This commit is contained in:
15
README.md
15
README.md
@@ -29,9 +29,6 @@ Written by Nathan Coad (nathan.coad@dell.com)
|
||||
| LOG_FILE | Specify the name/path of file to write log messages to | /var/log/smt.log | ./smt.log
|
||||
| BIND_IP | Specify the local IP address to bind to. | 127.0.0.1 | Primary IPv4 address |
|
||||
| BIND_PORT | Specify the TCP/IP port to bind to. | 443 | 8443 |
|
||||
| LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | dc.example.com | No default specified |
|
||||
| LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "CN=Users,DC=example,DC=com" | No default specified |
|
||||
| LDAP_TRUST_CERT_FILE | If LDAP integration is needed, specify filepath to PEM format public certificate of Certificate Authority signing LDAPS communications | caroot.pem | No default specified, must define this value |
|
||||
| TLS_KEY_FILE | Specify the filename of the TLS certificate private key (must be unencrypted) in PEM format | key.pem | privkey.pem |
|
||||
| TLS_CERT_FILE | Specify the filename of the TLS certificate file in PEM format | cert.pem | cert.pem |
|
||||
| TOKEN_HOUR_LIFESPAN | Number of hours that the JWT token returned at login is valid | 12 | No default specified, must define this value |
|
||||
@@ -43,6 +40,18 @@ If the TLS certificate and key files cannot be located in the specified location
|
||||
|
||||
Example for generating API_SECRET and SECRETS_KEY is the following command on linux: `head /dev/urandom | tr -dc A-Za-z0-9 | head -c32`
|
||||
|
||||
### LDAP specific configuration
|
||||
|
||||
Several environment variables are available to configure LDAP integration if required. If the LDAP_BIND_ADDRESS is specified, SMT will attempt to perform an LDAP search for the provided username if no matches to the locally configured users are found in the database.
|
||||
|
||||
This lookup will utilise the sAMAccountName property of the user object in Active Directory. No other LDAP providers have been tested.
|
||||
|
||||
|Environment Variable Name| Description | Example | Default |
|
||||
|--|--|--|--|
|
||||
| LDAP_BIND_ADDRESS | If LDAP integration is needed, specify the LDAP Bind address. Only LDAPS on port 636 is supported. Do not specify port 636 in the bind address | dc.example.com | No default specified |
|
||||
| LDAP_BASE_DN | If LDAP integration is needed, specify the base DN to use when binding to AD | "CN=Users,DC=example,DC=com" | No default specified |
|
||||
| LDAP_TRUST_CERT_FILE | If LDAP integration is needed, specify filepath to PEM format public certificate of Certificate Authority signing LDAPS communications | caroot.pem | No default specified, must define this value |
|
||||
|
||||
## Systemd script
|
||||
|
||||
Create/update the systemd service definition at /etc/systemd/system/smt.service and then run systemctl daemon-reload
|
||||
|
||||
@@ -240,7 +240,7 @@ func VerifyLdapCreds(username string, password string) bool {
|
||||
log.Printf("VerifyLdapCreds group search error : '%s'\n", err)
|
||||
return false
|
||||
}
|
||||
fmt.Printf("groups: %v\n", groups)
|
||||
log.Printf("groups: %v\n", groups)
|
||||
|
||||
return true
|
||||
}
|
||||
@@ -271,7 +271,7 @@ func GetGroupsOfUser(username string, baseDN string, conn *ldap.Conn) ([]string,
|
||||
nil,
|
||||
)
|
||||
|
||||
fmt.Printf("searchRequest: %v\n", searchRequest)
|
||||
log.Printf("searchRequest: %v\n", searchRequest)
|
||||
|
||||
sr, err := conn.Search(searchRequest)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user