1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
|
#!/bin/bash
# first read settings
source $SNAP/bin/wekan-read-settings &>/dev/null
if [ "$CADDY_ENABLED" = "true" ]; then
# tweak port nunmber as it has been remapped
export PORT=${CADDY_PORT} &>/dev/null
fi
echo -e "Wekan: The open-source kanban.\n"
echo -e "\n"
echo -e "Debug OIDC OAuth2 etc."
echo -e "To enable the Debug of Wekan:"
echo -e "\t$ snap set $SNAP_NAME debug='true'"
echo -e "\t-Disable the Debug of Wekan:"
echo -e "\t$ snap set $SNAP_NAME debug='false'"
echo -e "\n"
echo -e "Make sure you have connected all interfaces, check more by calling $ snap interfaces ${SNAP_NAME}"
echo -e "\n"
echo -e "${SNAP_NAME} has multiple services, to check status use systemctl"
echo -e "\t$ systemctl status snap.$SNAP_NAME.*"
echo -e "\n"
echo -e "To make backup of wekan's database use: $ ${SNAP_NAME}.database-backup [backup file]"
echo -e "\t backup file is optional parameter, if not passed backup is created in directory:"
echo -e "\t\t${SNAP_COMMON}/db-backups"
echo -e "To list existing backups in default directory: $ ${SNAP_NAME}.database-list-backups"
echo -e "To restore wekan's database use: ${SNAP_NAME}.database-restore <path to backup>"
echo -e "\n"
echo -e "wekan can be configured to share mongodb with other services using content interface"
echo -e "\t-sharing mongodb from $SNAP_NAME to other snap(s):"
echo -e "\t\t-connect mongodb-slot with plug from corresponding snap(s)"
echo -e "\t\t-configure corresponding service to use mongodb unix socket in shared directory, socket file name is: mongodb-$MONGODB_PORT.sock"
echo -e "\t-sharing mongodb from other snap to $SNAP_NAME:"
echo -e "\t\t-connect mongodb-plug with slot from snap providing mongodb"
echo -e "\t\t-disable mongodb in $SNAP_NAME by calling: $ snap set $SNAP_NAME set disable-mongodb='true'"
echo -e "\t\t-set mongodb-bind-unix-socket to point to serving mongodb. Use relative path inside shared directory, e.g run/mongodb-27017.sock"
echo -e "\n"
echo -e "To enable the API of wekan:"
echo -e "\t$ snap set $SNAP_NAME with-api='true'"
echo -e "\t-Disable the API:"
echo -e "\t$ snap set $SNAP_NAME with-api='false'"
echo -e "\n"
echo -e "Accounts lockout known users failures before, greater than 0. Default: 3"
echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failures-before='3'"
echo -e "\n"
echo -e "Accounts lockout know users period, in seconds. Default: 60"
echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-period='60'"
echo -e "\n"
echo -e "Accounts lockout unknown failure window, in seconds. Default: 15"
echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failure-window='15'"
echo -e "\n"
echo -e "Accounts lockout unknown users failures before, greater than 0. Default: 3"
echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failures-before='3'"
echo -e "\n"
echo -e "Accounts lockout unknown users lockout period, in seconds. Default: 60"
echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-lockout-period='60'"
echo -e "\n"
echo -e "Accounts lockout unknown users failure window, in seconds. Default: 15"
echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failure-window='15'"
echo -e "\n"
echo -e "To enable the Email Notification Timeout of wekan in ms, default 30000 (=30s):"
echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='10000'"
echo -e "\t-Disable the Email Notification Timeout of Wekan:"
echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='30000'"
echo -e "\n"
echo -e "To enable the CORS of wekan, to set Access-Control-Allow-Origin header:"
echo -e "\t$ snap set $SNAP_NAME cors='*'"
echo -e "\t-Disable the CORS:"
echo -e "\t$ snap set $SNAP_NAME cors=''"
echo -e "\n"
echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside."
echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections"
echo -e "\t\t and allows all iframing etc. See wekan/server/policy.js"
echo -e "To enable the Browser Policy of Wekan:"
echo -e "\t$ snap set $SNAP_NAME browser-policy-enabled='true'"
echo -e "\t-Disable the Browser Policy of Wekan:"
echo -e "\t$ snap set $SNAP_NAME browser-policy-enabled='false'"
echo -e "\n"
echo -e "When browser policy is enabled, HTML code at this URL can have iframe that embeds Wekan inside."
echo -e "To enable the Trusted URL of Wekan:"
echo -e "\t$ snap set $SNAP_NAME trusted-url='https://example.com'"
echo -e "\t-Disable the Trusted URL of Wekan:"
echo -e "\t$ snap set $SNAP_NAME trusted-url=''"
echo -e "\n"
echo -e "What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId ."
echo -e "To enable the Webhooks Attributes of Wekan:"
echo -e "\t$ snap set $SNAP_NAME webhooks-attributes='cardId,listId,oldListId,boardId,comment,user,card,commentId'"
echo -e "\t-Disable the Webhooks Attributes of Wekan to send all default ones:"
echo -e "\t$ snap set $SNAP_NAME webhooks-attributes=''"
echo -e "\n"
echo -e "OAuth2 Client ID."
echo -e "To enable the OAuth2 Client ID of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'"
echo -e "\t-Disable the OAuth2 Client ID of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''"
echo -e "\n"
echo -e "OAuth2 Secret."
echo -e "To enable the OAuth2 Secret of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'"
echo -e "\t-Disable the OAuth2 Secret of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-secret=''"
echo -e "\n"
echo -e "OAuth2 Server URL."
echo -e "To enable the OAuth2 Server URL of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-server-url='https://chat.example.com'"
echo -e "\t-Disable the OAuth2 Server URL of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-server-url=''"
echo -e "\n"
echo -e "OAuth2 Authorization Endpoint."
echo -e "To enable the OAuth2 Authorization Endpoint of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint='/oauth/authorize'"
echo -e "\t-Disable the OAuth2 Authorization Endpoint of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint=''"
echo -e "\n"
echo -e "OAuth2 Userinfo Endpoint."
echo -e "To enable the OAuth2 Userinfo Endpoint of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint='/oauth/authorize'"
echo -e "\t-Disable the OAuth2 Userinfo Endpoint of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint=''"
echo -e "\n"
echo -e "OAuth2 Token Endpoint."
echo -e "To enable the OAuth2 Token Endpoint of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint='/oauth/token'"
echo -e "\t-Disable the OAuth2 Token Endpoint of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint=''"
echo -e "\n"
echo -e "OAuth2 ID Mapping."
echo -e "To enable the OAuth2 ID Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-id-map='username.uid'"
echo -e "\t-Disable the OAuth2 ID Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-id-map=''"
echo -e "\n"
echo -e "OAuth2 Username Mapping."
echo -e "To enable the OAuth2 Username Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-username-map='username'"
echo -e "\t-Disable the OAuth2 Username Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-username-map=''"
echo -e "\n"
echo -e "OAuth2 Fullname Mapping."
echo -e "To enable the OAuth2 Fullname Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map='fullname'"
echo -e "\t-Disable the OAuth2 Fullname Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map=''"
echo -e "\n"
echo -e "OAuth2 Email Mapping."
echo -e "To enable the OAuth2 Email Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'"
echo -e "\t-Disable the OAuth2 Email Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''"
echo -e "\n"
echo -e "Ldap Enable."
echo -e "To enable the ldap of Wekan:"
echo -e "\t$ snap set $SNAP_NAME ldap-enable='true'"
echo -e "\t-Disable the ldap of Wekan:"
echo -e "\t$ snap set $SNAP_NAME ldap-enable='false'"
echo -e "\n"
echo -e "Ldap Port."
echo -e "The port of the ldap server:"
echo -e "\t$ snap set $SNAP_NAME ldap-port='12345'"
echo -e "\n"
echo -e "Ldap Host."
echo -e "The host server for the LDAP server:"
echo -e "\t$ snap set $SNAP_NAME ldap-host='localhost'"
echo -e "\n"
echo -e "Ldap Base Dn."
echo -e "The base DN for the LDAP Tree:"
echo -e "\t$ snap set $SNAP_NAME ldap-basedn='ou=user,dc=example,dc=org'"
echo -e "\n"
echo -e "Ldap Login Fallback."
echo -e "Fallback on the default authentication method:"
echo -e "\t$ snap set $SNAP_NAME ldap-login-fallback='true'"
echo -e "\n"
echo -e "Ldap Reconnect."
echo -e "Reconnect to the server if the connection is lost:"
echo -e "\t$ snap set $SNAP_NAME ldap-reconnect='false'"
echo -e "\n"
echo -e "Ldap Timeout."
echo -e "Overall timeout, in milliseconds:"
echo -e "\t$ snap set $SNAP_NAME ldap-timeout='12345'"
echo -e "\n"
echo -e "Ldap Idle Timeout."
echo -e "Specifies the timeout for idle LDAP connections in milliseconds:"
echo -e "\t$ snap set $SNAP_NAME ldap-idle-timeout='12345'"
echo -e "\n"
echo -e "Ldap Connect Timeout."
echo -e "Connection timeout, in milliseconds:"
echo -e "\t$ snap set $SNAP_NAME ldap-connect-timeout='12345'"
echo -e "\n"
echo -e "Ldap Authentication."
echo -e "If the LDAP needs a user account to search:"
echo -e "\t$ snap set $SNAP_NAME ldap-authentication='true'"
echo -e "\n"
echo -e "Ldap Authentication User Dn."
echo -e "The search user Dn:"
echo -e "\t$ snap set $SNAP_NAME ldap-authentication-userdn='cn=admin,dc=example,dc=org'"
echo -e "\n"
echo -e "Ldap Authentication Password."
echo -e "The password for the search user:"
echo -e "\t$ snap set $SNAP_NAME ldap-authentication-password='admin'"
echo -e "\n"
echo -e "Ldap Log Enabled."
echo -e "Enable logs for the module:"
echo -e "\t$ snap set $SNAP_NAME ldap-log-enabled='true'"
echo -e "\n"
echo -e "Ldap Background Sync."
echo -e "If the sync of the users should be done in the background:"
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync='true'"
echo -e "\n"
echo -e "Ldap Background Sync Interval."
echo -e "At which interval does the background task sync in milliseconds:"
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-interval='12345'"
echo -e "\n"
echo -e "Ldap Background Sync Keep Existant Users Updated."
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-keep-existant-users-updated='true'"
echo -e "\n"
echo -e "Ldap Background Sync Import New Users."
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-import-new-users='true'"
echo -e "\n"
echo -e "Ldap Encryption."
echo -e "Allow LDAPS:"
echo -e "\t$ snap set $SNAP_NAME ldap-encryption='ssl'"
echo -e "\n"
echo -e "Ldap Ca Cert."
echo -e "The certification for the LDAPS server:"
echo -e "\t$ snap set $SNAP_NAME ldap-ca-cert=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----"
echo -e "\n"
echo -e "Ldap Reject Unauthorized."
echo -e "Reject Unauthorized Certificate:"
echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'"
echo -e "\n"
echo -e "Ldap User Search Filter."
echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"
echo -e "\n"
echo -e "Ldap User Search Scope."
echo -e "base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree). Example: one"
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-scope=one"
echo -e "\n"
echo -e "Ldap User Search Field."
echo -e "Which field is used to find the user:"
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-field='uid'"
echo -e "\n"
echo -e "Ldap Search Page Size."
echo -e "Used for pagination (0=unlimited):"
echo -e "\t$ snap set $SNAP_NAME ldap-search-page-size='12345'"
echo -e "\n"
echo -e "Ldap Search Size Limit."
echo -e "The limit number of entries (0=unlimited):"
echo -e "\t$ snap set $SNAP_NAME ldap-search-size-limit='12345'"
echo -e "\n"
echo -e "Ldap Group Filter Enable."
echo -e "Enable group filtering:"
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-enable='true'"
echo -e "\n"
echo -e "Ldap Group Filter ObjectClass."
echo -e "The object class for filtering:"
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-objectclass='group'"
echo -e "\n"
echo -e "Ldap Group Filter Id Attribute."
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-id-attribute=''"
echo -e "\n"
echo -e "Ldap Group Filter Member Attribute."
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-member-attribute=''"
echo -e "\n"
echo -e "Ldap Group Filter Member Format."
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-member-format=''"
echo -e "\n"
echo -e "Ldap Group Filter Group Name."
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-name=''"
echo -e "\n"
echo -e "Ldap Unique Identifier Field."
echo -e "This field is sometimes class GUID (Globally Unique Identifier):"
echo -e "\t$ snap set $SNAP_NAME ldap-unique-identifier-field=guid"
echo -e "\n"
echo -e "Ldap Utf8 Names Slugify."
echo -e "Convert the username to utf8:"
echo -e "\t$ snap set $SNAP_NAME ldap-utf8-names-slugify='false'"
echo -e "\n"
echo -e "Ldap Username Field."
echo -e "Which field contains the ldap username:"
echo -e "\t$ snap set $SNAP_NAME ldap-username-field='username'"
echo -e "\n"
echo -e "Ldap Fullname Field."
echo -e "Which field contains the ldap fullname:"
echo -e "\t$ snap set $SNAP_NAME ldap-fullname-field='fullname'"
echo -e "\n"
echo -e "Ldap Merge Existing Users."
echo -e "\t$ snap set $SNAP_NAME ldap-merge-existing-users='true'"
echo -e "\n"
echo -e "Ldap Email Match Enable."
echo -e "\t$ snap set $SNAP_NAME ldap-email-match-enable='true'"
echo -e "\n"
echo -e "Ldap Email Match Require."
echo -e "\t$ snap set $SNAP_NAME ldap-email-match-require='true'"
echo -e "\n"
echo -e "Ldap Email Match Verified."
echo -e "\t$ snap set $SNAP_NAME ldap-email-match-verfied='false'"
echo -e "\n"
echo -e "Ldap Fullname Field."
echo -e "Which field contains the ldap email address:"
echo -e "\t$ snap set $SNAP_NAME ldap-fullname-field='fullname'"
echo -e "\n"
echo -e "Ldap Sync User Data."
echo -e "Enable synchronization of user data:"
echo -e "\t$ snap set $SNAP_NAME ldap-sync-user-data='true'"
echo -e "\n"
echo -e "Ldap Sync User Data Fieldmap."
echo -e "A field map for the matching:"
echo -e "\t$ snap set $SNAP_NAME ldap-sync-user-data-fieldmap={\"cn\":\"name\", \"mail\":\"email\"}"
echo -e "\n"
echo -e "Ldap Sync Group Roles."
echo -e "\t$ snap set $SNAP_NAME ldap-sync-group-roles=''"
echo -e "\n"
echo -e "Ldap Default Domain."
echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
echo -e "\t$ snap set $SNAP_NAME ldap-default-domain=''"
echo -e "\n"
echo -e "Enable/Disable syncing of admin status based on LDAP groups."
echo -e "\t$ snap set $SNAP_NAME ldap-sync-admin-status='true'"
echo -e "\n"
echo -e "Comma separated list of admin group names to sync."
echo -e "\t$ snap set $SNAP_NAME ldap-sync-admin-groups='group1,group2'"
echo -e "\n"
echo -e "Logout with timer."
echo -e "Enable or not the option that allows to disconnect an user after a given time:"
echo -e "\t$ snap set $SNAP_NAME logout-with-timer='true'"
echo -e "\n"
echo -e "Login to LDAP automatically with HTTP header."
echo -e "In below example for siteminder, at right side of = is header name."
echo -e "\t$ snap set $SNAP_NAME header-login-id='BNPPUID'"
echo -e "\t$ snap set $SNAP_NAME header-login-firstname='BNPPFIRSTNAME'"
echo -e "\t$ snap set $SNAP_NAME header-login-lastname='BNPPLASTNAME'"
echo -e "\t$ snap set $SNAP_NAME header-login-email='BNPPEMAILADDRESS'"
echo -e "\n"
echo -e "Logout in."
echo -e "Logout in how many days:"
echo -e "\t$ snap set $SNAP_NAME logout-in='1'"
echo -e "\n"
echo -e "Logout on hours."
echo -e "Logout in how many hours:"
echo -e "\t$ snap set $SNAP_NAME logout-on-hours='9'"
echo -e "\n"
echo -e "Logout on minutes."
echo -e "Logout in how many minutes:"
echo -e "\t$ snap set $SNAP_NAME logout-on-minutes='5'"
echo -e "\n"
echo -e "Default authentication method."
echo -e "The default authentication method used if a user does not exist to create and authenticate. Method can be password or ldap."
echo -e "\t$ snap set $SNAP_NAME default-authentication-method='ldap'"
echo -e "\n"
# parse config file for supported settings keys
echo -e "wekan supports settings keys"
echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'"
echo -e "list of supported keys:"
for key in ${keys[@]}
do
default_value="DEFAULT_$key"
description="DESCRIPTION_$key"
snappy_key="KEY_$key"
echo -e "\t${!snappy_key}: ${!description}"
if [ "x" == "x${!key}" ]; then
echo -e "\t\tNo value set, using default value: '${!default_value}'"
else
echo -e "\t\tCurrent value set to: '${!key}', (default value: '${!default_value}')"
fi
done
echo -e "\n!!!! Some changes result in restart of some or all services, use with caution !!!!!"
|