[[:admin|< retour à la page de l'administration technique]]


====== CETTE PAGE EST OBSOLETE =======

**webldap** est hébergé sur hexagon et sur federez-test dans ''/srv/webldap''.

===== Installation =====

==== Dépendances Debian ====

  apt-get install libldap2-dev libffi-dev python3 python3-pip

==== Code ====

  cd /srv
  git clone https://github.com/FedeRez/webldap.git

Ensuite, copier ''app/webldap/local_settings.sample.py'' vers ''app/webldap/local_settings.py'' et modifier ce dernier (voir configuration en bas de cette page).

  cd /srv/webldap
  pip3 install -r requirements.txt
  python manage.py migrate
  chown -R www-data: /srv/webldap

==== Apache ====

  aptitude install libapache2-mod-wsgi-py3

Vérifier que le module est chargé :

  a2enmod wsgi

Configurer le VHost avec le fichier en annexe de cette page puis :

  a2ensite webldap
  apache2ctl configtest
  service apache restart

===== Configuration =====

<file python app/webldap/local_settings.py>
DEBUG = True
TEMPLATE_DEBUG = DEBUG

ALLOWED_HOSTS = [
    '.federez.net',
]

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': '/srv/webldap/db',
    }
}

# Make this unique, and don't share it with anybody.
SECRET_KEY = ''

# Absolute paths to template directories
TEMPLATE_DIRS = (
        '/srv/webldap/templates',
)

# SMTP relay (host and port) to use for confirmation mails
EMAIL_HOST = 'localhost'
EMAIL_PORT = 25

# Email `From` field
EMAIL_FROM = 'admin@federez.net'

# Number of hours a token remains valid after having been created.  Numeric and string
# versions should have the same meaning.
REQ_EXPIRE_HRS = 48
REQ_EXPIRE_STR = '48 heures'

# LDAP server URI (protocol and address)
LDAP_URI = 'ldap://localhost'

# Whether to use STARTTLS
LDAP_STARTTLS = False

# Certificate used with LDAPS or STARTTLS
LDAP_CACERT = ''

# LDAP base DN
LDAP_BASE = 'dc=federez,dc=net'

# LDAP application DN
LDAP_WEBLDAP_USER = 'cn=webldap,ou=service-users,dc=federez,dc=net'

# LDAP application password
LDAP_WEBLDAP_PASSWD = 'secret'

# Default LDAP groups and roles for created users
LDAP_DEFAULT_GROUPS = []
LDAP_DEFAULT_ROLES = ['member']
</file>

<file apache /etc/apache2/sites-available/webldap>
<VirtualHost *:80>
    ServerName ldap.federez.net

    Redirect permanent / https://ldap.federez.net
    
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/webldap-error.log
    CustomLog ${APACHE_LOG_DIR}/webldap-access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerName ldap.federez.net

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/webldap-error.log
    CustomLog ${APACHE_LOG_DIR}/webldap-access.log combined

    Alias /static /srv/webldap/app/main/static

    WSGIScriptAlias / /srv/webldap/app/wsgi.py
    WSGIProcessGroup webldap
    WSGIDaemonProcess webldap processes=2 threads=16 maximum-requests=1000 display-name=webldap

    SSLEngine on
    SSLCertificateFile /etc/ssl/federez/federez.crt
    SSLCertificateKeyFile /etc/ssl/private/federez.key
    SSLCertificateChainFile /etc/ssl/federez/sub.class2.server.ca.pem
    SSLCACertificateFile /etc/ssl/certs/StartCom_Certification_Authority.pem
</VirtualHost>
</file>