-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added usage instructions and screenshots
- Loading branch information
Showing
1 changed file
with
138 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,6 +21,7 @@ Missing features: | |
| - Backend: nameformat, groupformat, sshkeyattr | ||
| - User: loginShell, homeDir, sshkeys, passappsha256, otpsecret, yubikey | ||
|
|
||
| ---- | ||
|
|
||
| ### Installation: | ||
|
|
||
|
|
@@ -70,14 +71,15 @@ This should be run behind a reverse proxy like nginx that handles https! | |
|
|
||
| 4. Point glauth to the config.cfg created by glauth-ui | ||
|
|
||
| ---- | ||
|
|
||
| ### Environment Variables: | ||
|
|
||
| These can be set using environment variables using docker. | ||
|
|
||
| `SECRET_KEY=` | ||
|
|
||
| Should be a long random string to protect against CSRF attacks (https://flask-wtf.readthedocs.io/en/stable/form.html) and definatly set in a production environment. | ||
| Should be a long random string to protect against [CSRF attacks](https://flask-wtf.readthedocs.io/en/stable/form.html) and should definatly be set in a production environment. | ||
|
|
||
| `APPNAME=` | ||
|
|
||
|
|
@@ -115,6 +117,140 @@ See also (https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/#connection | |
|
|
||
| Sets the Glauth config.cfg path, Default is `config.cfg` in the apps `db/` subdirectory. | ||
|
|
||
| ---- | ||
|
|
||
| ### Usage: | ||
|
|
||
| coming soon... | ||
| **Login View:** | ||
|  | ||
|
|
||
| After you spun up the container you can login with the sample user `j_doe` and the password `dogood`. | ||
|
|
||
| **Main View:** | ||
|  | ||
|
|
||
| In the main view normal user can change their names and email adress or change their password. Administrators also have access to a email test function and the admin interface. | ||
|
|
||
| **Main Admin View:** | ||
|  | ||
|
|
||
| In the Admin Interface you can configure your glauth settings, users and groups. | ||
|
|
||
| **Admin User View:** | ||
|  | ||
|
|
||
| **Creating new users:** | ||
|  | ||
|
|
||
| When you create a new user you have the option to send an invite link per mail, the account is disabled until they created their password. | ||
|
|
||
| If the password field is left blank when creating new users it will be autogenerated and displayed to the admin but only if the Invite Option is not enabled. | ||
| Otherwise a random password and a token is generated for users to set their own. | ||
|
|
||
| Users without an email adress are not allowed to log into the ui (service accounts). | ||
|
|
||
| **Admin Group View:** | ||
|  | ||
|
|
||
| **Creating new groups:** | ||
|  | ||
|
|
||
| When you create a new group you can select if it is a primary group. | ||
|
|
||
| **Editing secondary groups:** | ||
|  | ||
|
|
||
| When you edit a non primary group you can assign users and set to include this group in other groups or configure the included groups. | ||
|
|
||
| **Editing primary groups:** | ||
|  | ||
|
|
||
| When you edit a primary group you can assign users and set which secondary groups it includes. | ||
| Primary groups can't be included in other primary groups or secondary groups. | ||
|
|
||
| **Editing glauth settings:** | ||
|  | ||
|
|
||
| You can also change several glauth settings from the ui. These are also stored in the db and are used when generating a new config file so make sure these are correct. | ||
| Changing those settings require you to restart glauth. | ||
|
|
||
| The glauth `watchconfig` option is missing here, it is automatically added as it is a dependancy for this to work correctly. | ||
|
|
||
| ----- | ||
|
|
||
| This would generate the following `config.cfg`: | ||
|
|
||
| ``` | ||
| ## GLAUTH config backend configuration file | ||
| # General configuration | ||
| watchconfig = true | ||
| debug = true | ||
| [ldap] | ||
| enabled = true | ||
| listen = "0.0.0.0:389" | ||
| [ldaps] | ||
| enabled = false | ||
| # Backend configuration | ||
| [backend] | ||
| datastore = "config" | ||
| baseDN = "dc=glauth-example,dc=com" | ||
| ## LDAP Users configuration | ||
| [[users]] | ||
| name = "j_doe" | ||
| givenname = "Jane" | ||
| sn = "Doe" | ||
| mail = "[email protected]" | ||
| unixid = 5001 | ||
| primarygroup = 5501 | ||
| passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a" | ||
| otherGroups = [ 5551,5552,5553 ] | ||
| [[users]] | ||
| name = "search" | ||
| unixid = 5002 | ||
| primarygroup = 5502 | ||
| passsha256 = "125844054e30fabcd4182ae69c9d7b38b58d63c067be10ab5ab883d658383316" | ||
| [[users]] | ||
| name = "jo_doe" | ||
| givenname = "John" | ||
| sn = "Doe" | ||
| mail = "[email protected]" | ||
| unixid = 5004 | ||
| primarygroup = 5501 | ||
| passsha256 = "3c8580d143af4b0585a84e7497978aafe550f8687ea52ceb180e8f884fd3319d" | ||
| otherGroups = [ 5551,5552 ] | ||
| disabled = True | ||
| ## LDAP Groups configuration | ||
| [[groups]] | ||
| name = "people" | ||
| unixid = 5501 | ||
| # primary user group | ||
| [[groups]] | ||
| name = "svcaccts" | ||
| unixid = 5502 | ||
| # service accounts | ||
| [[groups]] | ||
| name = "glauth_admin" | ||
| unixid = 5551 | ||
| [[groups]] | ||
| name = "vpn" | ||
| unixid = 5552 | ||
| includegroups = [ 5501 ] | ||
| [[groups]] | ||
| name = "xmpp" | ||
| unixid = 5553 | ||
| includegroups = [ 5501 ] | ||
| # Prosody XMPP Users | ||
| ``` | ||