mirror of
https://github.com/retspen/webvirtcloud
synced 2024-12-25 15:45:23 +00:00
Added ldap password encryption
This commit is contained in:
parent
02b02d3321
commit
e26a114c44
3 changed files with 33 additions and 3 deletions
14
README.md
14
README.md
|
@ -397,11 +397,21 @@ sudo sed -i "s/LDAP_URL = ''/LDAP_URL = 'myldap.server.com'/g"" /srv/webvirtclou
|
||||||
sudo sed -i "s/LDAP_ROOT_DN = ''/LDAP_ROOT_DN = 'dc=server,dc=com'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
|
sudo sed -i "s/LDAP_ROOT_DN = ''/LDAP_ROOT_DN = 'dc=server,dc=com'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
|
||||||
```
|
```
|
||||||
|
|
||||||
Set the user that has browse access to LDAP and its password
|
Set the passphrase to decrypt the password
|
||||||
|
```bash
|
||||||
|
sudo sed -i "s/pass:MYPASSPHRASE/pass:MYTRUEPASSPHRASE/g" /srv/webvirtcloud/webvirtcloud/.dec_ldap_pwd.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
Encrypt the password
|
||||||
|
```bash
|
||||||
|
echo MYPASSWORD | openssl enc -pbkdf2 -salt -pass pass:MYTRUEPASSPHRASE | base64
|
||||||
|
```
|
||||||
|
|
||||||
|
Set the user that has browse access to LDAP and its password encrypted
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo sed -i "s/LDAP_MASTER_DN = ''/LDAP_MASTER_DN = 'cn=admin,ou=users,dc=kendar,dc=org'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
|
sudo sed -i "s/LDAP_MASTER_DN = ''/LDAP_MASTER_DN = 'cn=admin,ou=users,dc=kendar,dc=org'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
|
||||||
sudo sed -i "s/LDAP_MASTER_PW = ''/LDAP_MASTER_PW = 'password'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
|
sudo sed -i "s/LDAP_MASTER_PW_ENC = ''/LDAP_MASTER_PW_ENC = 'MYPASSWORDENCRYPTED'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
|
||||||
```
|
```
|
||||||
|
|
||||||
Set the attribute that will be used to find the username, i usually use the cn
|
Set the attribute that will be used to find the username, i usually use the cn
|
||||||
|
|
18
webvirtcloud/.dec_ldap_pwd.sh
Executable file
18
webvirtcloud/.dec_ldap_pwd.sh
Executable file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#####
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
# LDAP PASSWORD DECRYPTION SCRIPT
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
|
||||||
|
#####
|
||||||
|
|
||||||
|
ENC_PASSWD=$1
|
||||||
|
|
||||||
|
echo $(echo $ENC_PASSWD | base64 -d | openssl enc -pbkdf2 -salt -d -pass pass:MYPASSPHRASE )
|
||||||
|
|
|
@ -3,6 +3,7 @@ Django settings for webvirtcloud project.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import subprocess
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
||||||
|
@ -263,7 +264,8 @@ LDAP_PORT = 389
|
||||||
USE_SSL = False
|
USE_SSL = False
|
||||||
## The user with search rights on ldap. (e.g cn=admin,dc=kendar,dc=org)
|
## The user with search rights on ldap. (e.g cn=admin,dc=kendar,dc=org)
|
||||||
LDAP_MASTER_DN = ''
|
LDAP_MASTER_DN = ''
|
||||||
LDAP_MASTER_PW = ''
|
LDAP_MASTER_PW_ENC = ''
|
||||||
|
LDAP_MASTER_PW = subprocess.Popen(["bash", str(BASE_DIR) + "/webvirtcloud/.dec_ldap_pwd.sh", LDAP_MASTER_PW_ENC],stdout=subprocess.PIPE, text=True).stdout.read().strip('\n')
|
||||||
## The root dn (e.g. dc=kendar,dc=org)
|
## The root dn (e.g. dc=kendar,dc=org)
|
||||||
LDAP_ROOT_DN = ''
|
LDAP_ROOT_DN = ''
|
||||||
## Queries to identify the users, i use groupOfUniqueNames on openldap
|
## Queries to identify the users, i use groupOfUniqueNames on openldap
|
||||||
|
|
Loading…
Reference in a new issue