init

README.md

@@ -0,0 +1,128 @@
+## Установка I, Librarian 
+
+Основан на [https://hub.docker.com/r/cgrima/i-librarian](https://hub.docker.com/r/cgrima/i-librarian)  
+Официальный сайт: [https://i-librarian.net](https://i-librarian.net)
+
+#### Настройка LDAP `./configs/ilibrarian.ini`
+
+```
+ldap_active = "1"
+ldap_server = "ldap://ldap.example.com:389"
+ldap_use_tls = "0"
+ldap_basedn = "dc=example,dc=com"
+ldap_binduser_dn = "cn=ldapsearch,ou=users,dc=example,dc=com"
+ldap_binduser_pw = "password"
+ldap_username_attr = "cn"
+ldap_userlogin_attr = "cn"
+ldap_user_filter = "(objectClass=user)"
+ldap_group_rdn = "ou=groups"
+ldap_admingroup_cn = "cn=ilib_admins"
+ldap_admingroup_dn = ""
+ldap_usergroup_cn = ""
+ldap_usergroup_dn = ""
+ldap_admin_users = ""
+ldap_filter = "member"
+ldap_version = "3"
+ldap_opt_referrals = "0"
+ldap_debug_enabled = "0"
+ldap_opt_debug_level = "7"
+
+```
+
+
+#### Запуск
+```
+git clone https://git.badms.ru/bms/ilib.git
+cd ilib
+# Предварительно отредактировать ./configs/ilibrarian.ini
+docker compose up -d
+```
+
+
+#### После запуска
+Настроить `NPM` для доступа к `Authentik` по `HTTPS`.
+Перейти по ссылке для первоначальной конфигруации: `https://auth.example.com/if/flow/initial-setup/`
+
+---
+
+## Настройка Authentik 
+
+---
+
+### Создать пользователей и группы
+
+`Directory` > `Users` > `Create`
+
+- ldapseach
+
+`Directory` > `Groups` > `Create`
+
+- ldapseach
+- ilib_admins
+- ilib_users
+
+Добавить пользователя `ldapseach` в группу `ldapseach`
+
+Пользователям добавить атрибуты:
+
+```
+mn: Отчество
+sn: Фамилия
+name: Имя
+givenname: Имя
+```
+
+Добавить пользователей в группы `ilib_admins` и `ilib_users`
+
+---
+
+### Создание провайдера
+`Applications` > `Providers` > `Create` > `LDAP Provider`  
+
+**Name:** Provider for LDAP  
+**Bind flow:** default-authentication-flow (Welcome to authentik!)  
+**Search group:** ldapsearch  
+**Bind mode:** Direct binding  
+**Search mode:** Direct binding  
+**Code-based MFA Support:** V (?)  
+
+**Base DN:** DC=example,DC=com  
+**Certificate:** -  
+**TLS Server name:** -  
+**UID start number:** 2000  
+**GID start number:** 2000 
+
+---
+
+### Создание приложения
+`Applications` > `Applications` > `Create`
+
+**Name:** LDAP  
+**Slug:** ldap  
+**Group:** ---  
+**Provider:** Provider for LDAP  
+**Backchannel Providers:** ---  
+**Policy engine mode:** any  
+
+**Launch URL:** ---  
+**Icon:** ---  
+**Publisher:** ---  
+**Description:** ---  
+
+
+---
+
+### Создание Outpost
+`Applications` > `Applications` > `Outpost`
+
+**Name:** LDAP outpost  
+**Tyoe:** LDAP  
+**Integration:** ---  
+**Applications:** LDAP  
+
+
+### Добавление пользователей и групп
+`Applications` > `Applications` > `LDAP`> `Policy/Group/User Bindings` > `Bind existing policy`
+
+Добавить группы `ilib_admins` и `ilib_users`
+Добавить пользователя `ldapseach`

configs/ilibrarian.ini

@@ -0,0 +1,119 @@
+;
+; Password reset.
+;
+[reset_password]
+
+; To enable password reset, change reset_password to 1. Don't
+; forget to change the value back to O, after the password
+; has been reset.
+reset_password = "0"
+
+;
+; Error message level.
+;
+[error_messages]
+
+; Set to "debug", for more information. IMPORTANT! Debug should be used
+; exclusively during development, and never in production, as it reveals
+; sensitive information.
+level = ""
+
+;
+; Override php.ini session settings.
+;
+[session]
+
+; If a TLS certificate is set up, set to "1" for increased security.
+cookie_secure = "0"
+
+;
+; LDAP.
+;
+; Enter your LDAP server settings below. There are example settings for
+; a free dummy LDAP server at:
+;
+; www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server
+;
+; Use einstein:password, euclid:password to test its functionality.
+;
+; LDAP access does not work from behind a proxy server.
+;
+[ldap]
+
+; Activate login via LDAP. Caution: Disables local login.
+ldap_active = "0"
+
+; LDAP server protocol, hostname, and port, e.g. ldap(s)://hostname:port.
+;ldap_server = "ldap://ldap.forumsys.com:389"
+ldap_server = "ldap://ldap.example.com:389"
+
+; If the protocol is ldap, a TLS-encrypted connection should be used. Set to 0,
+; only if no TLS certificate is configured on your LDAP server.
+ldap_use_tls = "0"
+
+; Base distinguished name (DN).
+;ldap_basedn = "dc=example,dc=com"
+ldap_basedn = "dc=example,dc=com"
+
+; Fully qualified bind user DN.
+;ldap_binduser_dn = "cn=read-only-admin,dc=example,dc=com"
+ldap_binduser_dn = "cn=ldapsearch,ou=users,dc=example,dc=com"
+
+; Bind user password.
+;ldap_binduser_pw = "password"
+ldap_binduser_pw = "password"
+
+; Attribute to use for username lookups.
+ldap_username_attr = "cn"
+
+; Attribute which is used to verify login/password pair.
+;ldap_userlogin_attr = "sAMAccountName"
+ldap_userlogin_attr = "cn"
+
+; Custom LDAP Filter to additionally restrict the user search, and with (ldap_userlogin_attr = user)
+; ldap_user_filter = "(|(objectClass=user)(objectClass=iNetOrgPerson))"
+ldap_user_filter = "(objectClass=user)"
+
+;
+; Authorization. If the below options are provided, a group affiliation
+; is checked (admins vs. users) and permissions are set accordingly.
+; Otherwise, all LDAP users are given admin permissions.
+;
+
+; Group relative search base without basedn.
+;ldap_group_rdn = "ou=groups"
+ldap_group_rdn = "ou=groups"
+
+; Admin group common name.
+;ldap_admingroup_cn = "cn=admins"
+ldap_admingroup_cn = "cn=ilib_admins"
+
+; Admin group DN, if building CN with group_rdn and basedn is not possible.
+ldap_admingroup_dn = ""
+
+; User group common name. If only a specific user group can access I, Librarian.
+;ldap_usergroup_cn = "cn=users"
+ldap_usergroup_cn = ""
+
+; Use user group DN, if building CN with group_rdn and basedn is not possible.
+ldap_usergroup_dn = ""
+
+; Optional admin users, comma separated list
+ldap_admin_users = ""
+
+; Group filter prefix.
+; If you want to do recursive searches with LDAP servers that support it
+; (e.g., MS Active Directory), use the correct matching rule.
+;ldap_filter = 'member:1.2.840.113556.1.4.1941'
+ldap_filter = "member"
+
+; Change to match your ldap protocol version.
+ldap_version = "3"
+
+; Enable REFERRALS.
+ldap_opt_referrals = "0"
+
+; Enable and set debug level for LDAP authentication.
+; Messages are logged into Apache Global Error Log.
+ldap_debug_enabled = "0"
+ldap_opt_debug_level = "7"

docker-compose.yml

@@ -0,0 +1,15 @@
+version: "2"
+
+services:
+
+  ilib:
+    image: cgrima/i-librarian:5.11.1
+    hostname: ilib
+    container_name: ilib
+    restart: unless-stopped
+    ports:
+      - "80:80"
+    volumes:
+      - ./data:/app/data
+      - ./configs:/app/config
+      - /etc/localtime:/etc/localtime:ro