Add documentation for installing on Debian/Ubuntu and CentOS/RHEL

.gitignore

@@ -54,3 +54,4 @@ coverage.xml
 # Sphinx documentation
 docs/_build/
 
+ldapcherry-dev.ini

.travis.yml

@@ -1,31 +1,40 @@
 sudo: required
-dist: trusty
+dist: xenial
 language: python
 
-#env:
-#  - TRAVIS="yes"
-
 before_install:
   - '[ "$TEST_PEP8" == "1" ] || sudo ./tests/test_env/deploy.sh'
 
-python:
-  - "2.7"
-
 install: 
-  - pip install -e .
-  - "if [[ $TEST_PEP8 == '1' ]]; then pip install pep8; fi"
+  - "pip install -e . -r $REQ_FILE"
+  - "if [[ $TEST_PEP8 == '1' ]]; then pip install pycodestyle; fi"
   - pip install passlib
   - pip install coveralls
 
-# command to run tests
-#
-#script: 
-#  - coverage run --source=ldapcherry setup.py test
-script: "if [[ $TEST_PEP8 == '1' ]]; then pep8 --repeat --show-source --exclude=.venv,.tox,dist,docs,build,*.egg,tests,misc,setup.py . scripts/ldapcherryd; else coverage run --source=ldapcherry setup.py test; fi"
+script: "if [[ $TEST_PEP8 == '1' ]]; then pycodestyle --repeat --show-source --exclude=.venv,.tox,dist,docs,build,*.egg,tests,misc,setup.py .; else coverage run --source=ldapcherry setup.py test; fi"
 matrix:
   include:
     - python: "2.7"
-      env: TEST_PEP8=1
+      env:
+        TEST_PEP8=1
+        REQ_FILE=requirements.txt
+    - python: "2.7"
+      env:
+        TEST_PEP8=0
+        REQ_FILE=requirements-el7.txt
+    - python: "2.7"
+      env:
+        TEST_PEP8=0
+        REQ_FILE=requirements-stretch.txt
+    - python: "2.7"
+      env:
+        TEST_PEP8=0
+        REQ_FILE=requirements.txt
+    - python: "3.6"
+      env:
+        TEST_PEP8=0
+        REQ_FILE=requirements.txt
+
 after_success:
   - coveralls
 after_failure:

ChangeLog.rst

@@ -1,6 +1,39 @@
 Dev
 ***
 
+Version 1.1.1
+*************
+
+* [fix ] fix double escaping issues introduced in 1.0.0
+* [fix ] fix missing url escaping in links with querystring parameters (delete and modify page mostly)
+* [fix ] fix log level not being honored in the backends
+* [impr] clarify the role of 'key: True' of attributes.yml in the documentation
+* [impr] add a few more comments in the .ini file to explain better the \*_filter_tmpl and group_attr parameters
+* [impr] add debug log to help debug ldap search filters
+
+Version 1.1.0
+*************
+
+* [feat] add stdout as a valid log method (useful when running with docker)
+
+Version 1.0.1
+*************
+
+* [fix ] fix error handling when adding user that already exists
+
+Version 1.0.0
+*************
+
+* [sec ] fix XSS injection in the url redirect in the login page (thanks to jthiltges)
+* [fix ] fix configuration consistency check for attribute file (error if a given backend is not declared in main .ini file but in attributes)
+* [fix ] remove a few deprecation warnings
+* [fix ] fix potential issue with group names containing non-ascii characters
+* [feat] support for python 3
+* [feat] support for python-ldap 3.X.X
+* [impr] better log error message if inconsistency between role, attribute and main .ini file for backends
+* [impr] more systematic use of html and url escaping in the html rendering to prevent against content injection (thanks to jthiltges)
+* [impr] more testing for various versions of python and python-ldap
+
 Version 0.5.2
 *************
 

README.rst

@@ -30,6 +30,21 @@ Nice and simple application to manage users and groups in multiple directory ser
 
 ----
 
+********
+  Demo
+********
+
+A demo is accessible here: https://ldapcherry.kakwalab.ovh
+
+The credentials are:
+
+* as administrator: admin/admin
+* as user: user/user
+
+Please take note that it's not possible to modify/delete the 'admin' and 'user' users.
+
+Also take note that the service will be reseted once per day.
+
 ****************
   Presentation
 ****************
@@ -75,7 +90,7 @@ The default backend plugins permit to manage Ldap and Active Directory.
     $ export DATAROOTDIR=/usr/share/
 
     # install ldapcherry
-    $ python setup.py
+    $ python setup.py install
 
     # edit configuration files
     $ vi /etc/ldapcherry/ldapcherry.ini

conf/ldapcherry.ini

@@ -28,6 +28,14 @@ request.show_tracebacks = False
 ## error and ldapcherry log file
 #log.error_file = '/tmp/ldapcherry_error.log'
 
+#####################################
+#  configuration to log to stdout   #
+#####################################
+## logger stdout for access log
+#log.access_handler = 'stdout'
+## logger stdout for error and ldapcherry log
+#log.error_handler = 'stdout'
+
 #####################################
 #  configuration to log in syslog   #
 #####################################
@@ -98,16 +106,24 @@ ldap.timeout = 1
 ldap.groupdn = 'ou=group,dc=example,dc=org'
 # users dn
 ldap.userdn = 'ou=people,dc=example,dc=org'
-# ldapsearch filter to get a user
+
+# ldapsearch filter to get one specific user
+# %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
 ldap.user_filter_tmpl = '(uid=%(username)s)'
 # ldapsearch filter to get groups of a user
+# %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
 ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
 # filter to search users
+# %(searchstring)s is the content passed through the search box
 ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
 
 # ldap group attributes and how to fill them
+# 'member' is the name of the attribute
+# for the template, any of the user's ldap attributes can be user
 ldap.group_attr.member = "%(dn)s"
+# same with memverUid and the uid user's attribute
 #ldap.group_attr.memberUid = "%(uid)s"
+
 # object classes of a user entry
 ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
 # dn entry attribute for an ldap user