bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
test/lib/ldap.sh
Derek Crudgington 09f9ee5c62 First round of new directory structure
2022-12-13 16:56:20 +00:00

190 lines
5.4 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Federated Computer LDAP Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_ldap() {
echo -ne "\n* Configuring /federated/apps/ldap container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/ldap" ]; then
mkdir -p /federated/apps/ldap/data &> /dev/null
mkdir -p /federated/apps/ldap/data/var/lib/ldap &> /dev/null
mkdir -p /federated/apps/ldap/data/etc/ldap/slap.d &> /dev/null
mkdir -p /federated/apps/ldap/data/certs &> /dev/null
mkdir -p /federated/apps/ldap/data/root &> /dev/null
cp -rf /federated/apps/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem apps/ldap/data/certs/
fi
DOMAIN_ARRAY=(${DOMAIN//./ })
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
LDAPADMINPASS=`echo -n $ADMINPASS | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print "{SHA}"$0}'`
cat > /federated/apps/ldap/docker-compose.yml <<EOF
version: '3.7'
services:
ldap:
image: osixia/openldap:latest
container_name: ldap
hostname: ldap.$DOMAIN
domainname: $DOMAIN
restart: always
working_dir: /root
networks:
federated:
ipv4_address: 172.99.0.11
volumes:
- ./data/var/lib/ldap:/var/lib/ldap
- ./data/etc/ldap/slapd.d:/etc/ldap/slapd.d
- ./data/certs:/container/service/slapd/assets/certs
- ./data/root:/root
environment:
- LDAP_ORGANISATION=$COMPANY
- LDAP_DOMAIN=$DOMAIN
- LDAP_ADMIN_PASSWORD=$ADMINPASS
- LDAP_RFC2307BIS_SCHEMA=true
- LDAP_REMOVE_CONFIG_AFTER_SETUP=true
- LDAP_TLS=true
- LDAP_TLS_CRT_FILENAME=fullchain1.pem
- LDAP_TLS_KEY_FILENAME=privkey1.pem
- LDAP_TLS_CA_CRT_FILENAME=chain1.pem
- LDAP_TLS_VERIFY_CLIENT=try
networks:
federated:
external: true
EOF
cat > /federated/apps/ldap/data/root/ldap.ldif <<EOF
dn: ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
ou: groups
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
dn: cn=lastGID,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
objectClass: device
objectClass: top
description: Records the last GID used to create a Posix group. This prevent
s the re-use of a GID from a deleted group.
structuralObjectClass: device
cn: lastGID
dn: cn=lastUID,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
objectClass: device
objectClass: top
description: Records the last UID used to create a Posix account. This preve
nts the re-use of a UID from a deleted account.
structuralObjectClass: device
cn: lastUID
dn: cn=everybody,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
objectClass: top
objectClass: posixGroup
objectClass: groupOfUniqueNames
cn: everybody
uniqueMember: uid=admin,ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
gidNumber: 2001
structuralObjectClass: groupOfUniqueNames
dn: cn=admins,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
objectClass: top
objectClass: posixGroup
objectClass: groupOfUniqueNames
cn: admins
uniqueMember: uid=admin,ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
gidNumber: 2002
structuralObjectClass: groupOfUniqueNames
dn: uid=admin,ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
givenName: admin
sn: admin
uid: admin
mail: admin@$DOMAIN
mailalias: admin@$DOMAIN
cn: admin
mailEnabled: true
objectClass: person
objectClass: inetOrgPerson
objectClass: PostfixBookMailAccount
objectClass: posixAccount
userPassword: $LDAPADMINPASS
uidNumber: 2001
gidNumber: 2001
loginShell: /bin/bash
homeDirectory: /home/admin
structuralObjectClass: inetOrgPerson
memberOf: cn=admins,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
memberOf: cn=everybody,ou=groups,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
EOF
cat > /federated/apps/ldap/data/root/ldap.sh <<'EOF'
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
if [ ! -f .initialized ]; then
echo "Importing default scheme ldap.ldif into LDAP"
slapadd -v -l /root/ldap.ldif
[ $? -ne 0 ] && echo "FAILED importing ldap.dif" && exit 2
touch .initialized
fi
EOF
chmod +x /federated/apps/ldap/data/root/ldap.sh
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_ldap() {
# Start /federated/apps/ldap with output to /dev/null
echo -ne "\n* Starting /federated/apps/ldap service.."
spin &
SPINPID=$!
if [ $DEBUG ]; then
# Start /federated/apps/ldap with output to console for debug
docker-compose -f /federated/apps/ldap/docker-compose.yml -p ldap up
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/ldap"
else
docker-compose -f /federated/apps/ldap/docker-compose.yml -p ldap up -d &> /dev/null
# Keep trying ldap port to make sure it's up
# before we proceed
RETRY="25"
while [ $RETRY -gt 0 ]; do
nc -z 172.99.0.11 636 &> /dev/null
if [ $? -eq 0 ]; then
break
else
if [ "$RETRY" == 1 ]; then
docker-compose -f /federated/apps/ldap/docker-compose.yml -p ldap down &> /dev/null
kill -9 $SPINPID &> /dev/null
fail "There was a problem starting service /federated/apps/ldap\nCheck the output of 'docker logs ldap' or turn on\ndebug with -d"
fi
((RETRY--))
sleep 7
fi
done
fi
# Run our ldap.sh script inside the ldap container
# This imports the inital LDAP configuration
docker exec -it ldap /root/ldap.sh &> /dev/null
[ $? -ne 0 ] && fail "Couldn't run ldap.sh inside ldap container"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
Reference in New Issue View Git Blame Copy Permalink