public_git
/
nginx-ldap-auth
mirror of https://github.com/nginxinc/nginx-ldap-auth.git
1
0
Fork 1
Code Issues Releases Wiki Activity

files needed for debian packaging and minor changes into rpm spec

This commit is contained in:
Igor Ippolitov 2016-11-02 14:44:09 +03:00
parent 438518509d
commit f824aee3ef
13 changed files with 161 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
debian/changelog vendored Normal file
View File

@ -0,0 +1,5 @@
nginx-ldap-auth (0.0.3-1) UNRELEASED; urgency=low
* Initial release
-- Ippolitov Igor <iippolitov@nginx.com> Wed, 02 Nov 2016 14:32:15 +0300

1
debian/compat vendored Normal file
View File

@ -0,0 +1 @@
9

14
debian/control vendored Normal file
View File

@ -0,0 +1,14 @@
Source: nginx-ldap-auth
Maintainer: Ippolitov Igor <iippolitov@nginx.com>
Section: misc
Priority: optional
Standards-Version: 3.9.7
Build-Depends: debhelper (>= 9), dh-systemd, python, dh-python, dh-exec
Package: nginx-ldap-auth
Architecture: all
Depends: systemd, python(>=2.6), python-ldap, python-argparse
Description: a reference implementation of an authentication helper for Nginx
This is a reference implementation of an authentication helper for Nginx.
It listens for incoming requests and uses parameters from headers
to bind to a remote LDAP directory and try authenticating a person.

0
debian/copyright vendored Normal file
View File

80
debian/nginx-ldap-auth.init vendored Executable file
View File

@ -0,0 +1,80 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: nginx-ldap-auth
# Required-Start: $syslog $remote_fs
# Required-Stop: $syslog $remote_fs
# Should-Start: $local_fs
# Should-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: nginx-ldap-auth - nginx helper for LDAP authentication
# Description: nginx-ldap-auth - nginx helper for LDAP authentication
### END INIT INFO
DAEMON=/usr/bin/nginx-ldap-auth-daemon
NAME=nginx-ldap-auth
test -x $DAEMON || exit 0
if [ -r /etc/default/$NAME ]
then
. /etc/default/$NAME
fi
. /lib/lsb/init-functions
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
mkdir -p $RUNDIR
touch $PIDFILE
chown $USER:$GROUP $RUNDIR $PIDFILE
chmod 755 $RUNDIR
if [ -n "$ULIMIT" ]
then
ulimit -n $ULIMIT
fi
SSDOPTS="--quiet --oknodo --background --no-close --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON"
DAEMON_ARGS="$URL $BASE $BIND_DN $BIND_PASS $COOKIE $FILTER $REALM"
if start-stop-daemon --start $SSDOPTS -- $DAEMON_ARGS &>$LOG
then
echo "$NAME."
else
echo "failed"
fi
;;
stop)
echo -n "Stopping $DESC: "
if start-stop-daemon --stop --retry forever/TERM/1 --quiet --oknodo --remove-pidfile --pidfile $PIDFILE --exec $DAEMON
then
echo "$NAME."
else
echo "failed"
fi
sleep 1
;;
restart|force-reload)
${0} stop
${0} start
;;
status)
status_of_proc -p ${PIDFILE} ${DAEMON} ${NAME}
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|status}" >&2
exit 1
;;
esac
exit 0

3
debian/nginx-ldap-auth.install vendored Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/dh-exec
nginx-ldap-auth-daemon.py => usr/bin/nginx-ldap-auth-daemon
nginx-ldap-auth.default => etc/default/nginx-ldap-auth

8
debian/nginx-ldap-auth.logrotate vendored Normal file
View File

@ -0,0 +1,8 @@
/var/log/nginx-ldap-auth/combined.log {
daily
missingok
rotate 7
compress
notifempty
copytruncate
}

12
debian/nginx-ldap-auth.postinst vendored Normal file
View File

@ -0,0 +1,12 @@
#!/bin/sh
set -e
getent group nginx-ldap-auth > /dev/null || groupadd -r nginx-ldap-auth
getent passwd nginx-ldap-auth > /dev/null || \
useradd -r -d /var/run -g nginx-ldap-auth \
-s /sbin/nologin -c "Nginx auth helper" nginx-ldap-auth
install -d -m755 -o nginx-ldap-auth -g nginx-ldap-auth /var/log/nginx-ldap-auth
#DEBHELPER#

3
debian/rules vendored Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/make -f
%:
dh $@ --with python2 --with systemd

2
nginx-ldap-auth-daemon.py
View File

@ -254,7 +254,7 @@ if __name__ == '__main__':
group = parser.add_argument_group(title="LDAP options") group = parser.add_argument_group(title="LDAP options")
group.add_argument('-u', '--url', metavar="URL", group.add_argument('-u', '--url', metavar="URL",
default="ldap://localhost:389", default="ldap://localhost:389",
help=("LDAP URI to query (Default: ldapi://localhost:389)")) help=("LDAP URI to query (Default: ldap://localhost:389)"))
group.add_argument('-b', metavar="baseDn", dest="basedn", default='', group.add_argument('-b', metavar="baseDn", dest="basedn", default='',
help="LDAP base dn (Default: unset)") help="LDAP base dn (Default: unset)")
group.add_argument('-D', metavar="bindDn", dest="binddn", default='', group.add_argument('-D', metavar="bindDn", dest="binddn", default='',

18
nginx-ldap-auth.default Normal file
View File

@ -0,0 +1,18 @@
#
# these are used with systemd too
# so please keep options names inside variables
#
#URL="--url ldap://example.com:389"
#BASE="-b dc=nodomain"
#BIND_DN="-d cn=admin,dc=nodomain"
#BIND_PASS="-w secret"
#COOKIE="-c nginxauth"
#FILTER="-f (cn=%(username)s)"
#REALM="-R 'Restricted Area'"
# these are used with init scripts only
LOG=/var/log/nginx-ldap-auth/daemon.log
RUNDIR=/var/run/nginx-ldap-auth/
PIDFILE=/var/run/nginx-ldap-auth/nginx-ldap-auth.pid
USER=nginx-ldap-auth
GROUP=nginx-ldap-auth

8
nginx-ldap-auth.service
View File

@ -4,11 +4,11 @@ After=network.target network-online.target
[Service] [Service]
Type=simple Type=simple
User=nobody User=nginx-ldap-auth
Group=nobody Group=nginx-ldap-auth
WorkingDirectory=/var/run WorkingDirectory=/var/run
PIDFile=/run/nginx-ldap-auth/nginx-ldap-auth.pid EnvFile=/etc/default/nginx-ldap-auth
ExecStart=/usr/bin/nginx-ldap-auth-daemon ExecStart=/usr/bin/nginx-ldap-auth-daemon $URL $BASE $BIND_DN $BIND_PASS $COOKIE $FILTER $REALM
KillMode=process KillMode=process
KillSignal=SIGINT KillSignal=SIGINT
Restart=on-failure Restart=on-failure

14
rpm/nginx-ldap-auth.spec
View File

@ -11,6 +11,7 @@ Source0: nginx-ldap-auth-release-%{version}.tar.gz
BuildRequires: systemd BuildRequires: systemd
Requires: systemd Requires: systemd
Requires: python-ldap Requires: python-ldap
Requires: python-argparse
%description %description
Reference implementation of method for authenticating users on behalf of Reference implementation of method for authenticating users on behalf of
@ -20,17 +21,26 @@ servers proxied by NGINX or NGINX Plus.
%setup -q %setup -q
%install %install
ls
mkdir -p %buildroot%_bindir mkdir -p %buildroot%_bindir
install -m755 nginx-ldap-auth-daemon.py %buildroot%_bindir/nginx-ldap-auth-daemon install -m755 nginx-ldap-auth-daemon.py %buildroot%_bindir/nginx-ldap-auth-daemon
mkdir -p %buildroot%_unitdir mkdir -p %buildroot%_unitdir
install -m644 nginx-ldap-auth.service %buildroot%_unitdir/ install -m644 %name.service %buildroot%_unitdir/
install -d -m755 %buildroot/etc/default
install -m644 %name.default %buildroot/etc/default/%name
%files %files
%doc README.md nginx-ldap-auth.conf backend-sample-app.py LICENSE %doc README.md nginx-ldap-auth.conf backend-sample-app.py LICENSE
/etc/default/%name
%_bindir/nginx-ldap-auth-daemon %_bindir/nginx-ldap-auth-daemon
%_unitdir/nginx-ldap-auth.service %_unitdir/%name.service
%post %post
getent group nginx-ldap-auth > /dev/null || groupadd -r nginx-ldap-auth
getent passwd nginx-ldap-auth > /dev/null || \
useradd -r -d /var/lib/nginx -g nginx-ldap-auth \
-s /sbin/nologin -c "Nginx auth helper" nginx-ldap-auth
/usr/bin/systemctl preset nginx-ldap-auth.service /usr/bin/systemctl preset nginx-ldap-auth.service
%preun %preun