|
|
## Установка I, Librarian
|
|
|
|
|
|
Основан на [https://hub.docker.com/r/cgrima/i-librarian](https://hub.docker.com/r/cgrima/i-librarian)
|
|
|
Официальный сайт: [https://i-librarian.net](https://i-librarian.net)
|
|
|
|
|
|
#### Настройка LDAP `./configs/ilibrarian.ini`
|
|
|
|
|
|
```
|
|
|
ldap_active = "1"
|
|
|
ldap_server = "ldap://ldap.example.com:389"
|
|
|
ldap_use_tls = "0"
|
|
|
ldap_basedn = "dc=example,dc=com"
|
|
|
ldap_binduser_dn = "cn=ldapsearch,ou=users,dc=example,dc=com"
|
|
|
ldap_binduser_pw = "password"
|
|
|
ldap_username_attr = "cn"
|
|
|
ldap_userlogin_attr = "cn"
|
|
|
ldap_user_filter = "(objectClass=user)"
|
|
|
ldap_group_rdn = "ou=groups"
|
|
|
ldap_admingroup_cn = "cn=ilib_admins"
|
|
|
ldap_admingroup_dn = ""
|
|
|
ldap_usergroup_cn = ""
|
|
|
ldap_usergroup_dn = ""
|
|
|
ldap_admin_users = ""
|
|
|
ldap_filter = "member"
|
|
|
ldap_version = "3"
|
|
|
ldap_opt_referrals = "0"
|
|
|
ldap_debug_enabled = "0"
|
|
|
ldap_opt_debug_level = "7"
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
#### Запуск
|
|
|
```
|
|
|
git clone https://git.badms.ru/bms/ilib.git
|
|
|
cd ilib
|
|
|
# Предварительно отредактировать ./configs/ilibrarian.ini
|
|
|
docker compose up -d
|
|
|
```
|
|
|
|
|
|
|
|
|
#### После запуска
|
|
|
Зайти под пользователем с правами администратора `Administrator` > `Global settings`
|
|
|
|
|
|
**User self-registration:** disallow
|
|
|
**Default user permissions:** user
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
## Настройка Authentik
|
|
|
|
|
|
---
|
|
|
|
|
|
### Создать пользователей и группы
|
|
|
|
|
|
`Directory` > `Users` > `Create`
|
|
|
|
|
|
- ldapseach
|
|
|
|
|
|
`Directory` > `Groups` > `Create`
|
|
|
|
|
|
- ldapseach
|
|
|
- ilib_admins
|
|
|
- ilib_users
|
|
|
|
|
|
Добавить пользователя `ldapseach` в группу `ldapseach`
|
|
|
|
|
|
Пользователям добавить атрибуты:
|
|
|
|
|
|
```
|
|
|
mn: Отчество
|
|
|
sn: Фамилия
|
|
|
name: Имя
|
|
|
givenname: Имя
|
|
|
```
|
|
|
|
|
|
Добавить пользователей в группы `ilib_admins` и `ilib_users`
|
|
|
|
|
|
---
|
|
|
|
|
|
### Создание провайдера
|
|
|
`Applications` > `Providers` > `Create` > `LDAP Provider`
|
|
|
|
|
|
**Name:** Provider for LDAP
|
|
|
**Bind flow:** default-authentication-flow (Welcome to authentik!)
|
|
|
**Search group:** ldapsearch
|
|
|
**Bind mode:** Direct binding
|
|
|
**Search mode:** Direct binding
|
|
|
**Code-based MFA Support:** V (?)
|
|
|
|
|
|
**Base DN:** DC=example,DC=com
|
|
|
**Certificate:** -
|
|
|
**TLS Server name:** -
|
|
|
**UID start number:** 2000
|
|
|
**GID start number:** 2000
|
|
|
|
|
|
---
|
|
|
|
|
|
### Создание приложения
|
|
|
`Applications` > `Applications` > `Create`
|
|
|
|
|
|
**Name:** LDAP
|
|
|
**Slug:** ldap
|
|
|
**Group:** ---
|
|
|
**Provider:** Provider for LDAP
|
|
|
**Backchannel Providers:** ---
|
|
|
**Policy engine mode:** any
|
|
|
|
|
|
**Launch URL:** ---
|
|
|
**Icon:** ---
|
|
|
**Publisher:** ---
|
|
|
**Description:** ---
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
### Создание Outpost
|
|
|
`Applications` > `Applications` > `Outpost`
|
|
|
|
|
|
**Name:** LDAP outpost
|
|
|
**Tyoe:** LDAP
|
|
|
**Integration:** ---
|
|
|
**Applications:** LDAP
|
|
|
|
|
|
|
|
|
### Добавление пользователей и групп
|
|
|
`Applications` > `Applications` > `LDAP`> `Policy/Group/User Bindings` > `Bind existing policy`
|
|
|
|
|
|
Добавить группы `ilib_admins` и `ilib_users`
|
|
|
Добавить пользователя `ldapseach` |