Update to 2020-10-01 10:00

master
Daniel Berteaud 4 years ago
parent 2f9049e6e6
commit 7720153799
  1. 13
      roles/mayan_edms/defaults/main.yml
  2. 1
      roles/mayan_edms/tasks/directories.yml
  3. 4
      roles/mayan_edms/tasks/install.yml
  4. 16
      roles/mayan_edms/templates/auth.py.j2
  5. 6
      roles/mayan_edms/templates/mayan-edms.j2
  6. 5
      roles/squid/files/acl/software_various.domains

@ -74,6 +74,19 @@ mayan_ldap_group_type: "{{ ad_auth | default(False) | ternary('NestedActiveDirec
# LDAP filter to search for groups # LDAP filter to search for groups
mayan_ldap_group_filter: "{{ ad_auth | default(False) | ternary('(objectClass=group)','(objectClass=posixGroup)') }}" mayan_ldap_group_filter: "{{ ad_auth | default(False) | ternary('(objectClass=group)','(objectClass=posixGroup)') }}"
# Define user flags based on group membership, for example :
#
# mayan_ldap_flags_by_group:
# is_active:
# - CN=Users,DC=example,DC=org
# is_staff:
# - CN=IT,OU=Groups,DC=example,DC=org
# is_superuser:
# - CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org
# - CN=Domain Admins,OU=Groups,DC=example,DC=org
mayan_ldap_flags_by_group: {}
# If defined, will either require user to be part of one of those groups, # If defined, will either require user to be part of one of those groups,
# or forbid access to membres of those groups # or forbid access to membres of those groups
# mayan_ldap_require_group: # mayan_ldap_require_group:

@ -24,4 +24,5 @@
mode: 750 mode: 750
- path: "{{ mayan_root_dir }}/fuse" - path: "{{ mayan_root_dir }}/fuse"
mode: 700 mode: 700
- path: "{{ mayan_root_dir }}/input"
tags: mayan tags: mayan

@ -77,6 +77,10 @@
virtualenv_python: /usr/bin/python3 virtualenv_python: /usr/bin/python3
tags: mayan tags: mayan
- name: Install mayan-edms wrapper
template: src=mayan-edms.j2 dest=/usr/local/bin/mayan-edms mode=755
tags: mayan
- name: Install Mayan EDMS - name: Install Mayan EDMS
pip: pip:
name: name:

@ -1,7 +1,7 @@
import ldap import ldap
from django_auth_ldap.config import ( from django_auth_ldap.config import (
LDAPSearch, LDAPSearchUnion, {{ mayan_ldap_group_type }} LDAPSearch, LDAPSearchUnion, LDAPGroupQuery, {{ mayan_ldap_group_type }}
) )
from mayan.settings.production import * from mayan.settings.production import *
@ -60,11 +60,25 @@ AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
AUTH_LDAP_GROUP_TYPE = {{ mayan_ldap_group_type }}() AUTH_LDAP_GROUP_TYPE = {{ mayan_ldap_group_type }}()
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
{% for key in mayan_ldap_flags_by_group.keys() %}
{% if mayan_ldap_flags_by_group[key] | length > 0 %}
'{{ key }}': (
{% for group in mayan_ldap_flags_by_group[key] %}
LDAPGroupQuery('{{ group }}') {{ '|' if not loop.last }}
{% endfor %}
),
{% endif %}
{% endfor %}
}
AUTHENTICATION_BACKENDS = ( AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend', 'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend' 'django.contrib.auth.backends.ModelBackend'
) )
AUTH_LDAP_MIRROR_GROUPS = True
{% if mayan_auth_custom_conf is defined %} {% if mayan_auth_custom_conf is defined %}
{{ mayan_auth_custom_conf }} {{ mayan_auth_custom_conf }}
{% endif %} {% endif %}

@ -0,0 +1,6 @@
#!/bin/bash -e
set -o allexport
. {{ mayan_root_dir }}/config/.env
set +o allexport
{{ mayan_root_dir }}/venv/bin/python {{ mayan_root_dir }}/venv/bin/mayan-edms.py $@

@ -200,6 +200,7 @@ graylog2-releases.s3.eu-west-1.amazonaws.com
# NPM / NodeJS # NPM / NodeJS
registry.npmjs.org registry.npmjs.org
registry.npmjs.com
# Asterisk / FreePBX # Asterisk / FreePBX
ast.tucny.com ast.tucny.com
@ -290,6 +291,10 @@ static.crates.io
npm.fontawesome.com npm.fontawesome.com
dl.fontawesome.com dl.fontawesome.com
# Google fonts
fonts.googleapis.com
fonts.gstatic.com
# Jitsi # Jitsi
download.jitsi.org download.jitsi.org
# Needed to build Jitsi Meet # Needed to build Jitsi Meet

Loading…
Cancel
Save