From 05642c01a38a193a945ee31f5bed02013dbb953d Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Fri, 28 Feb 2020 00:55:40 +0000
Subject: [PATCH] Document LDAP server setup

---
 apiserver/docs/source/index.rst |  1 +
 apiserver/docs/source/ldap.rst  | 68 +++++++++++++++++++++++++++++++++
 ldapserver/README.md            | 19 +++++++++
 3 files changed, 88 insertions(+)
 create mode 100644 apiserver/docs/source/ldap.rst
 create mode 100644 ldapserver/README.md

diff --git a/apiserver/docs/source/index.rst b/apiserver/docs/source/index.rst
index 5907af0..153316a 100644
--- a/apiserver/docs/source/index.rst
+++ b/apiserver/docs/source/index.rst
@@ -14,3 +14,4 @@ Spaceport Documentation
    dev
    apioverview
    api
+   ldap
diff --git a/apiserver/docs/source/ldap.rst b/apiserver/docs/source/ldap.rst
new file mode 100644
index 0000000..5980f49
--- /dev/null
+++ b/apiserver/docs/source/ldap.rst
@@ -0,0 +1,68 @@
+LDAP Server Setup
+=================
+
+.. contents:: :depth: 3
+
+This guide assumes you are on a Debian-based distro.
+
+Install dependencies:
+
+.. sourcecode:: bash
+
+    $ sudo apt update
+    $ sudo apt install python3 python3-pip python-virtualenv python3-virtualenv supervisor
+
+Clone the repo:
+
+.. sourcecode:: bash
+
+    $ git clone https://github.com/Protospace/spaceport.git
+    $ cd spaceport
+
+Main Script
+-----------
+
+Create a venv, activate it, and install:
+
+.. sourcecode:: bash
+
+    $ cd ldapserver
+    $ virtualenv -p python3 env
+    $ source env/bin/activate
+    (env) $ pip install -r requirements.txt
+
+Edit ``ldapserver/secrets.py.example`` and save it as ``ldapserver/secrets.py``.
+
+Securely move the auth token to ``apiserver/secrets.py`` on the server running Spaceport.
+
+Now you can run the script to test:
+
+.. sourcecode:: bash
+
+    (env) $ python main.py
+
+Flask will now be running on port 5000, connect to localhost:5000 to test it.
+
+Process Management
+------------------
+
+The script is kept alive with `supervisor <https://pypi.org/project/supervisor/>`_.
+
+Configure ``/etc/supervisor/conf.d/ldapserver.conf``:
+
+.. sourcecode:: text
+
+    [program:ldapserver]
+    user=ldapserver
+    directory=/opt/spaceport/ldapserver
+    command=/opt/spaceport/ldapserver/env/bin/gunicorn -w 2 --bind 0.0.0.0:5000 server:app
+    stopasgroup=true
+    stopsignal=INT
+    autostart=true
+    autorestart=true
+    stderr_logfile=/var/log/ldapserver.log
+    stderr_logfile_maxbytes=10MB
+    stdout_logfile=/var/log/ldapserver.log
+    stdout_logfile_maxbytes=10MB
+
+Script logs to ``/var/log/ldapserver.log``.
diff --git a/ldapserver/README.md b/ldapserver/README.md
new file mode 100644
index 0000000..6079acc
--- /dev/null
+++ b/ldapserver/README.md
@@ -0,0 +1,19 @@
+# LDAP Server
+
+Runs inside Protospace's network and talks to Active Directory.
+
+Exposes a REST API to Spaceport that allows managing AD users and passwords.
+
+## Setup
+
+https://docs.my.protospace.ca/ldap.html
+
+## License
+
+This program is free and open-source software licensed under the MIT License. Please see the `LICENSE` file for details.
+
+That means you have the right to study, change, and distribute the software and source code to anyone and for any purpose. You deserve these rights.
+
+## Acknowledgements
+
+Thanks to Pat S for all his help integrating with Active Directory.