diff --git a/config.py b/config.py index 8e5e21d..bd2f133 100644 --- a/config.py +++ b/config.py @@ -1,5 +1,7 @@ import os +execfile('/etc/authentic2/supann.conf') + A2_PROFILE_CAN_CHANGE_EMAIL = False A2_PROFILE_CAN_EDIT_PROFILE = False A2_CAN_RESET_PASSWORD = False @@ -12,13 +14,13 @@ SAML_SIGNATURE_PRIVATE_KEY = file('/etc/authentic2/key.pem').read() LDAP_AUTH_SETTINGS = [ { - 'url': os.environ['SUPANN_LDAP_URL'], + 'url': SUPANN_LDAP_URL, 'user_filter': '(&(|(mail=%s)(supannAutreMail=%s)(supannAliasLogin=%s)(uid=%s))(objectClass=supannPerson))', - 'basedn': os.environ['SUPANN_LDAP_BASE_DN'], - 'binddn': os.environ.get('SUPANN_LDAP_BINDDN'), - 'bindpw': os.environ.get('SUPANN_LDAP_BINDPW'), - 'groupsu': 'cn=admin,ou=groups,%s' % os.environ['SUPANN_LDAP_BASE_DN'], - 'groupstaff': 'cn=admin,ou=groups,%s' % os.environ['SUPANN_LDAP_BASE_DN'], + 'basedn': SUPANN_LDAP_BASE_DN, + 'binddn': globals().get('SUPANN_LDAP_BINDDN'), + 'bindpw': globals().get('SUPANN_LDAP_BINDPW'), + 'groupsu': 'cn=admin,ou=groups,%s' % SUPANN_LDAP_BASE_DN, + 'groupstaff': 'cn=admin,ou=groups,%s' % SUPANN_LDAP_BASE_DN, 'transient': False, 'username_template': '{uid[0]}', 'external_id_tuples': (('uid',), ('dn:noquote',), ), @@ -122,8 +124,8 @@ LDAP_AUTH_SETTINGS = [ 'attribute_mappings': (('mail', 'email'),), 'mandatory_attributes_values': { # edugain support - 'schacHomeOrganization': [os.environ['EDUGAIN_SCHAC_HOME_ORGANIZATION']], - 'schacHomeOrganizationtype': [os.environ['EDUGAIN_SCHAC_HOME_ORGANIZATION_TYPE']], + 'schacHomeOrganization': [EDUGAIN_SCHAC_HOME_ORGANIZATION.decode('utf-8')], + 'schacHomeOrganizationtype': [EDUGAIN_SCHAC_HOME_ORGANIZATION_TYPE.decode('utf-8')], }, } ] diff --git a/supann.conf b/supann.conf index 70f0de5..9fb4e2f 100644 --- a/supann.conf +++ b/supann.conf @@ -1,14 +1,15 @@ +# -*- coding: utf-8 -*- # Fichier /etc/default/authentic2 # # Configuration du LDAP # # URL de l'annuaire LDAP # -export SUPANN_LDAP_URL=ldap://127.0.0.1/ +SUPANN_LDAP_URL="ldap://127.0.0.1/" # # Base DN de l'annuaire LDAP # -export SUPANN_LDAP_BASE_DN=dc=univ-test,dc=fr +SUPANN_LDAP_BASE_DN="dc=univ-test,dc=fr" # # Bind DN pour connexion à l'annuaire LDAP (optionnel) # @@ -23,15 +24,15 @@ export SUPANN_LDAP_BASE_DN=dc=univ-test,dc=fr # # URL des métadonnées # -export RENATER_METADATA=https://federation.renater.fr/renater/renater-metadata.xml +RENATER_METADATA="https://federation.renater.fr/renater/renater-metadata.xml" # # URL des règles de filtrage des attributs # -export RENATER_ATTRIBUTE_FILTERS=https://federation.renater.fr/renater/filtres/renater-attribute-filters-all.xml +RENATER_ATTRIBUTE_FILTERS="https://federation.renater.fr/renater/filtres/renater-attribute-filters-all.xml" # # URL du certificat de signature des métadonnées # -export RENATER_CERTIFICATE=https://federation.renater.fr/renater/metadata-federation-renater.crt +RENATER_CERTIFICATE="https://federation.renater.fr/renater/metadata-federation-renater.crt" # Test # export RENATER_METADATA=https://federation.renater.fr/test/renater-test-metadata.xml # test @@ -42,11 +43,11 @@ export RENATER_CERTIFICATE=https://federation.renater.fr/renater/metadata-federa # # Nom de l'organisation # -export EDUGAIN_SCHAC_HOME_ORGANIZATION="Université Test Authentic2" +EDUGAIN_SCHAC_HOME_ORGANIZATION="Université Test Authentic2" # # Type de l'organisation # -export EDUGAIN_SCHAC_HOME_ORGANIZATION_TYPE="urn:schac:homeOrganizationType:int:university" +EDUGAIN_SCHAC_HOME_ORGANIZATION_TYPE="urn:schac:homeOrganizationType:int:university" # # Une valeur parmi: # urn:schac:homeOrganizationType:int:university @@ -60,4 +61,4 @@ export EDUGAIN_SCHAC_HOME_ORGANIZATION_TYPE="urn:schac:homeOrganizationType:int: # urn:schac:homeOrganizationType:int:nren # Local port for listening -export BIND=127.0.0.1:8080 +BIND="127.0.0.1:8080" diff --git a/update-renater-meta.sh b/update-renater-meta.sh index 3ac6ca0..55c2798 100755 --- a/update-renater-meta.sh +++ b/update-renater-meta.sh @@ -15,11 +15,7 @@ function cleanup { trap "cleanup" EXIT -if [ -f ]; then - . /etc/default/authentic2 -else - . $BASEDIR/`basename $DEFAULT` -fi +. /etc/authentic2/supann.conf if ! wget --quiet $RENATER_METADATA -O$METADATA_TMP; then echo ERROR: unable to retrieve metadata from $RENATER_METADATA