Skip to content
This repository has been archived by the owner on Mar 25, 2021. It is now read-only.

SURFnet/grouphub

Repository files navigation

SURFnet GroupHub

Build status

GroupHub is een groepsmanagementapplicatie voor het aanmaken en beheren van groepen binnen onderwijsinstellingen.

Deze repository bevat GroupHub, de businesslaag die zijn data haalt uit de GroupHub API.

Zie de documentatie op https://wiki.surfnet.nl/display/Grouphub/Systeemspecificaties.

Getting started

Prerequisites

Installing

Install dependencies using:

composer install

Add the following line to your hosts file (/etc/hosts):

145.100.180.203 ldap.surfuni.org idp.surfuni.org

Start the Vagrant machine (don't forget to also start the Vagrant machine of the GroupHub API!)

vagrant up

Go to http://dev.grouphub.org/app_dev.php to view the application in your browser.

Running synchronization scripts

Note: you might have to add app_dev.php/ to the grouphub_api_url parameter for dev

<projectdir>$ vagrant ssh
<vagrantbox>$ cd /vagrant
<vagrantbox>$ php bin/console grouphub:sync -vvv

Accessing VOOT url's

These URL's are secured with the username voot and the password specified in the parameters.yml config file.

Deployment

Requirements

  • sshd (with a configured 'deployment' user)
  • apache2 (vhost see below)
    • mod_expires
    • mod_headers
  • nodejs
    • uglify-js
    • uglifycss
  • git
  • acl
  • php
    • php5-intl
    • php5-curl
    • php5-apcu
    • php5-ldap

Consider setting opcache.validate_timestamps to 0 in php.ini for a lot of free performance!

Also make sure there is a directory /project/dir/ available which is writable by the deployment user.

If you want to deploy the app you will need capistrano-symfony:

gem install airbrussh
gem install capistrano
gem install capistrano-composer
gem install capistrano-harrow
gem install capistrano-symfony
gem install i18n
gem install net-scp
gem install net-ssh
gem install sshkit

Vhost

Minimum requirements:

<VirtualHost *:80>
    ServerName grouphub.org
    
    DocumentRoot /project/dir/current/web
    
    Alias /simplesaml /project/dir/current/vendor/simplesamlphp/simplesamlphp/www
    
    <Directory /project/dir/current/web>
        Options FollowSymLinks
        AllowOverride All
        Order Allow,Deny
        Allow from All
    </Directory>
</VirtualHost>

Usage of HTTPS is highly recommended.

Process

To do an actual deployment, make sure a stage is available in app/config/deployment/stages/. Then run

cap [stage-name] deploy

This script will ask the branch/tag of the software to deploy. The default will probably be sufficient in most cases.

The first time the script will most likely fail because the configuration is invalid, fix this manually as described below, then run the script again.

Configuration

Configuration can be found in app/config/parameters.yml:

parameters:
    # A secret/random key that's used to generate certain security-related tokens
    secret: ThisTokenIsNotSoSecretChangeIt

    # Details of where and how to connect to the api
    grouphub_api_url: http://api.grouphub.surfuni.org
    grouphub_api_username: 'grouphub'
    grouphub_api_password: ~

    # LDAP read connection details
    ldap_read_host: ~
    ldap_read_port: 389
    ldap_read_dn:   ~
    ldap_read_pass: ~
        
    # LDAP write connection details (can be the same as the read LDAP)
    ldap_write_host: ~
    ldap_write_port: 389
    ldap_write_dn:   ~
    ldap_write_pass: ~
    
    # LDAP fallback clients connection details (will be used when no results are found)
    ldap_fallback:
        alias1: # This alias will be matched based on the combined DC's of the empty DN e.g.: 'domain1.surfuni.org'
            host: ~
            port: 389
            dn:   ~
            pass: ~
        alias2: # This alias will be matched based on the combined DC's of the empty DN e.g.: 'domain2.surfuni.org'
            host: ~
            port: 389
            dn:   ~
            pass: ~

    # DN of where the users are located in LDAP, can be multiple DN's seperated by a comma
    users_dn: ['ou=Users,ou=SURFUni,dc=surfuni,dc=org']
    user_query: 'cn=*'
    # DN of where groups are located in LDAP, can be multiple DN's seperated by a comma
    groups_dn: ['ou=Formalgroups,dc=surfuni,dc=org']
    group_query: 'cn=*'
    # Root group of where Grouphub groups will be stored
    grouphub_dn: 'ou=Grouphub,dc=surfuni,dc=org'
    # Subgroups located beneath the 'grouphub' DN where formal and adhoc groups will be stored
    formal_dn: 'ou=SemiFormal,ou=Grouphub,dc=surfuni,dc=org'
    adhoc_dn: 'ou=AdHoc,ou=Grouphub,dc=surfuni,dc=org'
    
    # Mapping of GroupHub properties to LDAP properties
    ldap.mapping:
        user:
            firstName: givenname
            lastName:  sn
            loginName: uid
            email:     mail
        group:
            name_prefix: ~              # prefix to add to the name of the group
            description: description    # description property mapping
            accountName: ~              # if set, the mapped property will also be filled with the 'cn' of the group
            owner: ~                    # if set, the mapped property will be filled with the 'owner' reference of the group
            name: ~                     # if set, the mapped property will be filled with the name of the group
            extra_attributes:           # extra -static- attributes, which will be added if not empty
                objectClass: groupOfNames

    # Whether or not to sync admins to dedicated groups and, if so, to which DN
    # Note this DN should not be located beneath one of the groups mentioned earlier
    admin_groups_sync: false
    admin_groups_dn: ~

    # The password to secure the VOOT actions
    password_voot: ~

    # Details for connecting to SAML provider
    simplesamlphp.path: simplesaml/
    simplesamlphp.admin_password: ~
    simplesamlphp.technical_contact_name: ~
    simplesamlphp.technical_contact_email: ~
    simplesamlphp.idp: http://idp.surfuni.org/simplesaml/saml2/idp/metadata.php

    # Application title and URL
    application_title: 'SURFuni'
    url: http://grouphub.surfuni.org

    # Naming of various columns
    my_groups_column_title_en: My groups
    my_groups_column_title_nl: Mijn groepen
    org_groups_column_title_en: Organisation groups
    org_groups_column_title_nl: Organisatie groepen
    all_groups_column_title_en: All groups
    all_groups_column_title_nl: Alle groepen

    # Documentation URL
    documentation_url: https://wiki.surfnet.nl/display/Grouphub/Grouphub+Home

Crontab setup

Add the following to the crontab:

# Sync everything once a day at 02:34
 34 2 * * * /project/dir/current/bin/console grouphub:sync -e=prod
# Sync modified groups back to LDAP every 5 minutes
*/5 * * * * /project/dir/current/current/bin/console grouphub:sync -e=prod --type=queue

also see: Docs