Newer
Older
A web service to manage LDAP users, groups and permissions.
## dependencies
- python3
- python3-ldap3
- python3-flask
- python3-flask-sqlalchemy
Some of the dependencies (especially fido2 and flask-oauthlib) changed their API in recent versions, so make sure to install the versions from Debian Buster.
You can also use virtualenv with the supplied `requirements.txt`.
## development
During development, you may want to enable LDAP mocking, as you otherwise need to have access to an actual LDAP server with the required schema.
You can do so by setting `LDAP_SERVICE_MOCK=True` in the config.
Afterwards you can login as a normal user with "testuser" and "userpassword", or as an admin with "testadmin" and "adminpassword".
Please note that the mocked LDAP functionality is very limited and many uffd features do not work correctly without a real LDAP server.
## deployment
Use uwsgi.
## python style conventions
tabs.
## OAuth2 Single-Sign-On Provider
Other services can use uffd as an OAuth2.0-based authentication provider.
The required credentials (client_id, client_secret and redirect_uris) for these services are defined in the config.
The services need to be setup to use the following URLs with the Authorization Code Flow:
* `/oauth2/authorize`: authorization endpoint
* `/oauth2/token`: token request endpoint
* `/oauth2/userinfo`: endpoint that provides information about the current user
The userinfo endpoint returns json data with the following structure:
```
{
"id": 10000,
"name": "Test User",
"nickname": "testuser"
"email": "testuser@example.com",
"ldap_dn": "uid=testuser,ou=users,dc=example,dc=com",