Skip to content

mv "sudo" from script/install-openldap to .travis.yml #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 21, 2015
Merged

mv "sudo" from script/install-openldap to .travis.yml #199

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ env:
- INTEGRATION=openldap

install:
- if [ "$INTEGRATION" = "openldap" ]; then ./script/install-openldap; fi
- if [ "$INTEGRATION" = "openldap" ]; then sudo script/install-openldap; fi
- bundle install

script: bundle exec rake ci
Expand Down
60 changes: 30 additions & 30 deletions script/install-openldap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,69 +6,69 @@ BASE_PATH="$( cd `dirname $0`/../test/fixtures/openldap && pwd )"
SEED_PATH="$( cd `dirname $0`/../test/fixtures && pwd )"

dpkg -s slapd time ldap-utils gnutls-bin ssl-cert > /dev/null ||\
DEBIAN_FRONTEND=noninteractive sudo -E apt-get update -y --force-yes && \
DEBIAN_FRONTEND=noninteractive sudo -E apt-get install -y --force-yes slapd time ldap-utils gnutls-bin ssl-cert
DEBIAN_FRONTEND=noninteractive apt-get update -y --force-yes && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes slapd time ldap-utils gnutls-bin ssl-cert

sudo /etc/init.d/slapd stop
/etc/init.d/slapd stop

TMPDIR=$(mktemp -d)
cd $TMPDIR

# Delete data and reconfigure.
sudo cp -v /var/lib/ldap/DB_CONFIG ./DB_CONFIG
sudo rm -rf /etc/ldap/slapd.d/*
sudo rm -rf /var/lib/ldap/*
sudo cp -v ./DB_CONFIG /var/lib/ldap/DB_CONFIG
sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/slapd.conf.ldif
cp -v /var/lib/ldap/DB_CONFIG ./DB_CONFIG
rm -rf /etc/ldap/slapd.d/*
rm -rf /var/lib/ldap/*
cp -v ./DB_CONFIG /var/lib/ldap/DB_CONFIG
slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/slapd.conf.ldif
# Load memberof and ref-int overlays and configure them.
sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/memberof.ldif
slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/memberof.ldif
# Load retcode overlay and configure
sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/retcode.ldif
slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/retcode.ldif

# Add base domain.
sudo slapadd -F /etc/ldap/slapd.d <<EOM
slapadd -F /etc/ldap/slapd.d <<EOM
dn: dc=rubyldap,dc=com
objectClass: top
objectClass: domain
dc: rubyldap
EOM

sudo chown -R openldap.openldap /etc/ldap/slapd.d
sudo chown -R openldap.openldap /var/lib/ldap
chown -R openldap.openldap /etc/ldap/slapd.d
chown -R openldap.openldap /var/lib/ldap

sudo /etc/init.d/slapd start
/etc/init.d/slapd start

# Import seed data.
# NOTE: use ldapadd in order for memberOf and refint to apply, instead of:
# cat $SEED_PATH/seed.ldif | sudo slapadd -F /etc/ldap/slapd.d
/usr/bin/time sudo ldapadd -x -D "cn=admin,dc=rubyldap,dc=com" -w passworD1 \
# cat $SEED_PATH/seed.ldif | slapadd -F /etc/ldap/slapd.d
/usr/bin/time ldapadd -x -D "cn=admin,dc=rubyldap,dc=com" -w passworD1 \
-h localhost -p 389 \
-f $SEED_PATH/seed.ldif

sudo rm -rf $TMPDIR
rm -rf $TMPDIR

# SSL

sudo sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem"
sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem"

sudo sh -c "cat > /etc/ssl/ca.info <<EOF
sh -c "cat > /etc/ssl/ca.info <<EOF
cn = rubyldap
ca
cert_signing_key
EOF"

# Create the self-signed CA certificate:
sudo certtool --generate-self-signed \
certtool --generate-self-signed \
--load-privkey /etc/ssl/private/cakey.pem \
--template /etc/ssl/ca.info \
--outfile /etc/ssl/certs/cacert.pem

# Make a private key for the server:
sudo certtool --generate-privkey \
certtool --generate-privkey \
--bits 1024 \
--outfile /etc/ssl/private/ldap01_slapd_key.pem

sudo sh -c "cat > /etc/ssl/ldap01.info <<EOF
sh -c "cat > /etc/ssl/ldap01.info <<EOF
organization = Example Company
cn = ldap01.example.com
tls_www_server
Expand All @@ -78,14 +78,14 @@ expiration_days = 3650
EOF"

# Create the server certificate
sudo certtool --generate-certificate \
certtool --generate-certificate \
--load-privkey /etc/ssl/private/ldap01_slapd_key.pem \
--load-ca-certificate /etc/ssl/certs/cacert.pem \
--load-ca-privkey /etc/ssl/private/cakey.pem \
--template /etc/ssl/ldap01.info \
--outfile /etc/ssl/certs/ldap01_slapd_cert.pem

sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF | true
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF | true
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
Expand All @@ -102,11 +102,11 @@ EOF
# protected by TLS/SSL whereas LDAPS, like HTTPS, is a distinct
# encrypted-from-the-start protocol that operates over TCP port 636. But we
# enable it for testing here.
sudo sed -i -e 's|^SLAPD_SERVICES="\(.*\)"|SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"|' /etc/default/slapd
sed -i -e 's|^SLAPD_SERVICES="\(.*\)"|SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"|' /etc/default/slapd

sudo adduser openldap ssl-cert
sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem
sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem
sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem
adduser openldap ssl-cert
chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem
chmod g+r /etc/ssl/private/ldap01_slapd_key.pem
chmod o-r /etc/ssl/private/ldap01_slapd_key.pem

sudo service slapd restart
service slapd restart