Changeset 723529b4 in darkpeak-services


Ignore:
Timestamp:
Jul 15, 2018, 10:05:30 AM (23 months ago)
Author:
Caolan McMahon <caolan.mcmahon@…>
Branches:
ansible, keycloak, master, matrix, pleroma
Children:
8b7e2c00
Parents:
cfcef399
Message:

ttrss: turn off single-sign-on and go back to LDAP auth to support Android client

Location:
roles/ttrss
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • roles/ttrss/tasks/main.yml

    rcfcef399 r723529b4  
    11- name: Configure php-fpm for ttrss
    22  include: ../../php-fpm/tasks/configure-php-fpm-application.yml
    3 - name: Configure SAML2 authentication for ttrss
    4   include: ../../apache2/tasks/configure-apache-saml.yml
    53- name: Configure Apache for ttrss
    64  include: ../../apache2/tasks/configure-apache-site.yml
     
    2826    - php7.0-pgsql
    2927    - php7.0-xml
     28    - php-net-ldap2
    3029
    3130- name: Clone repository
     
    7170    "first_run | default(false)"
    7271
     72- name: Copy over LDAP plugin
     73  copy:
     74    src: auth_ldap
     75    dest: "{{ web_root }}/plugins/"
     76    owner: ttrss
     77    group: ttrss
     78   
    7379- name: Install systemd unit file for update daemon
    7480  template:
  • roles/ttrss/templates/apache.incl.conf.j2

    rcfcef399 r723529b4  
    1 <Location />
    2         AuthType Mellon
    3         MellonEnable "auth"
    4         Require valid-user
    5 
    6         # SP metadata
    7         MellonSPPrivateKeyFile /etc/apache2/mellon/{{ domain }}.key
    8         MellonSPCertFile       /etc/apache2/mellon/{{ domain }}.cert
    9         MellonSPMetadataFile   /etc/apache2/mellon/{{ domain }}.xml
    10 
    11         # IdP metadata
    12         MellonIdPMetadataFile /etc/ipsilon/saml2/metadata.xml
    13 
    14         # SAML2 attribute to environment variable mapping
    15         MellonUser uid
    16         MellonSetEnvNoPrefix "HTTP_USER_NAME" fullname
    17         MellonSetEnvNoPrefix "HTTP_USER_MAIL" mail
    18 </Location>
    19 
    201<Location /config.php>
    212        Require all denied
  • roles/ttrss/templates/config.php.j2

    rcfcef399 r723529b4  
    9191        // and settings profile.
    9292
     93        define('LDAP_AUTH_SERVER_URI', '{{ ldap_uri_ssl }}');
     94        define('LDAP_AUTH_USETLS', FALSE); // Enable TLS Support for ldaps://
     95        define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE); // Allows untrusted certificate
     96        define('LDAP_AUTH_BASEDN', '{{ ldap_basedn }}');
     97        define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
     98        // ??? will be replaced with the entered username(escaped) at login
     99        define('LDAP_AUTH_SEARCHFILTER', '(&(objectClass=person)(uid=???))');
     100        // Enables Schema Caching (Recommended)
     101        define('LDAP_AUTH_SCHEMA_CACHE_ENABLE', FALSE);
     102        // Max time a schema cache is kept (seconds)
     103        define('LDAP_AUTH_SCHEMA_CACHE_TIMEOUT', 86400);
     104
     105        // Enable Debug Logging
     106        define('LDAP_AUTH_DEBUG', FALSE);
     107
    93108        // *********************
    94109        // *** Feed settings ***
     
    159174
    160175        define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
    161         define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
     176        define('SMTP_FROM_ADDRESS', 'noreply@{{ domain_name }}');
    162177        // Name, address and subject for sending outgoing mail. This applies
    163178        // to password reset notifications, digest emails and any other mail.
     
    199214        // after login, or content encoding errors, disable it.
    200215
    201         define('PLUGINS', 'auth_remote, note');
     216        define('PLUGINS', 'auth_ldap, note');
    202217        // Comma-separated list of plugins to load automatically for all users.
    203218        // System plugins have to be specified here. Please enable at least one
Note: See TracChangeset for help on using the changeset viewer.