below (default=`cn`) +- `LDAP_USER_MAIL_ATTR`: attribut containing the mail address of the user (default=`mail`) +- `LDAP_TLS`: connect to the LDAP server using TLS (default=false) + +Plume determines what to bind using `LDAP_BASE_DN`, `LDAP_USER_NAME_ATTR` and the user name. +Assuming what you need Plume to bind is `username={user name},ou=users,dc=your-org`, the configuration would be the following: +```bash +LDAP_BASE_DN=ou=users,dc=your-org +LDAP_USER_NAME_ATTR=username +``` diff --git a/source/installation/config.html.md b/source/installation/config.html.md index ab62f2f..9dc8dba 100644 --- a/source/installation/config.html.md +++ b/source/installation/config.html.md @@ -83,6 +83,8 @@ plm instance new plm users new --admin ``` +Note if you want to use LDAP: you should still create an administrator account, at least to give admin rights to your own LDAP account once it's registered. + On **Windows**, there might be an error creating the admin user. To get around this, you need to run: ``` plm users new --admin -n "adminusername" -N "Human Readable Admin Name" -b "Biography of Admin here" -p hackmeplease From d62ab0bcb4d97a5c65e4e7c1ca6e60a52b1c0c91 Mon Sep 17 00:00:00 2001 From: Kitaiti Makoto Date: Sun, 6 Dec 2020 02:44:34 +0900 Subject: [PATCH 2/4] Add anchors to headings --- config.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.rb b/config.rb index f7ba231..8cf5f7c 100644 --- a/config.rb +++ b/config.rb @@ -2,7 +2,7 @@ # https://middlemanapp.com/advanced/configuration/#configuring-extensions set :markdown_engine, :redcarpet -set :markdown, :fenced_code_blocks => true, :smartypants => true +set :markdown, :fenced_code_blocks => true, :smartypants => true, :with_toc_data => true activate :syntax From f4fc4f5295daa39e0877660a34a4e3d6c23e50ab Mon Sep 17 00:00:00 2001 From: Kitaiti Makoto Date: Sun, 6 Dec 2020 02:44:59 +0900 Subject: [PATCH 3/4] Add headings to env var page --- source/environment.html.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source/environment.html.md b/source/environment.html.md index 9edbaa5..69634f0 100644 --- a/source/environment.html.md +++ b/source/environment.html.md @@ -8,6 +8,8 @@ to configure the database, or the HTTP interface for instance.' Plume relies on some environment variables for some configuration options. You can either set them before starting the app with `cargo run` or write them in a `.env` file to have automatically loaded. +## Basic + Here are the variables that Plume uses: - `BASE_URL`: the domain name, or IP and port on which Plume is listening. It is used in all federation-related code. @@ -23,6 +25,8 @@ meaning that all your users will get disconnected. You can generate one with `op - `DB_MAX_SIZE`: the maximum number of database connections (`10` by default). Since 0.5.0. - `DB_MIN_IDLE`: the minimum idle database connection count (the same to `DB_MAX_SIZE` by default). Since 0.5.0. +## Mail + The SMTP server to send mails can be configured with: - `MAIL_SERVER`: the SMTP server to connect to. @@ -34,6 +38,8 @@ The SMTP server to send mails can be configured with: For the moment, Plume only sends mail when you need to reset your password (and only from the web interface, `plm users reset-password` doesn't send anything). If you don't plan to use this feature, you can simply remove (or comment) the lines to configure the mail server in your `.env`. +## Logo + You can also change the logo you want to use for your instance in this file. Your logo should be in the `static` directory. To make Plume load it, you can use: @@ -60,6 +66,8 @@ PLUME_LOGO_256=icons/trwnh/paragraphs/plumeParagraphs256.png PLUME_LOGO_512=icons/trwnh/paragraphs/plumeParagraphs512.png ``` +## LDAP + Plume support delegating authentication via LDAP. - `LDAP_ADDR`: address of the LDAP server - `LDAP_BASE_DN`: base DN used when binding, see explanation below From 89ad2fdb404ef316dc7372d0c798639d4b253619 Mon Sep 17 00:00:00 2001 From: Kitaiti Makoto Date: Sun, 6 Dec 2020 02:54:51 +0900 Subject: [PATCH 4/4] Add link to LDAP env vars to LDAP configuration section --- source/installation/config.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/installation/config.html.md b/source/installation/config.html.md index 9dc8dba..596c5ab 100644 --- a/source/installation/config.html.md +++ b/source/installation/config.html.md @@ -83,7 +83,7 @@ plm instance new plm users new --admin ``` -Note if you want to use LDAP: you should still create an administrator account, at least to give admin rights to your own LDAP account once it's registered. +Note if you want to [use LDAP](../../environment/#ldap): you should still create an administrator account, at least to give admin rights to your own LDAP account once it's registered. On **Windows**, there might be an error creating the admin user. To get around this, you need to run: ```