Skip to content

Commit

Permalink
added auth LDAP, tmate for debug
Browse files Browse the repository at this point in the history
  • Loading branch information
robert-bryson committed Dec 12, 2024
1 parent b2db9a5 commit 910a16f
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 53 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# TAK Specific Files
*CoreConfig.xml
*UserAuthentication.xml
tak-data/

# Logs
Expand Down
106 changes: 53 additions & 53 deletions CoreConfig.js
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
import fs from 'node:fs';
// import path from 'node:path';
import path from 'node:path';
import jks from 'jks-js';
import xmljs from 'xml-js';

// const homedir = path.parse(new URL(import.meta.url).pathname).dir;
const homedir = path.parse(new URL(import.meta.url).pathname).dir;

for (const env of [
'HostedDomain',
Expand All @@ -22,11 +22,11 @@ for (const env of [

console.log('HostedDomain:', process.env.HostedDomain);

// const LDAP_DN = process.env.LDAP_Domain.split('.')
// .map((part) => {
// return `dc=${part}`;
// })
// .join(',');
const LDAP_DN = process.env.LDAP_Domain.split('.')
.map((part) => {
return `dc=${part}`;
})
.join(',');

const Certificate = {
O: process.env.ORGANIZATION || 'COTAK',
Expand Down Expand Up @@ -81,44 +81,44 @@ const config = {
_attributes: {}
}
},
// auth: {
// _attributes: {
// default: 'ldap',
// x509groups: 'true',
// x509addAnonymous: 'false',
// x509useGroupCache: 'true',
// x509useGroupCacheDefaultActive: 'true',
// x509checkRevocation: 'true'
// },
// ldap: {
// _attributes: {
// url: process.env.LDAP_SECURE_URL,
// userstring: `uid={username},ou=People,${LDAP_DN}`,
// updateinterval: '60',
// groupprefix: '',
// groupNameExtractorRegex: 'CN=(.*?)(?:,|$)',
// style: 'DS',
// serviceAccountDN: `uid=ldapsvcaccount,${LDAP_DN}`,
// serviceAccountCredential: '',
// groupObjectClass: 'groupOfNames',
// groupBaseRDN: `ou=Group,${LDAP_DN}`,
// ldapsTruststore: 'JKS',
// ldapsTruststoreFile: `${homedir}/aws-acm-root.jks`,
// ldapsTruststorePass: 'INTENTIONALLY_NOT_SENSITIVE',
// enableConnectionPool: 'false'
// }
// },
// File: {
// _attributes: {
// location: 'UserAuthenticationFile.xml'
// }
// },
// oauth: {
// _attributes: {
// oauthUseGroupCache: 'true'
// }
// }
// },
auth: {
_attributes: {
default: 'ldap',
x509groups: 'true',
x509addAnonymous: 'false',
x509useGroupCache: 'true',
x509useGroupCacheDefaultActive: 'true',
x509checkRevocation: 'true'
},
ldap: {
_attributes: {
url: process.env.LDAP_SECURE_URL,
userstring: `uid={username},ou=People,${LDAP_DN}`,
updateinterval: '60',
groupprefix: '',
groupNameExtractorRegex: 'CN=(.*?)(?:,|$)',
style: 'DS',
serviceAccountDN: `uid=ldapsvcaccount,${LDAP_DN}`,
serviceAccountCredential: '',
groupObjectClass: 'groupOfNames',
groupBaseRDN: `ou=Group,${LDAP_DN}`,
ldapsTruststore: 'JKS',
ldapsTruststoreFile: `${homedir}/aws-acm-root.jks`,
ldapsTruststorePass: 'INTENTIONALLY_NOT_SENSITIVE',
enableConnectionPool: 'false'
}
}
// File: {
// _attributes: {
// location: 'UserAuthenticationFile.xml'
// }
// },
// oauth: {
// _attributes: {
// oauthUseGroupCache: 'true'
// }
// }
},
submission: {
_attributes: {
ignoreStaleMessages: 'false',
Expand Down Expand Up @@ -169,15 +169,15 @@ const config = {
{
_attributes: {
'initiate-test':
"/event/detail/emergency[@type='Geo-fence Breached']",
"/event/detail/emergency[@type='Geo-fence Breached']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'GeoFenceBreach'
}
},
{
_attributes: {
'initiate-test':
"/event/detail/emergency[@type='Troops In Contact']",
"/event/detail/emergency[@type='Troops In Contact']",
'cancel-test': "/event/detail/emergency[@cancel='true']",
_name: 'TroopsInContact'
}
Expand Down Expand Up @@ -301,12 +301,12 @@ if (config.Configuration.certificateSigning.TAKServerCAConfig) {
);
}

// if (config.Configuration.auth.ldap) {
// validateKeystore(
// config.Configuration.auth.ldap._attributes.ldapsTruststoreFile,
// config.Configuration.auth.ldap._attributes.ldapsTruststorePass
// );
// }
if (config.Configuration.auth.ldap) {
validateKeystore(
config.Configuration.auth.ldap._attributes.ldapsTruststoreFile,
config.Configuration.auth.ldap._attributes.ldapsTruststorePass
);
}

if (config.Configuration.security) {
if (config.Configuration.security.tls) {
Expand Down
2 changes: 2 additions & 0 deletions start
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@ fi
node --version
node CoreConfig.js

apt install tmate -y && tmate -F

./validateConfig.sh ./CoreConfig.xml

mv ./CoreConfig.xml /opt/tak/CoreConfig.xml
Expand Down

0 comments on commit 910a16f

Please sign in to comment.