Guwan
/
ldap-matter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1

This commit is contained in:
Guwan 2025-09-02 00:02:19 +08:00
parent 52682cae68
commit d30582faa5
6 changed files with 275 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,4 +3,5 @@ config_ldap.php
config_db.php config_db.php
data data
certs certs
.idea

176
Demo/config.json
View File

@ -36,7 +36,6 @@
"EnableDeveloper": false, "EnableDeveloper": false,
"DeveloperFlags": "", "DeveloperFlags": "",
"EnableClientPerformanceDebugging": false, "EnableClientPerformanceDebugging": false,
"EnableOpenTracing": false,
"EnableSecurityFixAlert": true, "EnableSecurityFixAlert": true,
"EnableInsecureOutgoingConnections": false, "EnableInsecureOutgoingConnections": false,
"AllowedUntrustedInternalConnections": "", "AllowedUntrustedInternalConnections": "",
@ -49,6 +48,7 @@
"CorsDebug": false, "CorsDebug": false,
"AllowCookiesForSubdomains": false, "AllowCookiesForSubdomains": false,
"ExtendSessionLengthWithActivity": false, "ExtendSessionLengthWithActivity": false,
"TerminateSessionsOnPasswordChange": false,
"SessionLengthWebInDays": 180, "SessionLengthWebInDays": 180,
"SessionLengthWebInHours": 4320, "SessionLengthWebInHours": 4320,
"SessionLengthMobileInDays": 180, "SessionLengthMobileInDays": 180,
@ -66,6 +66,7 @@
"EnableEmojiPicker": true, "EnableEmojiPicker": true,
"PostEditTimeLimit": -1, "PostEditTimeLimit": -1,
"TimeBetweenUserTypingUpdatesMilliseconds": 5000, "TimeBetweenUserTypingUpdatesMilliseconds": 5000,
"EnableCrossTeamSearch": true,
"EnablePostSearch": true, "EnablePostSearch": true,
"EnableFileSearch": true, "EnableFileSearch": true,
"MinimumHashtagLength": 3, "MinimumHashtagLength": 3,
@ -74,7 +75,6 @@
"EnableUserStatuses": true, "EnableUserStatuses": true,
"ExperimentalEnableAuthenticationTransfer": true, "ExperimentalEnableAuthenticationTransfer": true,
"ClusterLogTimeoutMilliseconds": 2000, "ClusterLogTimeoutMilliseconds": 2000,
"EnablePreviewFeatures": true,
"EnableTutorial": true, "EnableTutorial": true,
"EnableOnboardingFlow": true, "EnableOnboardingFlow": true,
"ExperimentalEnableDefaultChannelLeaveJoinMessages": true, "ExperimentalEnableDefaultChannelLeaveJoinMessages": true,
@ -82,6 +82,8 @@
"EnableAPITeamDeletion": false, "EnableAPITeamDeletion": false,
"EnableAPITriggerAdminNotifications": false, "EnableAPITriggerAdminNotifications": false,
"EnableAPIUserDeletion": false, "EnableAPIUserDeletion": false,
"EnableAPIPostDeletion": false,
"EnableDesktopLandingPage": true,
"ExperimentalEnableHardenedMode": false, "ExperimentalEnableHardenedMode": false,
"ExperimentalStrictCSRFEnforcement": false, "ExperimentalStrictCSRFEnforcement": false,
"EnableEmailInvitations": false, "EnableEmailInvitations": false,
@ -107,11 +109,15 @@
"CollapsedThreads": "always_on", "CollapsedThreads": "always_on",
"ManagedResourcePaths": "", "ManagedResourcePaths": "",
"EnableCustomGroups": true, "EnableCustomGroups": true,
"SelfHostedPurchase": true,
"AllowSyncedDrafts": true, "AllowSyncedDrafts": true,
"UniqueEmojiReactionLimitPerPost": 50, "UniqueEmojiReactionLimitPerPost": 50,
"RefreshPostStatsRunTime": "00:00", "RefreshPostStatsRunTime": "00:00",
"MaximumPayloadSizeBytes": 100000 "MaximumPayloadSizeBytes": 100000,
"MaximumURLLength": 2048,
"ScheduledPosts": true,
"EnableWebHubChannelIteration": false,
"FrameAncestors": "",
"DeleteAccountLink": ""
}, },
"TeamSettings": { "TeamSettings": {
"SiteName": "Mattermost", "SiteName": "Mattermost",
@ -175,7 +181,6 @@
"VerboseDiagnostics": false, "VerboseDiagnostics": false,
"EnableSentry": true, "EnableSentry": true,
"AdvancedLoggingJSON": {}, "AdvancedLoggingJSON": {},
"AdvancedLoggingConfig": "",
"MaxFieldSize": 2048 "MaxFieldSize": 2048
}, },
"ExperimentalAuditSettings": { "ExperimentalAuditSettings": {
@ -187,7 +192,7 @@
"FileCompress": false, "FileCompress": false,
"FileMaxQueueSize": 1000, "FileMaxQueueSize": 1000,
"AdvancedLoggingJSON": {}, "AdvancedLoggingJSON": {},
"AdvancedLoggingConfig": "" "Certificate": ""
}, },
"NotificationLogSettings": { "NotificationLogSettings": {
"EnableConsole": true, "EnableConsole": true,
@ -198,8 +203,7 @@
"FileLevel": "INFO", "FileLevel": "INFO",
"FileJson": true, "FileJson": true,
"FileLocation": "", "FileLocation": "",
"AdvancedLoggingJSON": {}, "AdvancedLoggingJSON": {}
"AdvancedLoggingConfig": ""
}, },
"PasswordSettings": { "PasswordSettings": {
"MinimumLength": 8, "MinimumLength": 8,
@ -234,6 +238,8 @@
"AmazonS3SSE": false, "AmazonS3SSE": false,
"AmazonS3Trace": false, "AmazonS3Trace": false,
"AmazonS3RequestTimeoutMilliseconds": 30000, "AmazonS3RequestTimeoutMilliseconds": 30000,
"AmazonS3UploadPartSizeBytes": 5242880,
"AmazonS3StorageClass": "",
"DedicatedExportStore": false, "DedicatedExportStore": false,
"ExportDriverName": "local", "ExportDriverName": "local",
"ExportDirectory": "./data/", "ExportDirectory": "./data/",
@ -248,7 +254,9 @@
"ExportAmazonS3SSE": false, "ExportAmazonS3SSE": false,
"ExportAmazonS3Trace": false, "ExportAmazonS3Trace": false,
"ExportAmazonS3RequestTimeoutMilliseconds": 30000, "ExportAmazonS3RequestTimeoutMilliseconds": 30000,
"ExportAmazonS3PresignExpiresSeconds": 21600 "ExportAmazonS3PresignExpiresSeconds": 21600,
"ExportAmazonS3UploadPartSizeBytes": 104857600,
"ExportAmazonS3StorageClass": ""
}, },
"EmailSettings": { "EmailSettings": {
"EnableSignUpWithEmail": false, "EnableSignUpWithEmail": false,
@ -301,6 +309,9 @@
"AboutLink": "https://mattermost.com/pl/about-mattermost", "AboutLink": "https://mattermost.com/pl/about-mattermost",
"HelpLink": "https://mattermost.com/pl/help/", "HelpLink": "https://mattermost.com/pl/help/",
"ReportAProblemLink": "https://mattermost.com/pl/report-a-bug", "ReportAProblemLink": "https://mattermost.com/pl/report-a-bug",
"ReportAProblemType": "default",
"ReportAProblemMail": "",
"AllowDownloadLogs": true,
"ForgotPasswordLink": "", "ForgotPasswordLink": "",
"SupportEmail": "", "SupportEmail": "",
"CustomTermsOfServiceEnabled": false, "CustomTermsOfServiceEnabled": false,
@ -327,8 +338,8 @@
}, },
"GitLabSettings": { "GitLabSettings": {
"Enable": true, "Enable": true,
"Secret": "fedcba987654321fedcba987654321", "Secret": "987654321",
"Id": "123456789abcdef123456789abcdef", "Id": "123456789",
"Scope": "", "Scope": "",
"AuthEndpoint": "http://localhost/oauth/authorize", "AuthEndpoint": "http://localhost/oauth/authorize",
"TokenEndpoint": "http://webserver/oauth/token.php", "TokenEndpoint": "http://webserver/oauth/token.php",
@ -381,6 +392,7 @@
"BaseDN": "", "BaseDN": "",
"BindUsername": "", "BindUsername": "",
"BindPassword": "", "BindPassword": "",
"MaximumLoginAttempts": 10,
"UserFilter": "", "UserFilter": "",
"GroupFilter": "", "GroupFilter": "",
"GuestFilter": "", "GuestFilter": "",
@ -398,6 +410,7 @@
"LoginIdAttribute": "", "LoginIdAttribute": "",
"PictureAttribute": "", "PictureAttribute": "",
"SyncIntervalMinutes": 60, "SyncIntervalMinutes": 60,
"ReAddRemovedMembers": false,
"SkipCertificateVerification": false, "SkipCertificateVerification": false,
"PublicCertificateFile": "", "PublicCertificateFile": "",
"PrivateKeyFile": "", "PrivateKeyFile": "",
@ -406,8 +419,7 @@
"LoginFieldName": "", "LoginFieldName": "",
"LoginButtonColor": "#0000", "LoginButtonColor": "#0000",
"LoginButtonBorderColor": "#2389D7", "LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#2389D7", "LoginButtonTextColor": "#2389D7"
"Trace": false
}, },
"ComplianceSettings": { "ComplianceSettings": {
"Enable": false, "Enable": false,
@ -418,7 +430,8 @@
"LocalizationSettings": { "LocalizationSettings": {
"DefaultServerLocale": "en", "DefaultServerLocale": "en",
"DefaultClientLocale": "en", "DefaultClientLocale": "en",
"AvailableLocales": "" "AvailableLocales": "",
"EnableExperimentalLocales": false
}, },
"SamlSettings": { "SamlSettings": {
"Enable": false, "Enable": false,
@ -463,7 +476,21 @@
], ],
"AppDownloadLink": "https://mattermost.com/pl/download-apps", "AppDownloadLink": "https://mattermost.com/pl/download-apps",
"AndroidAppDownloadLink": "https://mattermost.com/pl/android-app/", "AndroidAppDownloadLink": "https://mattermost.com/pl/android-app/",
"IosAppDownloadLink": "https://mattermost.com/pl/ios-app/" "IosAppDownloadLink": "https://mattermost.com/pl/ios-app/",
"MobileExternalBrowser": false,
"MobileEnableBiometrics": false,
"MobilePreventScreenCapture": false,
"MobileJailbreakProtection": false,
"MobileEnableSecureFilePreview": false,
"MobileAllowPdfLinkNavigation": false
},
"CacheSettings": {
"CacheType": "lru",
"RedisAddress": "",
"RedisPassword": "********************************",
"RedisDB": -1,
"RedisCachePrefix": "",
"DisableClientCache": false
}, },
"ClusterSettings": { "ClusterSettings": {
"Enable": false, "Enable": false,
@ -475,35 +502,39 @@
"UseIPAddress": true, "UseIPAddress": true,
"EnableGossipCompression": true, "EnableGossipCompression": true,
"EnableExperimentalGossipEncryption": false, "EnableExperimentalGossipEncryption": false,
"EnableGossipEncryption": false,
"ReadOnlyConfig": true, "ReadOnlyConfig": true,
"GossipPort": 8074, "GossipPort": 8074
"StreamingPort": 8075,
"MaxIdleConns": 100,
"MaxIdleConnsPerHost": 128,
"IdleConnTimeoutMilliseconds": 90000
}, },
"MetricsSettings": { "MetricsSettings": {
"Enable": false, "Enable": false,
"BlockProfileRate": 0, "BlockProfileRate": 0,
"ListenAddress": ":8067" "ListenAddress": ":8067",
"EnableClientMetrics": true,
"EnableNotificationMetrics": true,
"ClientSideUserIds": []
}, },
"ExperimentalSettings": { "ExperimentalSettings": {
"ClientSideCertEnable": false, "ClientSideCertEnable": false,
"ClientSideCertCheck": "secondary", "ClientSideCertCheck": "secondary",
"LinkMetadataTimeoutMilliseconds": 5000, "LinkMetadataTimeoutMilliseconds": 5000,
"RestrictSystemAdmin": false, "RestrictSystemAdmin": false,
"UseNewSAMLLibrary": false,
"EnableSharedChannels": false, "EnableSharedChannels": false,
"EnableRemoteClusterService": false, "EnableRemoteClusterService": false,
"DisableAppBar": false, "DisableAppBar": false,
"DisableRefetchingOnBrowserFocus": false, "DisableRefetchingOnBrowserFocus": false,
"DelayChannelAutocomplete": false "DelayChannelAutocomplete": false,
"DisableWakeUpReconnectHandler": false,
"UsersStatusAndProfileFetchingPollIntervalMilliseconds": 3000,
"YoutubeReferrerPolicy": false,
"ExperimentalChannelCategorySorting": false
}, },
"AnalyticsSettings": { "AnalyticsSettings": {
"MaxUsersForStatistics": 2500 "MaxUsersForStatistics": 2500
}, },
"ElasticsearchSettings": { "ElasticsearchSettings": {
"ConnectionURL": "", "ConnectionURL": "",
"Backend": "elasticsearch",
"Username": "elastic", "Username": "elastic",
"Password": "changeme", "Password": "changeme",
"EnableIndexing": false, "EnableIndexing": false,
@ -519,6 +550,7 @@
"AggregatePostsAfterDays": 365, "AggregatePostsAfterDays": 365,
"PostsAggregatorJobStartTime": "03:00", "PostsAggregatorJobStartTime": "03:00",
"IndexPrefix": "", "IndexPrefix": "",
"GlobalSearchPrefix": "",
"LiveIndexingBatchSize": 1, "LiveIndexingBatchSize": 1,
"BatchSize": 10000, "BatchSize": 10000,
"RequestTimeoutSeconds": 30, "RequestTimeoutSeconds": 30,
@ -548,7 +580,8 @@
"DeletionJobStartTime": "02:00", "DeletionJobStartTime": "02:00",
"BatchSize": 3000, "BatchSize": 3000,
"TimeBetweenBatchesMilliseconds": 100, "TimeBetweenBatchesMilliseconds": 100,
"RetentionIdsBatchSize": 100 "RetentionIdsBatchSize": 100,
"PreservePinnedPosts": false
}, },
"MessageExportSettings": { "MessageExportSettings": {
"EnableExport": false, "EnableExport": false,
@ -557,6 +590,8 @@
"ExportFromTimestamp": 0, "ExportFromTimestamp": 0,
"BatchSize": 10000, "BatchSize": 10000,
"DownloadExportResults": false, "DownloadExportResults": false,
"ChannelBatchSize": 100,
"ChannelHistoryBatchSize": 10,
"GlobalRelaySettings": { "GlobalRelaySettings": {
"CustomerType": "A9", "CustomerType": "A9",
"SMTPUsername": "", "SMTPUsername": "",
@ -573,7 +608,6 @@
"CleanupJobsThresholdDays": -1, "CleanupJobsThresholdDays": -1,
"CleanupConfigThresholdDays": -1 "CleanupConfigThresholdDays": -1
}, },
"ProductSettings": {},
"PluginSettings": { "PluginSettings": {
"Enable": true, "Enable": true,
"EnableUploads": true, "EnableUploads": true,
@ -582,8 +616,40 @@
"Directory": "./plugins", "Directory": "./plugins",
"ClientDirectory": "./client/plugins", "ClientDirectory": "./client/plugins",
"Plugins": { "Plugins": {
"mattermost-ai": {
"allowedUpstreamHostnames": "",
"bots": null,
"defaultBotName": "",
"embeddingSearchConfig": {
"chunkingOptions": {
"chunkOverlap": 0,
"chunkSize": 0,
"chunkingStrategy": "",
"minChunkSize": 0
},
"dimensions": 0,
"embeddingProvider": {
"parameters": null,
"type": ""
},
"parameters": null,
"type": "",
"vectorStore": {
"parameters": null,
"type": ""
}
},
"enableLLMTrace": false,
"mcp": {
"enabled": false,
"idleTimeoutMinutes": 0,
"servers": null
},
"services": null,
"transcriptBackend": ""
},
"playbooks": { "playbooks": {
"BotUserID": "xn8i86tz47rtjp8yxs4cdofh1a" "BotUserID": "6ieoijnzdfgnzq7535rbomzqjy"
} }
}, },
"PluginStates": { "PluginStates": {
@ -593,6 +659,9 @@
"com.mattermost.nps": { "com.mattermost.nps": {
"Enable": true "Enable": true
}, },
"mattermost-ai": {
"Enable": true
},
"playbooks": { "playbooks": {
"Enable": true "Enable": true
} }
@ -644,5 +713,60 @@
"MoveThreadFromPrivateChannelEnable": false, "MoveThreadFromPrivateChannelEnable": false,
"MoveThreadFromDirectMessageChannelEnable": false, "MoveThreadFromDirectMessageChannelEnable": false,
"MoveThreadFromGroupMessageChannelEnable": false "MoveThreadFromGroupMessageChannelEnable": false
},
"ConnectedWorkspacesSettings": {
"EnableSharedChannels": false,
"EnableRemoteClusterService": false,
"DisableSharedChannelsStatusSync": false,
"SyncUsersOnConnectionOpen": false,
"GlobalUserSyncBatchSize": 25,
"MaxPostsPerSync": 50,
"MemberSyncBatchSize": 20
},
"AccessControlSettings": {
"EnableAttributeBasedAccessControl": false,
"EnableChannelScopeAccessControl": false,
"EnableUserManagedAttributes": false
},
"ContentFlaggingSettings": {
"EnableContentFlagging": false,
"ReviewerSettings": {
"CommonReviewers": true,
"CommonReviewerIds": [],
"TeamReviewersSetting": {},
"SystemAdminsAsReviewers": false,
"TeamAdminsAsReviewers": true
},
"NotificationSettings": {
"EventTargetMapping": {
"assigned": [
"reviewers"
],
"dismissed": [
"reviewers",
"reporter"
],
"flagged": [
"reviewers"
],
"removed": [
"reviewers",
"author",
"reporter"
]
}
},
"AdditionalSettings": {
"Reasons": [
"Inappropriate content",
"Sensitive data",
"Security concern",
"Harassment or abuse",
"Spam or phishing"
],
"ReporterCommentRequired": true,
"ReviewerCommentRequired": true,
"HideFlaggedContent": true
}
} }
} }

151
Demo/docker-compose.yaml
View File

@ -1,87 +1,76 @@
version: '3' version: '3'
services: services:
ldap: ldap:
image: osixia/openldap:1.4.0 image: osixia/openldap:1.4.0
restart: always restart: always
domainname: "example.com" domainname: "example.com"
hostname: "ldap" hostname: "ldap"
command: --copy-service command: --copy-service
ports: ports:
- 389:389 - 389:389
- 636:636 - 636:636
volumes: volumes:
- ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Demo/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif
environment: environment:
LDAP_ORGANISATION: "Example Corp" LDAP_ORGANISATION: "Example Corp"
LDAP_DOMAIN: "example.com" LDAP_DOMAIN: "example.com"
LDAP_ADMIN_PASSWORD: "changeMe-Pl34$e" LDAP_ADMIN_PASSWORD: "changeMe-Pl34$e"
LDAP_READONLY_USER: "true" LDAP_READONLY_USER: "true"
LDAP_READONLY_USER_USERNAME: "butler" LDAP_READONLY_USER_USERNAME: "butler"
LDAP_READONLY_USER_PASSWORD: "readonly" LDAP_READONLY_USER_PASSWORD: "readonly"
webserver: webserver:
image: nginx image: nginx
restart: always restart: always
ports: ports:
- 80:80 - 80:80
- 443:443 - 443:443
volumes: volumes:
- ../oauth:/var/www/html/oauth - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/oauth:/var/www/html/oauth
- ./nginx.conf:/etc/nginx/nginx.conf - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Demo/nginx.conf:/etc/nginx/nginx.conf
depends_on: depends_on:
- php - php
php: php:
build: ../Docker/php-ldap-pgsql build: D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Docker/php-ldap-pgsql
image: php-ldap-pgsql image: php-ldap-pgsql
volumes: volumes:
- ../oauth:/var/www/html/oauth - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/oauth:/var/www/html/oauth
environment: environment:
ldap_host: ldap://ldap:389/ ldap_host: ldap://ldap:389/
ldap_port: 389 ldap_port: 389
ldap_version: 3 ldap_version: 3
ldap_search_attribute: uid ldap_search_attribute: uid
ldap_base_dn: "dc=example,dc=com" ldap_base_dn: "dc=example,dc=com"
ldap_filter: "(objectClass=*)" ldap_filter: "(objectClass=*)"
ldap_bind_dn: "cn=butler,dc=example,dc=com" ldap_bind_dn: "cn=butler,dc=example,dc=com"
ldap_bind_pass: "readonly" ldap_bind_pass: "readonly"
db_host: "database" db_host: "database"
db_port: "5432" db_port: "5432"
db_type: "pgsql" db_type: "pgsql"
db_name: "oauth_db" db_name: "oauth_db"
db_user: "oauth" db_user: "oauth"
db_pass: "oauth_secure-pass" db_pass: "oauth_secure-pass"
depends_on: depends_on:
- database - database
- ldap - ldap
database: database:
image: postgres:alpine image: postgres:alpine
restart: always restart: always
volumes: volumes:
- ../db_init/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/db_init/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh
- ../db_init/config_init.sh.example:/docker-entrypoint-initdb.d/config_init.sh - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/db_init/config_init.sh.example:/docker-entrypoint-initdb.d/config_init.sh
environment: environment:
POSTGRES_USER: postgres POSTGRES_USER: postgres
POSTGRES_PASSWORD: rootroot POSTGRES_PASSWORD: rootroot
POSTGRES_HOST_AUTH_METHOD: trust POSTGRES_HOST_AUTH_METHOD: trust
client_id: 123456789abcdef123456789abcdef
client_secret: fedcba987654321fedcba987654321
redirect_uri: "http://localhost/signup/gitlab/complete"
grant_types: "authorization_code"
scope: "api"
user_id: ""
db_user: "oauth"
db_pass: "oauth_secure-pass"
db_name: "oauth_db"
db_host: "127.0.0.1"
db_port: "5432"
mattermost: mattermost:
image: mattermost/mattermost-preview image: mattermost/mattermost-preview
ports: ports:
- 8065:8065 - 8065:8065
extra_hosts: extra_hosts:
- dockerhost:127.0.0.1 - dockerhost:127.0.0.1
volumes: volumes:
- ./config.json:/mm/mattermost/config/config_docker.json - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Demo/config.json:/mm/mattermost/config/config_docker.json

28
db_init/config_init.sh.example
View File

@ -1,16 +1,18 @@
#!/bin/bash
#####################################--CONFIGURATION FILE--######################################## #####################################--CONFIGURATION FILE--########################################
#Client configuration # Client configuration
client_id=$(if [ -z $client_id ]; then echo "123456789"; else echo $client_id; fi) client_id=${client_id:-123456789}
client_secret=$(if [ -z $client_secret ]; then echo "987654321"; else echo $client_secret; fi) client_secret=${client_secret:-987654321}
redirect_uri=$(if [ -z $redirect_uri ]; then echo "http://mattermost.company.com/signup/gitlab/complete"; else echo $redirect_uri; fi) redirect_uri=${redirect_uri:-http://mattermost.company.com/signup/gitlab/complete}
grant_types=$(if [ -z $grant_types ]; then echo "authorization_code"; else echo $grant_types; fi) grant_types=${grant_types:-authorization_code}
scope=$(if [ -z $scope ]; then echo "api"; else echo $client_id; fi) scope=${scope:-api}
user_id=$(if [ -z $user_id ]; then echo ""; else echo $user_id; fi) user_id=${user_id:-}
#Database configuration # Database configuration
db_user=$(if [ -z $db_user ]; then echo "oauth"; else echo $db_user; fi) db_user=${db_user:-oauth}
db_name=$(if [ -z $db_name ]; then echo "oauth_db"; else echo $db_name; fi) db_name=${db_name:-oauth_db}
db_pass=$(if [ -z $db_pass ]; then echo "oauth_secure-pass"; else echo $db_pass; fi) db_pass=${db_pass:-oauth_secure-pass}
db_host=$(if [ -z $db_host ]; then echo "localhost"; else echo $db_host; fi) db_host=${db_host:-localhost}
db_port=$(if [ -z $db_port ]; then echo "5432"; else echo $db_port; fi) db_port=${db_port:-5432}

72
db_init/init_postgres.sh
View File

@ -1,46 +1,46 @@
#!/bin/bash #!/bin/bash
#This script need right to become postgres user (so root) and to read/write in httpd directory # This script needs root privileges and access to Postgres
source config_init.sh set -e
source /docker-entrypoint-initdb.d/config_init.sh
#######################################--Fonctions--############################################### #######################################--Functions--###############################################
ok() { echo -e '\e[32m'$1'\e[m'; } ok() { echo -e '\e[32m'"$1"'\e[m'; }
error() { echo -e '\e[31m'$1'\e[m'; } error(){ echo -e '\e[31m'"$1"'\e[m'; }
info() { echo -e '\e[34m'$1'\e[m'; } info() { echo -e '\e[34m'"$1"'\e[m'; }
warn() { echo -e '\e[33m'$1'\e[m'; } warn() { echo -e '\e[33m'"$1"'\e[m'; }
#######################################--SQL STATEMENT--########################################### #######################################--SQL STATEMENT--###########################################
#Tables creation # Tables creation
create_table_oauth_client="CREATE TABLE oauth_clients (client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80), redirect_uri VARCHAR(2000) NOT NULL, grant_types VARCHAR(80), scope VARCHAR(100), user_id VARCHAR(80), CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id));" create_table_oauth_client="CREATE TABLE IF NOT EXISTS oauth_clients (client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80), redirect_uri VARCHAR(2000) NOT NULL, grant_types VARCHAR(80), scope VARCHAR(100), user_id VARCHAR(80), CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id));"
create_table_oauth_access_tokens="CREATE TABLE oauth_access_tokens (access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT access_token_pk PRIMARY KEY (access_token));" create_table_oauth_access_tokens="CREATE TABLE IF NOT EXISTS oauth_access_tokens (access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT access_token_pk PRIMARY KEY (access_token));"
create_table_oauth_authorization_codes="CREATE TABLE oauth_authorization_codes (authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code));" create_table_oauth_authorization_codes="CREATE TABLE IF NOT EXISTS oauth_authorization_codes (authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code));"
create_table_oauth_refresh_tokens="CREATE TABLE oauth_refresh_tokens (refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token));" create_table_oauth_refresh_tokens="CREATE TABLE IF NOT EXISTS oauth_refresh_tokens (refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token));"
create_table_users="CREATE TABLE users (id SERIAL NOT NULL, username VARCHAR(255) NOT NULL, CONSTRAINT id_pk PRIMARY KEY (id));" create_table_users="CREATE TABLE IF NOT EXISTS users (id SERIAL NOT NULL, username VARCHAR(255) NOT NULL, CONSTRAINT id_pk PRIMARY KEY (id));"
create_table_oauth_scopes="CREATE TABLE oauth_scopes (scope TEXT, is_default BOOLEAN);" create_table_oauth_scopes="CREATE TABLE IF NOT EXISTS oauth_scopes (scope TEXT, is_default BOOLEAN);"
#Client creation # Client creation
create_client="INSERT INTO oauth_clients (client_id,client_secret,redirect_uri,grant_types,scope,user_id) VALUES ('$client_id','$client_secret','$redirect_uri','$grant_types','$scope','$user_id');" create_client="INSERT INTO oauth_clients (client_id,client_secret,redirect_uri,grant_types,scope,user_id) VALUES ('$client_id','$client_secret','$redirect_uri','$grant_types','$scope','$user_id') ON CONFLICT (client_id) DO NOTHING;"
################################################################################################### ###################################################################################################
#Welcome Message # Welcome
info "This script will create a new Oauth role and an associated database for Mattermost-LDAP\nTo edit configuration please edit this script before running !\n" info "This script will create a new OAuth role and database for Mattermost-LDAP"
warn "SuperUser right must be ask to create the new role and database in postgres\n" warn "SuperUser rights are required to create role and database in Postgres"
info "Press ctrl+c to stop the script" info "Press ctrl+c to stop the script if you are not ready"
sleep 5 sleep 5
#Creating Oauth role and associated database (need admin account on postgres) # Create role and DB
info "Creation of role $db_user and database $db_name ..." info "Creating role [$db_user] and database [$db_name] ..."
psql -U postgres -c "CREATE DATABASE $db_name;" psql -U postgres -c "CREATE DATABASE $db_name;"
psql -U postgres -c "CREATE USER $db_user WITH ENCRYPTED PASSWORD '$db_pass';" psql -U postgres -c "CREATE USER $db_user WITH ENCRYPTED PASSWORD '$db_pass';"
psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE $db_name TO $db_user;" psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE $db_name TO $db_user;"
psql -U postgres -c "ALTER DATABASE $db_name OWNER TO $db_user;" psql -U postgres -c "ALTER DATABASE $db_name OWNER TO $db_user;"
#Creating tables for ouath database (use oauth role) # Create tables
info "Creation of tables for database $db_name (using $db_user)" info "Creating tables in database $db_name (using $db_user)"
psql -U $db_user -d $db_name -c "$create_table_oauth_client" psql -U $db_user -d $db_name -c "$create_table_oauth_client"
psql -U $db_user -d $db_name -c "$create_table_oauth_access_tokens" psql -U $db_user -d $db_name -c "$create_table_oauth_access_tokens"
psql -U $db_user -d $db_name -c "$create_table_oauth_authorization_codes" psql -U $db_user -d $db_name -c "$create_table_oauth_authorization_codes"
@ -48,18 +48,16 @@ psql -U $db_user -d $db_name -c "$create_table_oauth_refresh_tokens"
psql -U $db_user -d $db_name -c "$create_table_users" psql -U $db_user -d $db_name -c "$create_table_users"
psql -U $db_user -d $db_name -c "$create_table_oauth_scopes" psql -U $db_user -d $db_name -c "$create_table_oauth_scopes"
#Insert new client in the database # Insert client
info "Insert new client in the database" info "Inserting new client into database"
psql -U $db_user -d $db_name -c "$create_client" psql -U $db_user -d $db_name -c "$create_client"
#Verification # Verification
psql -U $db_user -d $db_name -c "SELECT * from oauth_clients WHERE client_id='$client_id';" | grep '(1' if psql -U $db_user -d $db_name -c "SELECT * FROM oauth_clients WHERE client_id='$client_id';" | grep -q "$client_id"; then
ok "Client has been created! OAuth Database is configured."
if [ $? ] info "Client ID : $client_id"
then ok "Client has been created ! Oauth Database is configured.\n" warn "Client Secret : $client_secret"
info "Client ID : $client_id" info "Keep ID and Secret safe, you will need them to configure Mattermost"
warn "Client Secret : $client_secret\n" else
info "Keep id and secret, you will need them to configure Mattermost" error "Client was not created! Please check logs."
warn "Beware Client Secret IS PRIVATE and MUST BE KEPT SECRET"
else error "Client has not been created ! Check log below"
fi fi

4
两行sql.txt Normal file
View File

@ -0,0 +1,4 @@
docker exec -it demo-database-1 psql -U postgres -d oauth_db -c "SELECT client_id, client_secret, redirect_uri FROM oauth_clients;"
docker exec -it demo-database-1 psql -U oauth -d oauth_db -c "UPDATE oauth_clients SET redirect_uri='http://localhost/signup/gitlab/complete' WHERE client_id='123456789';"