diff --git a/config/kanidm/basic-setup.sh b/config/kanidm/basic-setup.sh index 94103df..222c513 100755 --- a/config/kanidm/basic-setup.sh +++ b/config/kanidm/basic-setup.sh @@ -22,7 +22,7 @@ podman run -itd --rm \ --network host \ --name kanidm-client \ -v "$PWD/client.toml:/root/.config/kanidm:ro" \ - docker.io/kanidm/tools \ + docker.io/kanidm/tools:1.2.3 \ bash -c 'sleep 3600' \ >/dev/null 2>&1 sleep 0.2 @@ -43,31 +43,34 @@ function create_user { krun kanidm person update "$username" --legalname "$username Lastname" --mail "${username}@example.com" --name idm_admin # TODO: this doesn't seem to work? can't seem to commit changes - ( - sleep 0.1 - echo "pass" - sleep 0.1 - echo "$FAKE_PASSWORD" - sleep 0.1 - echo "$FAKE_PASSWORD" - sleep 0.1 - echo "totp" - sleep 0.1 - echo "totpname" - sleep 0.25 - totp_uri="$(rg 'TOTP URI: (.+)' /tmp/create-user-log.txt -r '$1')" - totp_secret="$(echo "$totp_uri" | rg '.*?secret=([^&]+).*' -r '$1')" - totp_code="$(oathtool --totp=SHA256 -b "$totp_secret")" - echo "$totp_code" - sleep 0.1 - echo "commit" - sleep 0.1 - echo "y" - sleep 0.1 - echo "end" - ) | krun kanidm person credential update "$username" --name idm_admin | tee /tmp/create-user-log.txt + # ( + # sleep 0.1 + # echo "pass" + # sleep 0.1 + # echo "$FAKE_PASSWORD" + # sleep 0.1 + # echo "$FAKE_PASSWORD" + # sleep 0.1 + # echo "totp" + # sleep 0.1 + # echo "totpname" + # sleep 0.25 + # totp_uri="$(rg 'TOTP URI: (.+)' /tmp/create-user-log.txt -r '$1')" + # totp_secret="$(echo "$totp_uri" | rg '.*?secret=([^&]+).*' -r '$1')" + # totp_code="$(oathtool --totp=SHA256 -b "$totp_secret")" + # echo "$totp_code" + # sleep 0.1 + # echo "commit" + # sleep 0.1 + # echo "y" + # sleep 0.1 + # echo "end" + # ) | krun kanidm person credential update "$username" --name idm_admin | tee /tmp/create-user-log.txt } +# setup loose policies for testing +krun kanidm group account-policy credential-type-minimum idm_all_persons any --name idm_admin + # some groups app="yourcloud" adm_group="${app}--admins" @@ -86,5 +89,5 @@ for u in gilfoyle dinesh; do done # add users to groups -krun kanidm group add-members "$adm_group" gilfoyle --name idm_admin -krun kanidm group add-members "$adm_group" dinesh --name idm_admin +# krun kanidm group add-members "$adm_group" gilfoyle --name idm_admin +# krun kanidm group add-members "$adm_group" dinesh --name idm_admin diff --git a/config/kanidm/run-in-podman.sh b/config/kanidm/run-in-podman.sh index 6bdac1e..849c0dc 100755 --- a/config/kanidm/run-in-podman.sh +++ b/config/kanidm/run-in-podman.sh @@ -5,4 +5,4 @@ podman run -itd --rm \ -v "$PWD/chain.pem:/data/chain.pem:ro" \ -v "$PWD/key.pem:/data/key.pem:ro" \ --name kanidm \ - docker.io/kanidm/server:latest &>/dev/null || true + docker.io/kanidm/server:1.2.3 &>/dev/null || true diff --git a/config/kanidm/server.toml b/config/kanidm/server.toml index 1ccc1fe..c4ec9dc 100644 --- a/config/kanidm/server.toml +++ b/config/kanidm/server.toml @@ -3,4 +3,5 @@ db_path = "/data/kanidm.db" tls_chain = "/data/chain.pem" tls_key = "/data/key.pem" domain = "localhost" +log_level = "debug" origin = "https://localhost:8443"