bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
test/lib/ldap.sh

189 lines
5.2 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#
# LDAP Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_ldap() {
echo -ne "* Configuring ldap container.."
if [ ! -d "/federated/apps/ldap" ]; then
mkdir -p /federated/apps/ldap/data/certs &> /dev/null
mkdir -p /federated/apps/ldap/data/root &> /dev/null
mkdir -p /federated/apps/ldap/data/var/lib/ldap &> /dev/null
mkdir -p /federated/apps/ldap/data/etc/ldap/slap.d &> /dev/null
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/
fi
LDAPADMINPASS=`echo -n $ADMINPASS | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print "{SHA}"$0}'`
LDAPFCOREPASS=`echo -n $ADMINPASS | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print "{SHA}"$0}'`
cat > /federated/apps/ldap/docker-compose.yml <<EOF
services:
ldap:
image: osixia/openldap:\${IMAGE_VERSION}
container_name: ldap
hostname: ldap.$DOMAIN
restart: always
working_dir: /root
networks:
core:
ipv4_address: 192.168.0.15
volumes:
- ./data/var/lib/ldap:/var/lib/ldap
- ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d
- ./data/certs:/container/service/slapd/assets/certs
- ./data/root:/root
env_file:
- ./.env
secrets:
- federated_ldap_password
secrets:
federated_ldap_password:
file: ./.ldap.secret
networks:
core:
external: true
EOF
cat > /federated/apps/ldap/.env <<EOF
IMAGE_VERSION="$(current_version ldap)"
LDAP_ORGANISATION=$COMPANY
LDAP_DOMAIN=federatedcomputer.cloud
LDAP_ADMIN_PASSWORD_FILE=/run/secrets/federated_ldap_password
LDAP_RFC2307BIS_SCHEMA=true
LDAP_REMOVE_CONFIG_AFTER_SETUP=true
LDAP_TLS=true
LDAP_TLS_CRT_FILENAME=$DOMAIN.crt
LDAP_TLS_KEY_FILENAME=$DOMAIN.key
LDAP_TLS_CA_CRT_FILENAME=$DOMAIN.crt
LDAP_TLS_VERIFY_CLIENT=try
EOF
chmod 600 /federated/apps/ldap/.env
LDAP_SECRET=$(create_password);
echo "$LDAP_SECRET" > /federated/apps/ldap/.ldap.secret
chmod 600 /federated/apps/ldap/.ldap.secret
cat > /federated/apps/ldap/data/root/ldap.ldif <<EOF
dn: ou=people,dc=federatedcomputer,dc=cloud
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: ou=groups,dc=federatedcomputer,dc=cloud
ou: groups
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: cn=lastGID,dc=federatedcomputer,dc=cloud
objectClass: device
objectClass: top
description: Records the last GID used to create a Posix group. This prevent
s the re-use of a GID from a deleted group.
structuralObjectClass: device
cn: lastGID
dn: cn=lastUID,dc=federatedcomputer,dc=cloud
objectClass: device
objectClass: top
description: Records the last UID used to create a Posix account. This preve
nts the re-use of a UID from a deleted account.
structuralObjectClass: device
cn: lastUID
dn: cn=everybody,ou=groups,dc=federatedcomputer,dc=cloud
objectClass: top
objectClass: posixGroup
objectClass: groupOfUniqueNames
cn: everybody
uniqueMember: uid=admin,ou=people,dc=federatedcomputer,dc=cloud
gidNumber: 2001
structuralObjectClass: groupOfUniqueNames
dn: cn=admins,ou=groups,dc=federatedcomputer,dc=cloud
objectClass: top
objectClass: posixGroup
objectClass: groupOfUniqueNames
cn: admins
uniqueMember: uid=admin,ou=people,dc=federatedcomputer,dc=cloud
gidNumber: 2002
structuralObjectClass: groupOfUniqueNames
dn: uid=admin,ou=people,dc=federatedcomputer,dc=cloud
givenName: admin
sn: admin
uid: admin
mail: admin@$DOMAIN
mailAlias: admin@$DOMAIN
mailAlias: abuse@$DOMAIN
mailAlias: postmaster@$DOMAIN
mailAlias: hostmaster@$DOMAIN
cn: admin
mailEnabled: true
objectClass: person
objectClass: inetOrgPerson
objectClass: PostfixBookMailAccount
objectClass: posixAccount
userPassword: $LDAPADMINPASS
uidNumber: 2001
gidNumber: 2001
loginShell: /bin/bash
homeDirectory: /home/admin
structuralObjectClass: inetOrgPerson
memberOf: cn=admins,ou=groups,dc=federatedcomputer,dc=cloud
memberOf: cn=everybody,ou=groups,dc=federatedcomputer,dc=cloud
dn: uid=fcore,ou=people,dc=federatedcomputer,dc=cloud
givenName: fcore
sn: fcore
uid: fcore
mail: fcore@$DOMAIN
cn: fcore
mailEnabled: false
objectClass: person
objectClass: inetOrgPerson
objectClass: PostfixBookMailAccount
objectClass: posixAccount
userPassword: $LDAPADMINPASS
uidNumber: 2002
gidNumber: 2002
loginShell: /bin/bash
homeDirectory: /home/fcore
structuralObjectClass: inetOrgPerson
memberOf: cn=admins,ou=groups,dc=federatedcomputer,dc=cloud
memberOf: cn=everybody,ou=groups,dc=federatedcomputer,dc=cloud
EOF
cat > /federated/apps/ldap/data/root/ldap.sh <<'EOF'
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
if [ ! -f .initialized ]; then
echo "Importing default scheme ldap.ldif into LDAP"
slapadd -v -l /root/ldap.ldif
[ $? -ne 0 ] && echo "FAILED importing ldap.dif" && exit 2
touch .initialized
fi
EOF
chmod +x /federated/apps/ldap/data/root/ldap.sh
echo -ne "done.\n"
}
start_ldap() {
# Start service with command to make sure it's up before proceeding
start_service "ldap" "nc -z 192.168.0.15 636 &> /dev/null" "60"
# Run our ldap.sh script inside the ldap container
# This imports the inital LDAP configuration
docker exec ldap /root/ldap.sh &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run ldap.sh inside ldap container"
echo -ne "done.\n"
}
Reference in New Issue View Git Blame Copy Permalink