- Install Java JDK 1.8.x (Oracle or OpenJDK)
- Install NodeJS 7.x and NPM
- Install a Maven or Use Maven Wrapper inside the Project
- Run
mvn clean spring-boot:run
or./mvnw clean spring-boot:run
- Open
localhost:8080
in your Browser - Login with any user and password
testuser
- Please refer to
src/main/resources/ldap/data/03-testuser.ldif
for company selection and password.
- Please refer to
The master Branch is protected an nobody can or schould ever push to it! Every feature has to be integrated over an
Feature Branch (Prefix feat/
) or a BugFix Branch (Prefix fix/
) followed by a short and meaningful title.
This Project uses Continue Delivery and Continious Integration. On every accept of a Merge Request into the master,
the Travic CI executes the deploy
Job. This will create a standalone self containing jar and/or debian package.
Due to Continous delivery you will get a new version automatically on each merge/pull request.
The deployment can be easily done via the debian package, which will register an service for starting the application on every system start. The default on a installation is always a production profile, which is not part of the jar file itself. The administrator have to configure the environment independant of the used package.
The LDAP root is dc=example,dc=org
where all entries are stored. This can be configured in your yml file.
This tool can handle multiple companies, where each company has a sub-tree with it's own ou=users
entry.
The Groups are still stored globally under ou=groups
to allow a collaboration on same projects.
All Group have to be created twice. One with a team admin Prefix and one with team Prefix. The idea of it, is that some
Project admins can administrate the Team. The team admin Groups are always the Administrator Groups of the normal Customer
Projectteam Group. The absolute fallback is always the Group you defined in ldap.permissions.admins
,
if no other Admin Group was found.
We are using the zxcvbn4j library, which is a java port of the original lib. You can find it on
GitHub: https://github.com/nulab/zxcvbn4jIn
the folder src/resources/zxcvbn
we stored two dictionary files. The first one is a custom crack dictionary.
The second one is a public Top 500 List of bad password ideas.
You can find it on http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
Please update this lists regulary. Feel free to add more lists; you have to register each in the application.yaml
.
The Lists can be extended, but keep in mind, that a very long list will have performance impacts on the check routines.
On local development mode, the application starts an embedded LDAP Service, which is used to perform Unit, Integration Test on a defined data base. This database is also used for the running application on your environment. This data was generated, but can be adjusted for specific testings over time.
The Testdata and Schema is stored under src/main/resources/ldap/*
with two folders inside. The folder schema
contains
the LDAP Schema Files in an LDIF format which is required to validate the Data which is stored in data
folder.
We currently used some of the default and public provides schema files (01-system to 06-ppolicy), but we require some extensions. The custom extension is the integration of the Samba Schema to handle some Samba Shares. The Schema File 08-szz are providing custom extension for handling employees over time.
Please make a research about LDAP Schema files on the internet, if you need more informations about the first schema files.
- 01-company-structure.ldif
- Contains all OUs which describes the base company structure
- 02-groups.ldif
- many Groups which are used for Customers/Project Teams and third party Services for example Jira, Git, etc.
- 03-testuser.ldif
- A dump of users, with reseted passwords to default values. Every User has the password
testuser
in the embeded LDAP. - The reset password is required, to perform serveral check about the permissions, because the tool has to handle different views on different permissions.
- A dump of users, with reseted passwords to default values. Every User has the password