Categories

ID #1441

How do I integrate ldap-passwd-webui with Bright?

What is ldap-passwd-webui?

A simple tool, written entirely in Python.
The original tool can be found at https://github.com/jirutka/ldap-passwd-webui
It allows the end user to change their password via a web interface.

To allow integration with Bright Cluster Manager, ldap-passwd-webui was modified. The modified tool is at:
http://support.brightcomputing.com/ldap-passwd-webui/ldap-passwd-webui-master.zip


Requirements:
The tool runs on Python 3, and was tested with Python 3.6.7
A requirements.txt file is found in the project. The contents mention the following version requirements:
bottle >= 0.12.8
ldap3 >= 2.0, < 3.0
configparser; python_version < '3.3'

Installation steps, into linux


Configuration
To make ldap-passwd-webui work with Bright cluster, the following cert and key files need to be copied over from the head node into the project's home directory:
/cm/local/apps/openldap/etc/certs/ca.pem
/cm/local/apps/openldap/etc/certs/ldap.pem
/cm/local/apps/openldap/etc/certs/ldap.key
 

The settings.ini.example file should then be copied over to settings.ini


An example of a settings.ini file that works with the default configuration of the cluster is:

 

[html]
page_title = Change your password

[ldap]
host = ldapserver
port = 636
use_ssl = True
base = ou=Group,dc=cm,dc=cluster
search_filter = cn={uid}

# Uncomment if your ldap server requires client to present those files
[tls]
key_file = ldap.key
cert_file = ldap.pem
ca_file = ca.pem

# Uncomment for AD / Samba 4
#type = ad
#ad_domain = ad.example.org
#search_filter = sAMAccountName={uid}

[server]
server = auto
host = localhost
port = 8080

 


When done, the tool can be run.

Running
ldap-passwd-webui can run as a standalone web server:

python3 app.py

  

The URL to reach the GUI is:

 

http://localhost:8080


The README.adoc file that is included with the tool has further details about web server integration.

Tags: LDAP, ldap-passwd-webui, password, web

Related entries:

You cannot comment on this entry