working LDAP w/ one admin and one dev

ChristianKniep · ChristianKniep · commit 26fc57d7f186 · 2017-10-10T12:34:17.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,15 @@
+# inspired by https://github.com/larrycai/docker-openldap
+# it is based on https://github.com/rackerlabs/dockerstack/blob/master/keystone/openldap/Dockerfile
+# also the files/more.ldif from http://www.zytrax.com/books/ldap/ch14/#ldapsearch
+ARG DOCKER_REGISTRY=docker.io
+FROM ${DOCKER_REGISTRY}/qnib/plain-openldap@sha256:ed3bcf8045dbc22207d7b521b446cd2b5f035e39ee02bacedb0f75b90f967ec7
+
+COPY files /ldap
+
+RUN service slapd start \
+ && cd /ldap \
+ && ldapadd -Y EXTERNAL -H ldapi:/// -f back.ldif \
+ && ldapadd -Y EXTERNAL -H ldapi:/// -f sssvlv_load.ldif \
+ && ldapadd -Y EXTERNAL -H ldapi:/// -f sssvlv_config.ldif \
+ && ldapadd -x -D cn=admin,dc=qnib,dc=inc -w password -c -f front.ldif \
+ && ldapadd -x -D cn=admin,dc=qnib,dc=inc -w password -c -f users.ldif
diff --git a/README.md b/README.md
@@ -1,2 +1,45 @@
-# plain-openldap-qniborg
-OpenLDAP server holding examplary QNIB organization (do not use in PROD!)
+# plain-openldap-qnibinc
+OpenLDAP server holding examplary QNIB Inc organization (do not use in PROD!)
+
+## Fire up
+
+```bash
+$ docker stack deploy -c docker-compose.yml openldap
+Creating network openldap_default
+Creating service openldap_slapd
+```
+
+### Query User/Admins
+
+```bash
+$ docker exec -ti $(docker ps -qf label=com.docker.swarm.service.name=openldap_slapd) ldapsearch -H ldap://localhost -LL -b ou=Users,dc=qnib,dc=inc -x
+version: 1
+
+dn: ou=Users,dc=qnib,dc=inc
+objectClass: organizationalUnit
+ou: Users
+
+dn: cn=Bob Developer,ou=Users,dc=qnib,dc=inc
+objectClass: inetOrgPerson
+cn: Bob Developer
+sn: Bob
+uid: bdev
+mail: bob.developer@qnib.inc
+description: frontend developer
+ou: Dev
+$ docker exec -ti $(docker ps -qf label=com.docker.swarm.service.name=openldap_slapd) ldapsearch -H ldap://localhost -LL -b ou=Admins,dc=qnib,dc=inc -x
+version: 1
+
+dn: ou=Admins,dc=qnib,dc=inc
+objectClass: organizationalUnit
+ou: Admins
+
+dn: cn=Alice Operation,ou=Admins,dc=qnib,dc=inc
+objectClass: inetOrgPerson
+cn: Alice Operation
+sn: Alice
+uid: aops
+mail: alice.ops@qnib.inc
+description: Administrator
+ou: Ops
+```
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,4 @@
+version: '3'
+services:
+  slapd:
+    image: qnib/plain-openldap-qnibinc@sha256:10321d39fd4e482b1bed28ae9e1331f63db608a0de3bf0588e1fd599a1495568
diff --git a/files/back.ldif b/files/back.ldif
@@ -0,0 +1,22 @@
+version: 1
+changeType: add
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: {2}hdb
+olcDbDirectory: /var/lib/ldap
+olcSuffix: dc=qnib,dc=inc
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=qnib,dc=inc" write by * none
+olcAccess: {1}to dn.base="" by * read
+olcAccess: {2}to * by self write by dn="cn=admin,dc=qnib,dc=inc" write by * read
+olcLastMod: TRUE
+olcRootDN: cn=admin,dc=qnib,dc=inc
+olcRootPW: password
+olcDbCheckpoint: 512 30
+olcDbConfig: {0}set_cachesize 0 2097152 0
+olcDbConfig: {1}set_lk_max_objects 1500
+olcDbConfig: {2}set_lk_max_locks 1500
+olcDbConfig: {3}set_lk_max_lockers 1500
+olcDbIndex: objectClass eq
+olcDbIndex: uid eq
+olcDbIndex: cn eq
diff --git a/files/front.ldif b/files/front.ldif
@@ -0,0 +1,30 @@
+dn: dc=qnib,dc=inc
+dc: qnib
+objectClass: dcObject
+objectClass: organizationalUnit
+ou: qnib
+
+dn: ou=UserGroups,dc=qnib,dc=inc
+objectClass: organizationalUnit
+ou: UserGroups
+
+dn: ou=Users,dc=qnib,dc=inc
+objectClass: organizationalUnit
+ou: Users
+
+dn: ou=Admins,dc=qnib,dc=inc
+objectClass: organizationalUnit
+ou: Admins
+
+dn: ou=Roles,dc=qnib,dc=inc
+objectClass: organizationalUnit
+ou: Roles
+
+dn: ou=Projects,dc=qnib,dc=inc
+objectClass: organizationalUnit
+ou: Projects
+
+dn: cn=9fe2ff9ee4384b1894a90878d3e92bab,ou=Roles,dc=qnib,dc=inc
+objectClass: organizationalRole
+ou: _member_
+cn: 9fe2ff9ee4384b1894a90878d3e92bab
diff --git a/files/sssvlv_config.ldif b/files/sssvlv_config.ldif
@@ -0,0 +1,7 @@
+dn: olcOverlay={0}sssvlv,olcDatabase={2}hdb,cn=config
+changeType: add
+objectClass: olcOverlayConfig
+objectClass: olcSssVlvConfig
+olcOverlay: {0}sssvlv
+olcSssVlvMax: 8
+olcSssVlvMaxKeys: 5
diff --git a/files/sssvlv_load.ldif b/files/sssvlv_load.ldif
@@ -0,0 +1,4 @@
+dn: cn=module{0},cn=config
+changeType: modify
+add: olcModuleLoad
+olcModuleLoad: sssvlv.la
diff --git a/files/users.ldif b/files/users.ldif
@@ -0,0 +1,19 @@
+dn: cn=Alice Operation,ou=Admins,dc=qnib,dc=inc
+objectclass: inetOrgPerson
+cn: Alice Operation
+sn: Alice
+uid: aops
+userpassword: aops
+mail: alice.ops@qnib.inc
+description: Administrator
+ou: Ops
+
+dn: cn=Bob Developer,ou=Users,dc=qnib,dc=inc
+objectclass: inetOrgPerson
+cn: Bob Developer
+sn: Bob
+uid: bdev
+userpassword: bdev
+mail: bob.developer@qnib.inc
+description: frontend developer
+ou: Dev
