version 1.0.0

.gitignore

@@ -0,0 +1,4 @@
+/ctldap.config
+/ctldap.sh
+/node_modules
+/php_api/.idea

README.md

@@ -0,0 +1,33 @@
+#LDAP Wrapper for ChurchTools v1.0.0
+
+This software acts as an LDAP server for ChurchTools version 3.x
+
+**This software was tested in a common enviroment, yet no warranties of any kind!** 
+
+#Installation
+Node.js is required to run this software.
+http://nodejs.org/
+
+##Node.js install
+
+###To install the server on a linux machine with root access, run the install.sh script as root user. It will
+- run "npm install" to install required Node.js dependencies for the server
+- create a new user "ctldap" to run the server with limited privileges
+- create log/error log files for stdout/stderr output and set the required ownership attributes
+- create the configuration file with secure random keys and offer to adapt it, asking for reset if it already exists
+- (optionally) adapt and create the ctldap.sh file in /etc/init.d and call "update-rc.d ctldap.sh defaults"
+
+####ctldap.sh remarks:
+The file "ctldap.sh" contains a shell script for (re)starting ctldap.sh with Node.js as a background service.
+It will attempt to create/remove an iptables NAT rule on start/stop in order to redirect traffic from a standard LDAP port (< 1024) to ldap_port without root.
+The script can be used to start/stop the service manually, but will not work correctly without root privileges.
+Usage: ctldap.sh {start|stop|status|restart}
+
+###If you don't have root privileges:
+- run `npm install` manually or otherwise trigger the installation of required dependencies
+- copy "ctldap.example.config" to "ctldap.config" and adjust the required settings accordingly
+- register "ctldap.js" to be run by Node.js, or start the server directly by executing `node ctldap.js`
+
+##PHP API install
+- copy the contents of "php_api" to the root folder of your ChurchTools installation (the composer.* files can be safely ignored)
+- copy the line "api_key=<random_20_char_string>" from your "ctldap.config" to your ChuchTools configuration at /sites/[default|subdomain]/churchtools.config

ctldap.example.config

@@ -0,0 +1,33 @@
+; Add debug infos to log
+debug=false
+; This is required for clients using lowercase DNs, e.g. ownCloud/nextCloud
+dn_lower_case=true
+
+; LDAP admin user, can be a "virtual" root user or a ChurchTools user name (virtual root is recommended!)
+ldap_user=root
+; The static password to be used for the ldap_user if it is NOT a CT account, or the account password of the chosen user otherwise
+; If you did not use install.sh, choose a LONG SECURE RANDOM password from a password generator like KeePass!
+ldap_password=XXXXXXXXXXXXXXXXXXXX
+; LDAP server port
+ldap_port=1389
+; The ctldap.sh service script will try to read this and setup an iptables NAT rule from iptables_port to ldap_port if it is set
+iptables_port=389
+; LDAP base DN o=xxx, e.g. churchtools
+ldap_base_dn=churchtools
+
+; The URI pointing to the root of your ChurchTools installation
+ct_uri=https://mghh.churchtools.de/
+; This API key is used to authenticate against the PHP API
+; IMPORTANT: AFTER using install.sh or choosing a LONG SECURE RANDOM API key from a password generator like KeePass,
+; copy this line into your CT configuration at /sites/[default|subdomain]/churchtools.config
+api_key=XXXXXXXXXXXXXXXXXXXX
+; This controls (in milliseconds) how old the user/group data can be until it is fetched from ChurchTools again
+cache_lifetime=10000
+
+; To use SSL/TLS, provide file names for x509 certificate and key here
+; Use this command to create a private key and a certificate:
+; openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
+; Use this command to remove the encryption password:
+; openssl rsa -in key.pem -out newkey.pem && mv newkey.pem key.pem
+; ldap_cert_filename=cert.pem
+; ldap_key_filename=key.pem