files needed for debian packaging and minor changes into rpm spec
This commit is contained in:
Igor Ippolitov
parent
438518509d
commit
f824aee3ef
|
|
@ -0,0 +1,5 @@
|
|||
nginx-ldap-auth (0.0.3-1) UNRELEASED; urgency=low
|
||||
|
||||
* Initial release
|
||||
|
||||
-- Ippolitov Igor <iippolitov@nginx.com> Wed, 02 Nov 2016 14:32:15 +0300
|
||||
|
|
@ -0,0 +1 @@
|
|||
9
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
Source: nginx-ldap-auth
|
||||
Maintainer: Ippolitov Igor <iippolitov@nginx.com>
|
||||
Section: misc
|
||||
Priority: optional
|
||||
Standards-Version: 3.9.7
|
||||
Build-Depends: debhelper (>= 9), dh-systemd, python, dh-python, dh-exec
|
||||
|
||||
Package: nginx-ldap-auth
|
||||
Architecture: all
|
||||
Depends: systemd, python(>=2.6), python-ldap, python-argparse
|
||||
Description: a reference implementation of an authentication helper for Nginx
|
||||
This is a reference implementation of an authentication helper for Nginx.
|
||||
It listens for incoming requests and uses parameters from headers
|
||||
to bind to a remote LDAP directory and try authenticating a person.
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
#! /bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: nginx-ldap-auth
|
||||
# Required-Start: $syslog $remote_fs
|
||||
# Required-Stop: $syslog $remote_fs
|
||||
# Should-Start: $local_fs
|
||||
# Should-Stop: $local_fs
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: nginx-ldap-auth - nginx helper for LDAP authentication
|
||||
# Description: nginx-ldap-auth - nginx helper for LDAP authentication
|
||||
### END INIT INFO
|
||||
|
||||
|
||||
DAEMON=/usr/bin/nginx-ldap-auth-daemon
|
||||
NAME=nginx-ldap-auth
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
|
||||
if [ -r /etc/default/$NAME ]
|
||||
then
|
||||
. /etc/default/$NAME
|
||||
fi
|
||||
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
mkdir -p $RUNDIR
|
||||
touch $PIDFILE
|
||||
chown $USER:$GROUP $RUNDIR $PIDFILE
|
||||
chmod 755 $RUNDIR
|
||||
|
||||
if [ -n "$ULIMIT" ]
|
||||
then
|
||||
ulimit -n $ULIMIT
|
||||
fi
|
||||
|
||||
SSDOPTS="--quiet --oknodo --background --no-close --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON"
|
||||
DAEMON_ARGS="$URL $BASE $BIND_DN $BIND_PASS $COOKIE $FILTER $REALM"
|
||||
|
||||
if start-stop-daemon --start $SSDOPTS -- $DAEMON_ARGS &>$LOG
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
|
||||
|
||||
if start-stop-daemon --stop --retry forever/TERM/1 --quiet --oknodo --remove-pidfile --pidfile $PIDFILE --exec $DAEMON
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
sleep 1
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
${0} stop
|
||||
${0} start
|
||||
;;
|
||||
|
||||
status)
|
||||
status_of_proc -p ${PIDFILE} ${DAEMON} ${NAME}
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|status}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
#!/usr/bin/dh-exec
|
||||
nginx-ldap-auth-daemon.py => usr/bin/nginx-ldap-auth-daemon
|
||||
nginx-ldap-auth.default => etc/default/nginx-ldap-auth
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
/var/log/nginx-ldap-auth/combined.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 7
|
||||
compress
|
||||
notifempty
|
||||
copytruncate
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
getent group nginx-ldap-auth > /dev/null || groupadd -r nginx-ldap-auth
|
||||
getent passwd nginx-ldap-auth > /dev/null || \
|
||||
useradd -r -d /var/run -g nginx-ldap-auth \
|
||||
-s /sbin/nologin -c "Nginx auth helper" nginx-ldap-auth
|
||||
|
||||
install -d -m755 -o nginx-ldap-auth -g nginx-ldap-auth /var/log/nginx-ldap-auth
|
||||
|
||||
#DEBHELPER#
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
#!/usr/bin/make -f
|
||||
%:
|
||||
dh $@ --with python2 --with systemd
|
||||
|
|
@ -254,7 +254,7 @@ if __name__ == '__main__':
|
|||
group = parser.add_argument_group(title="LDAP options")
|
||||
group.add_argument('-u', '--url', metavar="URL",
|
||||
default="ldap://localhost:389",
|
||||
help=("LDAP URI to query (Default: ldapi://localhost:389)"))
|
||||
help=("LDAP URI to query (Default: ldap://localhost:389)"))
|
||||
group.add_argument('-b', metavar="baseDn", dest="basedn", default='',
|
||||
help="LDAP base dn (Default: unset)")
|
||||
group.add_argument('-D', metavar="bindDn", dest="binddn", default='',
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
#
|
||||
# these are used with systemd too
|
||||
# so please keep options names inside variables
|
||||
#
|
||||
#URL="--url ldap://example.com:389"
|
||||
#BASE="-b dc=nodomain"
|
||||
#BIND_DN="-d cn=admin,dc=nodomain"
|
||||
#BIND_PASS="-w secret"
|
||||
#COOKIE="-c nginxauth"
|
||||
#FILTER="-f (cn=%(username)s)"
|
||||
#REALM="-R 'Restricted Area'"
|
||||
|
||||
# these are used with init scripts only
|
||||
LOG=/var/log/nginx-ldap-auth/daemon.log
|
||||
RUNDIR=/var/run/nginx-ldap-auth/
|
||||
PIDFILE=/var/run/nginx-ldap-auth/nginx-ldap-auth.pid
|
||||
USER=nginx-ldap-auth
|
||||
GROUP=nginx-ldap-auth
|
||||
|
|
@ -4,11 +4,11 @@ After=network.target network-online.target
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=nobody
|
||||
Group=nobody
|
||||
User=nginx-ldap-auth
|
||||
Group=nginx-ldap-auth
|
||||
WorkingDirectory=/var/run
|
||||
PIDFile=/run/nginx-ldap-auth/nginx-ldap-auth.pid
|
||||
ExecStart=/usr/bin/nginx-ldap-auth-daemon
|
||||
EnvFile=/etc/default/nginx-ldap-auth
|
||||
ExecStart=/usr/bin/nginx-ldap-auth-daemon $URL $BASE $BIND_DN $BIND_PASS $COOKIE $FILTER $REALM
|
||||
KillMode=process
|
||||
KillSignal=SIGINT
|
||||
Restart=on-failure
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ Source0: nginx-ldap-auth-release-%{version}.tar.gz
|
|||
BuildRequires: systemd
|
||||
Requires: systemd
|
||||
Requires: python-ldap
|
||||
Requires: python-argparse
|
||||
|
||||
%description
|
||||
Reference implementation of method for authenticating users on behalf of
|
||||
|
|
@ -20,17 +21,26 @@ servers proxied by NGINX or NGINX Plus.
|
|||
%setup -q
|
||||
|
||||
%install
|
||||
ls
|
||||
mkdir -p %buildroot%_bindir
|
||||
install -m755 nginx-ldap-auth-daemon.py %buildroot%_bindir/nginx-ldap-auth-daemon
|
||||
mkdir -p %buildroot%_unitdir
|
||||
install -m644 nginx-ldap-auth.service %buildroot%_unitdir/
|
||||
install -m644 %name.service %buildroot%_unitdir/
|
||||
install -d -m755 %buildroot/etc/default
|
||||
install -m644 %name.default %buildroot/etc/default/%name
|
||||
|
||||
%files
|
||||
%doc README.md nginx-ldap-auth.conf backend-sample-app.py LICENSE
|
||||
/etc/default/%name
|
||||
%_bindir/nginx-ldap-auth-daemon
|
||||
%_unitdir/nginx-ldap-auth.service
|
||||
%_unitdir/%name.service
|
||||
|
||||
|
||||
%post
|
||||
getent group nginx-ldap-auth > /dev/null || groupadd -r nginx-ldap-auth
|
||||
getent passwd nginx-ldap-auth > /dev/null || \
|
||||
useradd -r -d /var/lib/nginx -g nginx-ldap-auth \
|
||||
-s /sbin/nologin -c "Nginx auth helper" nginx-ldap-auth
|
||||
/usr/bin/systemctl preset nginx-ldap-auth.service
|
||||
|
||||
%preun
|
||||
|
|
|
|||
Loading…
Reference in New Issue