Quelques appels restants + script de migration
This commit is contained in:
@@ -7,6 +7,5 @@ setKazVars
|
||||
FILE_LDIF=/home/sauve/ldap.ldif
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz
|
||||
|
||||
@@ -5,7 +5,6 @@ KAZ_ROOT=/kaz
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
|
||||
|
||||
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
63
bin/migGestionMotsDePasse.sh
Normal file
63
bin/migGestionMotsDePasse.sh
Normal file
@@ -0,0 +1,63 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
|
||||
touch $newenvfile
|
||||
echo "mattermost_user=$mattermost_user" >> $newenvfile
|
||||
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
|
||||
echo "mattermost_token=$mattermost_token" >> $newenvfile
|
||||
|
||||
|
||||
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-paheko
|
||||
touch $newenvfile
|
||||
echo "API_USER=$paheko_API_USER" >> $newenvfile
|
||||
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-mail
|
||||
touch $newenvfile
|
||||
echo "service_mail=$service_mail" >> $newenvfile
|
||||
echo "service_password=$service_password" >> $newenvfile
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-borg
|
||||
# touch $newenvfile à priori il existe déjà
|
||||
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
|
||||
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
|
||||
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
|
||||
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
|
||||
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-traefik
|
||||
touch $newenvfile
|
||||
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
|
||||
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
|
||||
#####################
|
||||
# Castopod
|
||||
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
|
||||
touch $newenvfile
|
||||
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
|
||||
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
|
||||
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
# creation dossier pour les env des orgas
|
||||
mkdir $KAZ_KEY_DIR/orgas
|
||||
|
||||
|
||||
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"
|
||||
@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_ROOT/secret/env-kaz
|
||||
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ KAZ_ROOT=/kaz
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
URL_AGORA=https://$matterHost.$domain/api/v4
|
||||
EQUIPE=kaz
|
||||
|
||||
@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
URL_AGORA=$(echo $matterHost).$(echo $domain)
|
||||
MAX_QUEUE=50
|
||||
|
||||
@@ -12,7 +12,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)/..
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
DOCK_DIR=$KAZ_COMP_DIR
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
|
||||
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud
|
||||
|
||||
@@ -1,102 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
|
||||
#"${KAZ_BIN_DIR}/initCloud.sh"
|
||||
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
|
||||
|
||||
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
|
||||
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
|
||||
|
||||
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
|
||||
|
||||
# Exemple de table/clés :
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
# | Configuration | s01 |
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
# | hasMemberOfFilterSupport | 0 |
|
||||
# | homeFolderNamingRule | |
|
||||
# | lastJpegPhotoLookup | 0 |
|
||||
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
|
||||
# | ldapAgentPassword | *** |
|
||||
# | ldapAttributesForGroupSearch | |
|
||||
# | ldapAttributesForUserSearch | |
|
||||
# | ldapBackgroundHost | |
|
||||
# | ldapBackgroundPort | |
|
||||
# | ldapBackupHost | |
|
||||
# | ldapBackupPort | |
|
||||
# | ldapBase | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapCacheTTL | 600 |
|
||||
# | ldapConfigurationActive | 1 |
|
||||
# | ldapConnectionTimeout | 15 |
|
||||
# | ldapDefaultPPolicyDN | |
|
||||
# | ldapDynamicGroupMemberURL | |
|
||||
# | ldapEmailAttribute | mail |
|
||||
# | ldapExperiencedAdmin | 0 |
|
||||
# | ldapExpertUUIDGroupAttr | |
|
||||
# | ldapExpertUUIDUserAttr | |
|
||||
# | ldapExpertUsernameAttr | uid |
|
||||
# | ldapExtStorageHomeAttribute | |
|
||||
# | ldapGidNumber | gidNumber |
|
||||
# | ldapGroupDisplayName | cn |
|
||||
# | ldapGroupFilter | |
|
||||
# | ldapGroupFilterGroups | |
|
||||
# | ldapGroupFilterMode | 0 |
|
||||
# | ldapGroupFilterObjectclass | |
|
||||
# | ldapGroupMemberAssocAttr | |
|
||||
# | ldapHost | ldap |
|
||||
# | ldapIgnoreNamingRules | |
|
||||
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
|
||||
# | ldapLoginFilterAttributes | |
|
||||
# | ldapLoginFilterEmail | 0 |
|
||||
# | ldapLoginFilterMode | 0 |
|
||||
# | ldapLoginFilterUsername | 1 |
|
||||
# | ldapMatchingRuleInChainState | unknown |
|
||||
# | ldapNestedGroups | 0 |
|
||||
# | ldapOverrideMainServer | |
|
||||
# | ldapPagingSize | 500 |
|
||||
# | ldapPort | 389 |
|
||||
# | ldapQuotaAttribute | nextcloudQuota |
|
||||
# | ldapQuotaDefault | |
|
||||
# | ldapTLS | 0 |
|
||||
# | ldapUserAvatarRule | default |
|
||||
# | ldapUserDisplayName | cn |
|
||||
# | ldapUserDisplayName2 | |
|
||||
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
|
||||
# | ldapUserFilterGroups | |
|
||||
# | ldapUserFilterMode | 1 |
|
||||
# | ldapUserFilterObjectclass | nextcloudAccount |
|
||||
# | ldapUuidGroupAttribute | auto |
|
||||
# | ldapUuidUserAttribute | auto |
|
||||
# | turnOffCertCheck | 0 |
|
||||
# | turnOnPasswordChange | 0 |
|
||||
# | useMemberOfToDetectMembership | 1 |
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
DockerServName="${sympaServName}"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user