Fixing broken images and probably making it worse, because that's how I roll. (#973)

2025-02-23 20:47:01 +01:00 · 2022-08-08 09:55:03 +10:00 · 2022-08-08 09:55:03 +10:00 · c6e5e426d0
parent f0075378d9
commit c6e5e426d0
9 changed files with 53 additions and 23 deletions
--- a/1
+++ b/1
@ -116,6 +116,7 @@ doc: ## Build the rust documentation locally
 doc:
 	cargo doc --document-private-items

+book: ## Build the Kanidm book
 book:
 	cargo doc --no-deps
 	mdbook build kanidm_book
--- a/kanidm_book/src/accounts_and_groups.md
+++ b/kanidm_book/src/accounts_and_groups.md
@ -31,6 +31,7 @@ admin (system admin) account.

 {{#template  
    templates/kani-warning.md
+    imagepath=images
    text=Warning: The server must not be running at this point, as it requires exclusive access to the database.
 }}

--- a/kanidm_book/src/administrivia.md
+++ b/kanidm_book/src/administrivia.md
@ -55,11 +55,14 @@ the number of backup versions to keep. An example is located in

 # Configuration Test

-You can test your configuration will correctly start with the server.
+{{#template  
+    templates/kani-warning.md
+    imagepath=images
+    title=Take note!
+    text=While this is a configuration file test, it still needs to open the database so that it can check a number of internal values are consistent with the configuration. As a result, this requires the instance under config test to be stopped!
+}}

-> **WARNING:** While this is a configuration test, it still needs to open the database so that
-> it can check a number of internal values are consistent with the configuration. As a result,
-> this requires the instance under config test to be stopped!
+You can test that your configuration is correct, and the server should correctly start.

    docker stop <container name>
    docker run --rm -i -t -v kanidmd:/data \
--- a/kanidm_book/src/developers/designs/rest_interface.md
+++ b/kanidm_book/src/developers/designs/rest_interface.md
@ -3,6 +3,7 @@

 {{#template  
    ../../templates/kani-warning.md
+    imagepath=../../images
    text=Here begins some early notes on the REST interface - much better ones are in the repository's designs directory.
 }}

--- a/kanidm_book/src/integrations/ldap.md
+++ b/kanidm_book/src/integrations/ldap.md
@ -7,9 +7,13 @@ authentication for many years, with almost every application in the world being
 able to search and bind to LDAP. As many organization still rely on LDAP, Kanidm 
 can host a read-only LDAP interface.

-> **WARNING** The LDAP server in Kanidm is not RFC compliant. This
-> is intentional, as Kanidm wants to cover the common use case, 
-> simple bind and search.
+{{#template  
+    ../templates/kani-warning.md
+    imagepath=../images
+    title=Warning!
+    text=The LDAP server in Kanidm is not RFC compliant. This is intentional, as Kanidm wants to cover the common use case,  simple bind and search.
+}}
+

 ## What is LDAP

@ -105,10 +109,22 @@ Kanidm native attributes.
 ## Example

 Given a default install with domain "example.com" the configured LDAP DN will be "dc=example,dc=com".
+
+Run your server:
+
+    cargo run -- server \
+        -D kanidm.db \
+        -C ca.pem -c cert.pem \
+        -k key.pem \
+        -b 127.0.0.1:8443 \
+        -l 127.0.0.1:3636
+
 This can be queried with:

-    cargo run -- server -D kanidm.db -C ca.pem -c cert.pem -k key.pem -b 127.0.0.1:8443 -l 127.0.0.1:3636
-    > LDAPTLS_CACERT=ca.pem ldapsearch -H ldaps://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)'
+    LDAPTLS_CACERT=ca.pem ldapsearch \
+        -H ldaps://127.0.0.1:3636 \
+        -b 'dc=example,dc=com' \
+        -x '(name=test1)'

    # test1@example.com, example.com
    dn: spn=test1@example.com,dc=example,dc=com
@ -122,10 +138,10 @@ This can be queried with:
    spn: test1@example.com
    entryuuid: 22a65b6c-80c8-4e1a-9b76-3f3afdff8400

-It is recommended that client applications filter accounts that can login with '(class=account)'
-and groups with '(class=group)'. If possible, group membership is defined in RFC2307bis or
-Active Directory style. This means groups are determined from the "memberof" attribute which contains
-a DN to a group.
+It is recommended that client applications filter accounts that can login with `(class=account)`
+and groups with `(class=group)`. If possible, group membership is defined in RFC2307bis or
+Active Directory style. This means groups are determined from the "memberof" attribute which 
+contains a DN to a group.

 LDAP binds can use any unique identifier of the account. The following are all valid bind DNs for
 the object listed above (if it was a POSIX account, that is).
@ -138,8 +154,8 @@ the object listed above (if it was a POSIX account, that is).
    ldapwhoami ... -x -D 'spn=test1@example.com,dc=example,dc=com'
    ldapwhoami ... -x -D 'name=test1,dc=example,dc=com'

-Most LDAP clients are very picky about TLS, and can be very hard to debug or display errors. For example
-these commands:
+Most LDAP clients are very picky about TLS, and can be very hard to debug or display errors. 
+For example these commands:

    ldapsearch -H ldaps://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)'
    ldapsearch -H ldap://127.0.0.1:3636 -b 'dc=example,dc=com' -x '(name=test1)'
--- a/kanidm_book/src/intro.md
+++ b/kanidm_book/src/intro.md
@ -12,6 +12,7 @@ The intent of the Kanidm project is to:

 {{#template  
    templates/kani-warning.md      
+    imagepath=images
    title=NOTICE
    text=This is a pre-release project. While all effort has been made to ensure no data loss or security flaws, you should still be careful when using this in your environment.
 }}
--- a/kanidm_book/src/recycle_bin.md
+++ b/kanidm_book/src/recycle_bin.md
@ -3,9 +3,12 @@
 The recycle bin is a storage of deleted entries from the server. This allows
 recovery from mistakes for a period of time.

-> **WARNING:** The recycle bin is a best effort - when recovering in some cases
-> not everything can be "put back" the way it was. Be sure to check your entries
-> are valid once they have been revived.
+{{#template  
+    templates/kani-warning.md
+    imagepath=images
+    title=Warning!
+    text=The recycle bin is a best effort - when recovering in some cases not everything can be "put back" the way it was. Be sure to check your entries are valid once they have been revived.
+}}

 ## Where is the Recycle Bin?

--- a/kanidm_book/src/server_configuration.md
+++ b/kanidm_book/src/server_configuration.md
@ -2,7 +2,7 @@

 ### Configuring server.toml

-You need a configuration file in the volume named `server.toml`. (Within the container it should be `/data/server.toml`.) Its contents should be as follows:
+You need a configuration file in the volume named `server.toml`. (Within the container it should be `/data/server.toml`) Its contents should be as follows:

    #   The webserver bind address. Will use HTTPS if tls_* 
    #   is provided.
@ -102,10 +102,14 @@ You need a configuration file in the volume named `server.toml`. (Within the con
    #


-An example is located in [examples/server.toml](../../examples/server.toml).
+An example is located in [examples/server.toml](https://github.com/kanidm/kanidm/blob/master/examples/server.toml).

-> **WARNING** You MUST set the `domain` name correctly, aligned with your `origin`, else the server
-> may refuse to start, or some features (e.g. webauthn, oauth) may not work correctly!
+{{#template  
+    templates/kani-warning.md
+    imagepath=images
+    title=Warning!
+    text=You MUST set the `domain` name correctly, aligned with your `origin`, else the server may refuse to start or some features (e.g. webauthn, oauth) may not work correctly!
+}}

 ### Check the configuration is valid.

--- a/kanidm_book/src/templates/kani-warning.md
+++ b/kanidm_book/src/templates/kani-warning.md
@ -1,6 +1,6 @@
 <table>
 <tr>
-    <td rowspan=2><img src="/images/kani-warning.png" alt="Kani Warning" /></td>
+    <td rowspan=2><img src="[[#imagepath]]/kani-warning.png" alt="Kani Warning" /></td>
    <td><strong>[[#title]]</strong></td>
    </tr>
 <tr>