Skip to content

[ENH] ✨ LIST_GROUP of GenericLdapMapper should take ASI_GROUPS #734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
clement-dufaure merged 2 commits into from
Aug 29, 2022
Merged

[ENH] ✨ LIST_GROUP of GenericLdapMapper should take ASI_GROUPS #734

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d45e20e
[ENH] :sparkles: LIST_GROUP of GenericLdapMapper should take ASI_GROUPS
mehdimaaref7 Aug 8, 2022
cd8c825
[ENH] :sparkles: Clean unnecessary lines in Ldap-utils
mehdimaaref7 Aug 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 22 additions & 22 deletions docs/configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,28 +92,28 @@ Sugoi-api implements springdoc with full customization allowed

Sugoi-api implements spring security with full customization allowed

| Properties | Description | Default value | example |
| ---------------------------------------------------------- | :---------: | ------------: | ------: |
| fr.insee.sugoi.cors.allowed-origins | | | |
| fr.insee.sugoi.cors.allowed-methods | | | |
| fr.insee.sugoi.security.basic-authentication-enabled | | | |
| fr.insee.sugoi.security.ldap-account-managment-enabled | | | |
| fr.insee.sugoi.security.ldap-account-managment-url | | | |
| fr.insee.sugoi.security.ldap-account-managment-user-base | | | |
| fr.insee.sugoi.security.ldap-account-managment-groupe-base | | | |
| fr.insee.sugoi.security.bearer-authentication-enabled | | | |
| spring.security.oauth2.resourceserver.jwt.jwk-set-uri | | | |
| fr.insee.sugoi.api.old.regexp.role.consultant | | | |
| fr.insee.sugoi.api.old.regexp.role.gestionnaire | | | |
| fr.insee.sugoi.api.old.regexp.role.admin | | | |
| fr.insee.sugoi.api.old.enable.preauthorize | | | |
| fr.insee.sugoi.api.regexp.role.reader | | | |
| fr.insee.sugoi.api.regexp.role.writer | | | |
| fr.insee.sugoi.api.regexp.role.admin | | | |
| fr.insee.sugoi.api.regexp.role.app.manager | | | |
| fr.insee.sugoi.api.regexp.role.password.manager | | | |
| fr.insee.sugoi.api.enable.preauthorize | | | |
| fr.insee.sugoi.security.default-roles-for-users | default role to add to each connected user | | |
| Properties | Description | Default value | example |
| ---------------------------------------------------------- |:----------------------------------------------------------------------------------------------------------------------:| ------------: | ------: |
| fr.insee.sugoi.cors.allowed-origins | | | |
| fr.insee.sugoi.cors.allowed-methods | | | |
| fr.insee.sugoi.security.basic-authentication-enabled | | | |
| fr.insee.sugoi.security.ldap-account-managment-enabled | | | |
| fr.insee.sugoi.security.ldap-account-managment-url | | | |
| fr.insee.sugoi.security.ldap-account-managment-user-base | | | |
| fr.insee.sugoi.security.ldap-account-managment-groupe-base | | | |
| fr.insee.sugoi.security.bearer-authentication-enabled | | | |
| spring.security.oauth2.resourceserver.jwt.jwk-set-uri | | | |
| fr.insee.sugoi.api.old.regexp.role.consultant | | | |
| fr.insee.sugoi.api.old.regexp.role.gestionnaire | | | |
| fr.insee.sugoi.api.old.regexp.role.admin | | | |
| fr.insee.sugoi.api.old.enable.preauthorize | | | |
| fr.insee.sugoi.api.regexp.role.reader | | | |
| fr.insee.sugoi.api.regexp.role.writer | | | |
| fr.insee.sugoi.api.regexp.role.admin | | | |
| fr.insee.sugoi.ldap.default.group_manager_source_pattern | Default pattern to use when searching manager group for application. Application name should be passed via {appliname} | | |
| fr.insee.sugoi.api.regexp.role.password.manager | | | |
| fr.insee.sugoi.api.enable.preauthorize | | | |
| fr.insee.sugoi.security.default-roles-for-users | default role to add to each connected user | | |
#### Password configuration

Passwords follows rules when there are passed by a user or randomly generated by Sugoi. A default for these rules which will apply to all realm that do not have its own configuration can be set by properties. For configuration at the realm level see [Realm configuration properties on password](realm-configuration.md#realm-configuration-properties-on-password).
Expand Down
22 changes: 11 additions & 11 deletions docs/realm-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ A list of custom key/values can be added at the end.
| groupsMaxOutputSize | 100 | yes | fr.insee.sugoi.groups.maxoutputsize | The maximum number of grouos outputs allowed |
| applicationsMaxOutputSize | 100 | yes | fr.insee.sugoi.applications.maxoutputsize | The maximum number of applications outputs allowed |
| organizationsMaxOutputSize | 100 | yes | fr.insee.sugoi.organizations.maxoutputsize | The maximum number of organizations outputs allowed |
| group_manager_source_pattern | "uid=ASI\_$(appliname),ou=Applications,o=insee,c=fr" | | the default can be set via the instance property : fr.insee.sugoi.ldap.default.group_manager_source_pattern | Describe where the group manager of the application {appliname} should be fetch. Users belonging to this group can create, delete, add or remove users from ${appliname}'s groups. |

Realm configuration properties can be set as:

Expand All @@ -104,17 +105,16 @@ A list of custom key/values can be added at the end.
A UserStorage is a logical division of a Realm.
These configuration should be set for each UserStorage contained in a Realm :

| Field name | Example | Optional | Default | Description |
| ---------------------------- | :--------------------------------------------------------------------------------: | -----------------------------------------------------------------------------------------: | -----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
| name | "myUserStorage" | no | | Name which identifies the userstorage in the realm |
| userSource | "ou=contacts,ou=clients_domaine1,o=insee,c=fr", "/realm1/users" | no | | The location of the users to read on the server. |
| organizationSource |  "ou=organisations,ou=clients_domaine1,o=insee,c=fr", "/realm1/organizations" | yes | | The location of the organization to read on the server. If organizationSource is not set, then organizations cannot be managed. |
| addressSource | "ou=adresses,ou=clients_domaine1,o=insee,c=fr" | Only used for ldap storage. Is needed with ldap storage for now but should become optional | | Addresses are stored as an independant resource in ldap storage. addressSource indicates the location of users and organizations address on the server. |
| properties | | might be needed depending on the type of store (see next sections) | | A list of other options which can be specific to the type of Store Provider. |
| readerType | "LdapReaderStore", "FileReaderStore" |  no | the default can be set via the instance property : fr.insee.sugoi.store.readerType  | Indicates wich type of store is used for reading. This attribute is read-only for now and should be set via default. |
| writeType | "JMSWriterStore", "LdapWriterStore", "FileWriterStore" |  no |  the default can be set via the instance property : fr.insee.sugoi.store.writerType  | Indicates wich type of store is used for writing. This attribute is read-only for now and should be set via default. |
| mappings | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | should be set when using a ldap store provider | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | Description of how to map Sugoi user and organization attributes with ldap attributes when using a ldap store provider |
| group_manager_source_pattern | "uid=ASI\_$(app),ou=Applications,o=insee,c=fr" | should be set when wanted to have a kind of group of group manager for app | | Description of where to put user who can manage apps groups |
| Field name | Example | Optional | Default | Description |
| ---------------------------- |:----------------------------------------------------------------------------------:|---------------------------------------------------------------------------------------------------------:|-----------------------------------------------------------------------------------------------:| ------------------------------------------------------------------------------------------------------------------------------------------------------- |
| name | "myUserStorage" | no | | Name which identifies the userstorage in the realm |
| userSource | "ou=contacts,ou=clients_domaine1,o=insee,c=fr", "/realm1/users" | no | | The location of the users to read on the server. |
| organizationSource |  "ou=organisations,ou=clients_domaine1,o=insee,c=fr", "/realm1/organizations" | yes | | The location of the organization to read on the server. If organizationSource is not set, then organizations cannot be managed. |
| addressSource | "ou=adresses,ou=clients_domaine1,o=insee,c=fr" | Only used for ldap storage. Is needed with ldap storage for now but should become optional | | Addresses are stored as an independant resource in ldap storage. addressSource indicates the location of users and organizations address on the server. |
| properties | | might be needed depending on the type of store (see next sections) | | A list of other options which can be specific to the type of Store Provider. |
| readerType | "LdapReaderStore", "FileReaderStore" |  no | the default can be set via the instance property : fr.insee.sugoi.store.readerType  | Indicates wich type of store is used for reading. This attribute is read-only for now and should be set via default. |
| writeType | "JMSWriterStore", "LdapWriterStore", "FileWriterStore" |  no |  the default can be set via the instance property : fr.insee.sugoi.store.writerType  | Indicates wich type of store is used for writing. This attribute is read-only for now and should be set via default. |
| mappings | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | should be set when using a ldap store provider | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | Description of how to map Sugoi user and organization attributes with ldap attributes when using a ldap store provider |

### Generic UserStorage properties

Expand Down
Loading