2 if (!isset($_SERVER["REMOTE_USER"])) {
5 $ldap_user = $_SERVER["REMOTE_USER"];
6 $ldap_host = getenv("TASKD_LDAP_HOST");
7 $ldap_dn = getenv('TASKD_LDAP_DN');
8 $ldap_password = getenv('TASKD_LDAP_PASSWORD');
9 $ldap_base = getenv('TASKD_LDAP_BASE');
10 $ldap_filter = getenv('TASKD_LDAP_FILTER');
11 $host = getenv('TASKD_HOST');
12 $vardir = getenv('TASKD_VARDIR');
14 $connect = ldap_connect($ldap_host);
15 ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION
, 3);
16 if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) {
17 die("impossible to connect to LDAP");
20 $search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);
22 $search = ldap_search($connect, $ldap_base, $search_query);
23 $info = ldap_get_entries($connect, $search);
25 if (ldap_count_entries($connect, $search) != 1) {
26 die("Impossible to find user in LDAP");
30 foreach($info[0]["immaetaskid"] as $key => $value) {
31 if ($key !== "count") {
32 $entries[] = explode(":", $value);
36 if (isset($_GET["file"])) {
37 $basecert = $vardir . "/userkeys/" . $ldap_user;
38 if (!file_exists($basecert . ".cert.pem")) {
39 exec("taskserver-user-certs $ldap_user");
41 $certificate = file_get_contents($basecert . ".cert
.pem
");
42 $cert_key = file_get_contents($basecert . ".key
.pem
");
44 // IdenTrust DST Root CA X3
45 // obtained here: https://letsencrypt.org/fr/certificates/
46 $server_cert = "-----BEGIN CERTIFICATE
-----
47 MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
48 TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
49 cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
50 WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
51 ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
52 MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
53 h77ct984kIxuPOZXoHj3dcKi
/vVqbvYATyjb3miGbESTtrFj
/RQSa78f0uoxmyF+
54 0TM8ukj13Xnfs7j
/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+
3mX6U
55 A5
/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
56 T8KOEUt+zwvo
/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm
/ELNKjD+Jo2FR3qyH
57 B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
58 B5iPNgiV5+I3lg02dZ77DnKxHZu8A
/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
59 KBds0pjBqAlkd25HN7rOrFleaJ1
/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
60 OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
61 jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
62 qHyGO0aoSCqI3Haadr8faqU9GY
/rOPNk3sgrDQoo
//fb4hVC1CLQJ13hef4Y53CI
63 rU7m2Ys6xt0nUW7
/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB
/wQEAwIBBjAPBgNV
64 HRMBAf8EBTADAQH
/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
65 hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS
/V9lZL
66 ubhzEFnTIZd+
50xx+
7LSYK
05qAvqFyFWhfFQDlnrzuBZ
6brJFe+GnY+EgPbk6ZGQ
67 3BebYhtF8GaV0nxvwuo77x
/Py9auJ
/GpsMiu
/X1+mvoiBOv
/2X
/qkSsisRcOj
/KK
68 NFtY2PwByVS5uCbMiogziUwthDyC3+
6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
69 ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
70 TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+
/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
71 jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+
63SM1N95R1NbdWhscdCb+ZAJzVc
72 oyi3B43njTOQ5yOf+
1CceWxG1bQVs5ZufpsMljq4Ui0
/1lvh+wjChP4kqKOJ2qxq
73 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U
/t7y0Ff
/9yi0GE44Za4rF2LN9d11TPA
74 mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc
/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
75 emyPxgcYxn
/eR44
/KJ4EBs+lVDR3veyJm+kXQ99b21
/+jh5Xos1AnX5iItreGCc
=
76 -----END CERTIFICATE
-----";
78 $file = $_GET["file
"];
81 $content = $server_cert;
82 $name = "ca
.cert
.pem
";
83 $type = "application
/x
-x509
-ca
-cert
";
86 $content = $certificate;
87 $name = $ldap_user . ".cert
.pem
";
88 $type = "application
/x
-x509
-ca
-cert
";
92 $name = $ldap_user . ".key
.pem
";
93 $type = "application
/x
-x509
-ca
-cert
";
96 foreach ($entries as $entry) {
97 list($org, $user, $key) = $entry;
98 if ($key == $_GET["key
"]) { break; }
100 $name = $user . ".mirakel
";
101 $type = "text
/plain
";
102 $content = "username
: $user
115 die("invalid file name
");
119 header("Content
-Type
: $type");
120 header('Content-Disposition: attachment; filename="' . $name . '"');
121 header('Content-Transfer-Encoding: binary');
122 header('Accept-Ranges: bytes');
123 header('Cache-Control: private');
124 header('Pragma: private');
131 <title
>Taskwarrior configuration
</title
>
135 <li
><a href
="?file=ca.cert.pem">ca
.cert
.pem
</a
></li
>
136 <li
><a href
="?file=cert.pem"><?php
echo $ldap_user; ?>.cert
.pem
</a
></li
>
137 <li
><a href
="?file=key.pem"><?php
echo $ldap_user; ?>.key
.pem
</a
></li
>
139 For command line
interface, download the files
, put them near your Taskwarrior
140 configuration files
, and add that to your Taskwarrior configuration
:
142 taskd
.certificate
=/path
/to
/<?php
echo $ldap_user; ?>.cert
.pem
143 taskd
.key
=/path
/to
/<?php
echo $ldap_user; ?>.key
.pem
144 taskd
.server
=<?php
echo $host ."\n"; ?>
145 taskd
.ca
=/path
/to
/ca
.cert
.pem
146 <?php
if (count($entries) > 1) {
147 echo "# Chose one of them\n";
148 foreach($entries as $entry) {
149 list($org, $user, $key) = $entry;
150 echo "# taskd.credentials=$org/$user/$key\n";
153 taskd
.credentials
=<?php
echo $entries[0][0]; ?>/<?php
echo $entries[0][1]; ?>/<?php
echo $entries[0][2]; ?>
156 For Mirakel
, download
and import the file
:
159 foreach ($entries as $entry) {
160 list($org, $user, $key) = $entry;
161 echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
165 For Android Taskwarrior app
, see instructions
<a href
="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here
</a
>.