vinyldns/quickstart/portal/application.conf

LDAP {
  # For OpenLDAP, this would be a full DN to the admin for LDAP / user that can see all users
  user = "cn=admin,dc=planetexpress,dc=com"

  # Password for the admin account
  password = "GoodNewsEveryone"

  # Keep this as an empty string for OpenLDAP
  domain = ""

  # This will be the name of the LDAP field that carries the user's login id (what they enter in the username in login form)
  userNameAttribute = "uid"

  # For organization, leave empty for this demo, the domainName is what matters, and that is the LDAP structure
  # to search for users that require login
  searchBase = [
    {organization = "", domainName = "ou=people,dc=planetexpress,dc=com"},
  ]
  context {
    initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory"
    securityAuthentication = "simple"

    # Note: The following assumes a purely docker setup, using container_name = vinyldns-ldap
    providerUrl = "ldap://vinyldns-ldap:19004"
    providerUrl = ${?LDAP_PROVIDER_URL}
  }

  # This is only needed if keeping vinyldns user store in sync with ldap (to auto lock out users who left your
  # company for example)
  user-sync {
    enabled = false
    hours-polling-interval = 1
  }
}

# Note: This MUST match the API or strange errors will ensure, NoCrypto should not be used for production
crypto {
  type = "vinyldns.core.crypto.NoOpCrypto"
}

http.port = 9001
http.port = ${?PORTAL_PORT}

data-stores = ["mysql"]

# Note: The default mysql settings assume a local docker compose setup with mysql named vinyldns-mysql
# follow the configuration guide to point to your mysql
# Only 3 repositories are needed for portal: user, task, user-change
mysql {
  repositories {
    user {
    }
    task {
    }
    user-change {
    }
  }
}

# You generate this yourself following https://www.playframework.com/documentation/2.7.x/ApplicationSecret
play.http.secret.key = "rpkTGtoJvLIdIV?WU=0@yW^x:pcEGyAt`^p/P3G0fpbj9:uDnD@caSjCDqA0@tB="
play.http.secret.key = ${?PLAY_HTTP_SECRET_KEY}
Support non ActiveDirectory LDAP (#859) Support non ActiveDirectory LDAP This PR has an optional local portal setup against this docker container - https://github.com/rroemhild/docker-test-openldap The base modifications for LDAP was to change the actual authentication flow. Before, we only attempted to bind (setting up a DirContext and relying on an exception). We would test all of the search bases until we exhausted the list. The new approach works differently: 1. First, login using the main service account 2. Second, do a lookup of the user 3. Finally, attempt to bind to that user's context directly using the password provided. This works fine with both AD LDAP as well as the example docker container which uses OpenLDAP Besides these changes, need to make configurable the userNameField, which is the ldap attribute that is used to search for the username sent in the login screen. In AD, this is `sAMAccountName`, but in the example it is `uid`, the logon field is up to the way LDAP is setup - `docker-up-vinyldns.sh` - fixed a quote issue with the startup script to properly send in the version of vinyldns - `docker-compose-build.yml` - added the `ldap` container so the portal can connect as `vinyldns-ldap` - `docker/portal/application.conf` - new config file so that we can connect to the new ldap container - `docker-compose.yml` - added the `ldap` container here as well so we can play with it using `reStart` in sbt instead of `docker-up-vinyldns.sh` - simplifies local testing - `LdapAuthenticator.scala` - this is where the main changes happen 2019-10-08 19:13:15 -04:00			`LDAP {`
			`# For OpenLDAP, this would be a full DN to the admin for LDAP / user that can see all users`
			`user = "cn=admin,dc=planetexpress,dc=com"`

			`# Password for the admin account`
			`password = "GoodNewsEveryone"`

			`# Keep this as an empty string for OpenLDAP`
			`domain = ""`

			`# This will be the name of the LDAP field that carries the user's login id (what they enter in the username in login form)`
			`userNameAttribute = "uid"`

Updates - Move away from using multiple images for "quickstart" and instead use a single "integration" image which provides all of the dependencies - Update `docker-up-vinyldns.sh` to support the new `integration` image - Update `remove-vinyl-containers.sh` to more cleanly.. clean up - Update `verify.sh` to more reliably run `sbt` targets - Update `build/docker/api/application.conf` to allow for overrides and default to the `vinyldns-integration` image - Update `build/docker/portal/application.conf` to allow overrides and use `vinyldns-integration` image - Update `build/docker/portal/Dockerfile` to use `vinyldns/build:base-build-portal` to reduce need to download dependencies over and over - Update `api/assembly` sbt target to output to `assembly` rather than some deeply nested folder in `**/target` - Update documentation to reflect changes - Move `docker/` directory to `quickstart/` to reduce confusion with the `build/docker` directory - Move `bin/` to `utils/` since the files are binaries - Add `.dockerignore` to root 2021-10-20 09:07:19 -04:00			`# For organization, leave empty for this demo, the domainName is what matters, and that is the LDAP structure`
Support non ActiveDirectory LDAP (#859) Support non ActiveDirectory LDAP This PR has an optional local portal setup against this docker container - https://github.com/rroemhild/docker-test-openldap The base modifications for LDAP was to change the actual authentication flow. Before, we only attempted to bind (setting up a DirContext and relying on an exception). We would test all of the search bases until we exhausted the list. The new approach works differently: 1. First, login using the main service account 2. Second, do a lookup of the user 3. Finally, attempt to bind to that user's context directly using the password provided. This works fine with both AD LDAP as well as the example docker container which uses OpenLDAP Besides these changes, need to make configurable the userNameField, which is the ldap attribute that is used to search for the username sent in the login screen. In AD, this is `sAMAccountName`, but in the example it is `uid`, the logon field is up to the way LDAP is setup - `docker-up-vinyldns.sh` - fixed a quote issue with the startup script to properly send in the version of vinyldns - `docker-compose-build.yml` - added the `ldap` container so the portal can connect as `vinyldns-ldap` - `docker/portal/application.conf` - new config file so that we can connect to the new ldap container - `docker-compose.yml` - added the `ldap` container here as well so we can play with it using `reStart` in sbt instead of `docker-up-vinyldns.sh` - simplifies local testing - `LdapAuthenticator.scala` - this is where the main changes happen 2019-10-08 19:13:15 -04:00			`# to search for users that require login`
			`searchBase = [`
			`{organization = "", domainName = "ou=people,dc=planetexpress,dc=com"},`
			`]`
			`context {`
			`initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory"`
			`securityAuthentication = "simple"`

			`# Note: The following assumes a purely docker setup, using container_name = vinyldns-ldap`
Updates - Move away from using multiple images for "quickstart" and instead use a single "integration" image which provides all of the dependencies - Update `docker-up-vinyldns.sh` to support the new `integration` image - Update `remove-vinyl-containers.sh` to more cleanly.. clean up - Update `verify.sh` to more reliably run `sbt` targets - Update `build/docker/api/application.conf` to allow for overrides and default to the `vinyldns-integration` image - Update `build/docker/portal/application.conf` to allow overrides and use `vinyldns-integration` image - Update `build/docker/portal/Dockerfile` to use `vinyldns/build:base-build-portal` to reduce need to download dependencies over and over - Update `api/assembly` sbt target to output to `assembly` rather than some deeply nested folder in `**/target` - Update documentation to reflect changes - Move `docker/` directory to `quickstart/` to reduce confusion with the `build/docker` directory - Move `bin/` to `utils/` since the files are binaries - Add `.dockerignore` to root 2021-10-20 09:07:19 -04:00			`providerUrl = "ldap://vinyldns-ldap:19004"`
			`providerUrl = ${?LDAP_PROVIDER_URL}`
Support non ActiveDirectory LDAP (#859) Support non ActiveDirectory LDAP This PR has an optional local portal setup against this docker container - https://github.com/rroemhild/docker-test-openldap The base modifications for LDAP was to change the actual authentication flow. Before, we only attempted to bind (setting up a DirContext and relying on an exception). We would test all of the search bases until we exhausted the list. The new approach works differently: 1. First, login using the main service account 2. Second, do a lookup of the user 3. Finally, attempt to bind to that user's context directly using the password provided. This works fine with both AD LDAP as well as the example docker container which uses OpenLDAP Besides these changes, need to make configurable the userNameField, which is the ldap attribute that is used to search for the username sent in the login screen. In AD, this is `sAMAccountName`, but in the example it is `uid`, the logon field is up to the way LDAP is setup - `docker-up-vinyldns.sh` - fixed a quote issue with the startup script to properly send in the version of vinyldns - `docker-compose-build.yml` - added the `ldap` container so the portal can connect as `vinyldns-ldap` - `docker/portal/application.conf` - new config file so that we can connect to the new ldap container - `docker-compose.yml` - added the `ldap` container here as well so we can play with it using `reStart` in sbt instead of `docker-up-vinyldns.sh` - simplifies local testing - `LdapAuthenticator.scala` - this is where the main changes happen 2019-10-08 19:13:15 -04:00			`}`

			`# This is only needed if keeping vinyldns user store in sync with ldap (to auto lock out users who left your`
			`# company for example)`
			`user-sync {`
			`enabled = false`
			`hours-polling-interval = 1`
			`}`
			`}`

			`# Note: This MUST match the API or strange errors will ensure, NoCrypto should not be used for production`
			`crypto {`
			`type = "vinyldns.core.crypto.NoOpCrypto"`
			`}`

			`http.port = 9001`
Update Release - Added images to `build/docker` - Update `quickstart` script to be more functional 2021-11-01 12:25:17 -04:00			`http.port = ${?PORTAL_PORT}`
Support non ActiveDirectory LDAP (#859) Support non ActiveDirectory LDAP This PR has an optional local portal setup against this docker container - https://github.com/rroemhild/docker-test-openldap The base modifications for LDAP was to change the actual authentication flow. Before, we only attempted to bind (setting up a DirContext and relying on an exception). We would test all of the search bases until we exhausted the list. The new approach works differently: 1. First, login using the main service account 2. Second, do a lookup of the user 3. Finally, attempt to bind to that user's context directly using the password provided. This works fine with both AD LDAP as well as the example docker container which uses OpenLDAP Besides these changes, need to make configurable the userNameField, which is the ldap attribute that is used to search for the username sent in the login screen. In AD, this is `sAMAccountName`, but in the example it is `uid`, the logon field is up to the way LDAP is setup - `docker-up-vinyldns.sh` - fixed a quote issue with the startup script to properly send in the version of vinyldns - `docker-compose-build.yml` - added the `ldap` container so the portal can connect as `vinyldns-ldap` - `docker/portal/application.conf` - new config file so that we can connect to the new ldap container - `docker-compose.yml` - added the `ldap` container here as well so we can play with it using `reStart` in sbt instead of `docker-up-vinyldns.sh` - simplifies local testing - `LdapAuthenticator.scala` - this is where the main changes happen 2019-10-08 19:13:15 -04:00
			`data-stores = ["mysql"]`

			`# Note: The default mysql settings assume a local docker compose setup with mysql named vinyldns-mysql`
			`# follow the configuration guide to point to your mysql`
			`# Only 3 repositories are needed for portal: user, task, user-change`
			`mysql {`
			`repositories {`
			`user {`
			`}`
			`task {`
			`}`
			`user-change {`
			`}`
			`}`
			`}`

			`# You generate this yourself following https://www.playframework.com/documentation/2.7.x/ApplicationSecret`
			play.http.secret.key = "rpkTGtoJvLIdIV?WU=0@yW^x:pcEGyAt`^p/P3G0fpbj9:uDnD@caSjCDqA0@tB="
Update Release - Added images to `build/docker` - Update `quickstart` script to be more functional 2021-11-01 12:25:17 -04:00			`play.http.secret.key = ${?PLAY_HTTP_SECRET_KEY}`