From 05bfb1daa534475deeead6ee86a79005f07684e9 Mon Sep 17 00:00:00 2001
From: Gilles Mouchet <gilles.mouchet@gmail.com>
Date: Sun, 29 Dec 2024 21:01:11 +0100
Subject: [PATCH] initial version

---
 .env.dist          |  10 ++++
 README.md          |   5 +-
 docker-compose.yml |  15 +----
 ldap-init.sh       | 138 ++++++++++++++++++++++++++++++++++++++-------
 reinit-ldap.sh     |  14 +++++
 5 files changed, 144 insertions(+), 38 deletions(-)
 create mode 100644 .env.dist
 create mode 100755 reinit-ldap.sh

diff --git a/.env.dist b/.env.dist
new file mode 100644
index 0000000..f386040
--- /dev/null
+++ b/.env.dist
@@ -0,0 +1,10 @@
+LDAP_ADMIN_USERNAME=admin
+LDAP_ADMIN_PASSWORD=CHANGE_ASAP
+LDAP_ROOT=dc=gmolab,dc=net
+LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
+LDAP_ALLOW_ANON_BINDING=no
+LDAP_ENABLE_TLS=yes
+LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
+LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
+LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt
+LDAP_SKIP_DEFAULT_TREE=yes 
diff --git a/README.md b/README.md
index 8bbac4f..f44afa4 100644
--- a/README.md
+++ b/README.md
@@ -23,11 +23,10 @@ sudo chown 1001 /home/docker/openldap -R
 1001 is important because the container is running with user no-root
 
 ## Delete Directory
-ATTENTION. The commands below delete the entire directory.
+ATTENTION. The command below delete the entire directory.
 This is useful when you want to test configs (problems with certificates)
 ```bash
-sudo rm -rf /home/docker/openldap/data/*
-sudo rm -rf /home/docker/openldap/slapd.d/*
+./reinit-ldap.sh
 ```
 
 ## Run
diff --git a/docker-compose.yml b/docker-compose.yml
index 08ad940..21baf5a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,25 +1,12 @@
-networks:
-  my-network:
-    driver: bridge
 services:
   openldap:
     image: bitnami/openldap:latest
+    restart: always
     container_name: ldap
     ports:
       - '1389:1389'
       - '1636:1636'
     env_file: ".env"  
-#    environment:
-#      - LDAP_ADMIN_USERNAME=admin
-#      - LDAP_ADMIN_PASSWORD=password
-#      - LDAP_ROOT=dc=gmolab,dc=net
-#      - LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
-#      - LDAP_ENABLE_TLS=yes
-#      - LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
-#      - LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
-#      - LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt 
-    networks:
-      - my-network
     volumes:
       - /home/docker/openldap:/bitnami/openldap/
       - /home/docker/openldap/certs:/opt/bitnami/openldap/certs
diff --git a/ldap-init.sh b/ldap-init.sh
index a6b393d..8cd06f5 100755
--- a/ldap-init.sh
+++ b/ldap-init.sh
@@ -2,25 +2,32 @@
 source .env
 LDAP_SRV=ldaps://gmoadm.gmolab.net:1636
 
-echo "Delete from the box users"
-ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
-  "cn=user01,ou=people,$LDAP_ROOT" \
-  "cn=user02,ou=people,$LDAP_ROOT" \
-  "cn=readers,ou=people,$LDAP_ROOT" \
-  "ou=people,$LDAP_ROOT"
+#echo "Delete from the box users"
+#ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
+#  "cn=user01,ou=people,$LDAP_ROOT" \
+#  "cn=user02,ou=people,$LDAP_ROOT" \
+#  "cn=readers,ou=people,$LDAP_ROOT" \
+#  "ou=people,$LDAP_ROOT"
 
 echo "create OUs"
 ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
+dn: $LDAP_ROOT
+objectClass: top
+objectClass: dcObject
+objectclass: organization
+o: GMoLab Directory
+dc: gmolab
+
 dn: ou=people,$LDAP_ROOT
 objectClass: organizationalUnit
 ou: people
-EOF
-#dn: ou=groups,$LDAP_ROOT
-#objectClass: organizationalUnit
-#ou: groups
-#EOF
 
-echo "Create users"
+dn: ou=groups,$LDAP_ROOT
+objectClass: organizationalUnit
+ou: groups
+EOF
+
+echo "Populate the directory"
 ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
 dn: cn=Admin LDAP,ou=people,$LDAP_ROOT
 cn: Admin LDAP
@@ -30,7 +37,7 @@ givenName: Admin
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: shadowAccount
-userPassword: pa55w0rd
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: adminldap
 uidNumber: 10001
 gidNumber: 10001
@@ -45,14 +52,103 @@ givenName: Access
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: shadowAccount
-userPassword: pa55w0rd
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: accessldap
 uidNumber: 10002
 gidNumber: 10002
 homeDirectory: /home/accessldap
 mail: access.ldap@gmolab.net
+
+dn: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
+cn: Gilles Mouchet
+displayName: Gilles Mouchet
+sn: Mouchet
+givenName: Gilles
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: gilles.mouchet
+uidNumber: 10003
+gidNumber: 10003
+homeDirectory: /home/gilmouchet
+mail: gilles.mouchet@gmolab.net
+
+dn: cn=Christine Mouchet,ou=people,$LDAP_ROOT
+cn: Christine Mouchet
+displayName: Christine Mouchet
+sn: Mouchet
+givenName: Christine
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: christine.mouchet
+uidNumber: 10004
+gidNumber: 10004
+homeDirectory: /home/chrmouchet
+mail: christine.mouchet@gmolab.net
+
+dn: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
+cn: Bryan Mouchet
+displayName: Bryan Mouchet
+sn: Mouchet
+givenName: Bryan
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: bryan.mouchet
+uidNumber: 10005
+gidNumber: 10005
+homeDirectory: /home/brymouchet
+mail: bryan.mouchet@gmolab.net
+
+dn: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
+cn: Aurelie Mouchet
+displayName: Aurelie Mouchet
+sn: Mouchet
+givenName: Aurelie
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: aurelie.mouchet
+uidNumber: 10006
+gidNumber: 10006
+homeDirectory: /home/aurmouchet
+mail: aurelie.mouchet@gmolab.net
+
+dn: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
+cn: Sarah Mouchet
+displayName: Sarah Mouchet
+sn: Mouchet
+givenName: Sarah
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: sarah.mouchet
+uidNumber: 10006
+gidNumber: 10006
+homeDirectory: /home/sarmouchet
+mail: sarah.mouchet@gmolab.net
+
+dn: cn=Mouchet Family,ou=groups,$LDAP_ROOT
+objectClass: groupOfNames
+cn: Mouchet Family
+member: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
+member: cn=Christine Mouchet,ou=people,$LDAP_ROOT
+member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
+member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
+member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
+
 EOF
 
+
+
+
+
 echo "change ACL"
 docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
 dn: olcDatabase={2}mdb,cn=config
@@ -75,10 +171,10 @@ olcAccess: to *
 EOF
 '
 
-echo "Change organization name"
-ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
-dn: dc=gmolab,dc=net
-changetype: modify
-replace: o
-o: GMOLab (Gilles Mouchet Sandbox)
-EOF
\ No newline at end of file
+#echo "Change organization name"
+#ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
+#dn: dc=gmolab,dc=net
+#changetype: modify
+#replace: o
+#o: GMOLab (Gilles Mouchet Sandbox)
+#EOF
\ No newline at end of file
diff --git a/reinit-ldap.sh b/reinit-ldap.sh
new file mode 100755
index 0000000..d621c32
--- /dev/null
+++ b/reinit-ldap.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# DELETE ALL DIRECTORY DATA
+echo "You will DELETE ALL DATA from the directory!!"
+read -p "Are you sure? " -n 1 -r
+echo    # (optional) move to a new line
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    docker compose down
+    sudo rm -rf /home/docker/openldap/data/*
+    sudo rm -rf /home/docker/openldap/slapd.d/*
+    docker compose up -d
+    sleep 5
+    ./ldap-init.sh
+    ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
+fi