Fixing broken images and probably making it worse, because that's how I roll. (#973)

Makefile

@@ -116,6 +116,7 @@ doc: ## Build the rust documentation locally
 doc:
 	cargo doc --document-private-items
 
+book: ## Build the Kanidm book
 book:
 	cargo doc --no-deps
 	mdbook build kanidm_book

kanidm_book/src/accounts_and_groups.md

@@ -31,6 +31,7 @@ admin (system admin) account.
 
 {{#template  
     templates/kani-warning.md
+    imagepath=images
     text=Warning: The server must not be running at this point, as it requires exclusive access to the database.
 }}
 

kanidm_book/src/administrivia.md

@@ -55,11 +55,14 @@ the number of backup versions to keep. An example is located in
 
 # Configuration Test
 
-You can test your configuration will correctly start with the server.
+{{#template  
+    templates/kani-warning.md
+    imagepath=images
+    title=Take note!
+    text=While this is a configuration file test, it still needs to open the database so that it can check a number of internal values are consistent with the configuration. As a result, this requires the instance under config test to be stopped!
+}}
 
-> **WARNING:** While this is a configuration test, it still needs to open the database so that
+You can test that your configuration is correct, and the server should correctly start.
-> it can check a number of internal values are consistent with the configuration. As a result,
-> this requires the instance under config test to be stopped!
 
     docker stop <container name>
     docker run --rm -i -t -v kanidmd:/data \

kanidm_book/src/developers/designs/rest_interface.md

@@ -3,6 +3,7 @@
 
 {{#template  
     ../../templates/kani-warning.md
+    imagepath=../../images
     text=Here begins some early notes on the REST interface - much better ones are in the repository's designs directory.
 }}
 

kanidm_book/src/integrations/ldap.md

@@ -7,9 +7,13 @@ authentication for many years, with almost every application in the world being
 able to search and bind to LDAP. As many organization still rely on LDAP, Kanidm 
 can host a read-only LDAP interface.
 
-> **WARNING** The LDAP server in Kanidm is not RFC compliant. This
+{{#template  
-> is intentional, as Kanidm wants to cover the common use case, 
+    ../templates/kani-warning.md
-> simple bind and search.
+    imagepath=../images
+    title=Warning!
+    text=The LDAP server in Kanidm is not RFC compliant. This is intentional, as Kanidm wants to cover the common use case,  simple bind and search.
+}}
+
 
 ## What is LDAP
 
@@ -105,10 +109,22 @@ Kanidm native attributes.
 ## Example
 
 Given a default install with domain "example.com" the configured LDAP DN will be "dc=example,dc=com".
+
+Run your server:
+
+    cargo run -- server \
+        -D kanidm.db \
+        -C ca.pem -c cert.pem \
+        -k key.pem \
+        -b 127.0.0.1:8443 \
+        -l 127.0.0.1:3636
+
 This can be queried with:
 
-    cargo run -- server -D kanidm.db -C ca.pem -c cert.pem -k key.pem -b 127.0.0.1:8443 -l 127.0.0.1:3636
+    LDAPTLS_CACERT=ca.pem ldapsearch \
-    > LDAPTLS_CACERT=ca.pem ldapsearch -H ldaps://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)'
+        -H ldaps://127.0.0.1:3636 \
+        -b 'dc=example,dc=com' \
+        -x '(name=test1)'
 
     # test1@example.com, example.com
     dn: spn=test1@example.com,dc=example,dc=com
@@ -122,10 +138,10 @@ This can be queried with:
     spn: test1@example.com
     entryuuid: 22a65b6c-80c8-4e1a-9b76-3f3afdff8400
 
-It is recommended that client applications filter accounts that can login with '(class=account)'
+It is recommended that client applications filter accounts that can login with `(class=account)`
-and groups with '(class=group)'. If possible, group membership is defined in RFC2307bis or
+and groups with `(class=group)`. If possible, group membership is defined in RFC2307bis or
-Active Directory style. This means groups are determined from the "memberof" attribute which contains
+Active Directory style. This means groups are determined from the "memberof" attribute which 
-a DN to a group.
+contains a DN to a group.
 
 LDAP binds can use any unique identifier of the account. The following are all valid bind DNs for
 the object listed above (if it was a POSIX account, that is).
@@ -138,8 +154,8 @@ the object listed above (if it was a POSIX account, that is).
     ldapwhoami ... -x -D 'spn=test1@example.com,dc=example,dc=com'
     ldapwhoami ... -x -D 'name=test1,dc=example,dc=com'
 
-Most LDAP clients are very picky about TLS, and can be very hard to debug or display errors. For example
+Most LDAP clients are very picky about TLS, and can be very hard to debug or display errors. 
-these commands:
+For example these commands:
 
     ldapsearch -H ldaps://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)'
     ldapsearch -H ldap://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)'

kanidm_book/src/intro.md

@@ -12,6 +12,7 @@ The intent of the Kanidm project is to:
 
  {{#template  
     templates/kani-warning.md      
+    imagepath=images
     title=NOTICE
     text=This is a pre-release project. While all effort has been made to ensure no data loss or security flaws, you should still be careful when using this in your environment.
 }}

kanidm_book/src/recycle_bin.md

@@ -3,9 +3,12 @@
 The recycle bin is a storage of deleted entries from the server. This allows
 recovery from mistakes for a period of time.
 
-> **WARNING:** The recycle bin is a best effort - when recovering in some cases
+{{#template  
-> not everything can be "put back" the way it was. Be sure to check your entries
+    templates/kani-warning.md
-> are valid once they have been revived.
+    imagepath=images
+    title=Warning!
+    text=The recycle bin is a best effort - when recovering in some cases not everything can be "put back" the way it was. Be sure to check your entries are valid once they have been revived.
+}}
 
 ## Where is the Recycle Bin?
 

kanidm_book/src/server_configuration.md

@@ -2,7 +2,7 @@
 
 ### Configuring server.toml
 
-You need a configuration file in the volume named `server.toml`. (Within the container it should be `/data/server.toml`.) Its contents should be as follows:
+You need a configuration file in the volume named `server.toml`. (Within the container it should be `/data/server.toml`) Its contents should be as follows:
 
     #   The webserver bind address. Will use HTTPS if tls_* 
     #   is provided.
@@ -102,10 +102,14 @@ You need a configuration file in the volume named `server.toml`. (Within the con
     #
 
 
-An example is located in [examples/server.toml](../../examples/server.toml).
+An example is located in [examples/server.toml](https://github.com/kanidm/kanidm/blob/master/examples/server.toml).
 
-> **WARNING** You MUST set the `domain` name correctly, aligned with your `origin`, else the server
+{{#template  
-> may refuse to start, or some features (e.g. webauthn, oauth) may not work correctly!
+    templates/kani-warning.md
+    imagepath=images
+    title=Warning!
+    text=You MUST set the `domain` name correctly, aligned with your `origin`, else the server may refuse to start or some features (e.g. webauthn, oauth) may not work correctly!
+}}
 
 ### Check the configuration is valid.
 

kanidm_book/src/templates/kani-warning.md

@@ -1,6 +1,6 @@
 <table>
 <tr>
-    <td rowspan=2><img src="/images/kani-warning.png" alt="Kani Warning" /></td>
+    <td rowspan=2><img src="[[#imagepath]]/kani-warning.png" alt="Kani Warning" /></td>
     <td><strong>[[#title]]</strong></td>
     </tr>
 <tr>