Guwan
/
ldap-matter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct some bug in Docker/README.md

This commit is contained in:
Denis CLAVIER 2019-03-19 22:14:09 +01:00 committed by GitHub
parent 07e6877192
commit 8fddce2fa1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Docker/README.md
View File

@ -16,7 +16,7 @@ The httpd server image is based on a CentOS 7 image on which an httpd server and
## Architecture
![Docker Architecture of Mattermost-LDAP and interraction with Mattermost](docker-mattermostldap.png "Docker Architecture of Mattermost-LDAP and interraction with Mattermost")
![Docker Architecture of Mattermost-LDAP and interraction with Mattermost](https://github.com/Crivaledaz/Mattermost-LDAP/blob/master/Docker/mattermostldap-docker.png)
The Oauth container exposes port 80 and Postgres container port 5432. The user interacts with the Oauth server and the tokens generated by it are stored in the database. In addition, when a user logs in, his ID is stored with a unique ID. This behavior is necessary for authentication with Mattermost. The figure above illustrates interraction between Oauth server, Postgres database and Mattermost.
@ -62,8 +62,8 @@ Some image parameters can be changed, by specifying the desired parameters in co
| ldap_bind_pass | The password associated to the service account to allow LDAP search | |
### Base de données
| Paramètre | Description | Défaut |
### Database
| Parameter | Description | Default value |
|------------|----------------------------------------------------------------------|--------------------|
| db_host | Hostname or IP address of the Postgres container (database) | 127.0.0.1 |
| db_port | The port of your database to connect | 5432 |
@ -74,7 +74,7 @@ Some image parameters can be changed, by specifying the desired parameters in co
### Client
| Paramètre | Description | Valeur par défaut |
| Parameter | Description | Default value |
|-----------------|--------------------------------------------------------------------|------------------------------------------------------|
| client_id | Token client ID shared with mattermost | 123456789 |
| client_secret | Token client Secret shared with mattermost | 987654321 |
@ -108,6 +108,11 @@ In addition, the mattermostldap-postgres container stores database entries in a
docker run -d mattermostldap-postgres --name database --volume /data/mattermostldap-postgres:/var/lib/postgresql/data
```
To delete the database container, you can use :
```
docker rm database
```
## Container mattermostldap-oauth
Once built, the mattermostldap-oauth image can be used to build a container running the oauth server of the Mattermost-LDAP module. The image contains a default configuration specified in the configuration section. To run a container from the mattermostldap-oauth image:
@ -120,6 +125,11 @@ To adapt the parameters of the image, youjust need to specify custom parameters
docker run -d mattermostldap-oauth --name oauth -e ldap_host="ldap.company.com" -e ldap_port=389
```
To delete the oauth container, you can use :
```
docker rm oauth
```
## Improvement
In order to allow a dynamic configuration of the mattermostldap-oauth and mattermostldap-postgres images, the choice has been made to pass the parameters by environmental variables to the container. However, this method exposes all user-defined settings to all processes in the container. As a result, passwords and security tokens are exposed throughout the container and can easily be recovered by any process running in the container, including a user shell.