initial version

2024-12-29 21:01:11 +01:00 · 2024-12-29 21:01:11 +01:00 · 05bfb1daa5
commit 05bfb1daa5
parent 5a92d6815c
5 changed files with 144 additions and 38 deletions
--- a/.env.dist
+++ b/.env.dist
@ -0,0 +1,10 @@
+LDAP_ADMIN_USERNAME=admin
+LDAP_ADMIN_PASSWORD=CHANGE_ASAP
+LDAP_ROOT=dc=gmolab,dc=net
+LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
+LDAP_ALLOW_ANON_BINDING=no
+LDAP_ENABLE_TLS=yes
+LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
+LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
+LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt
+LDAP_SKIP_DEFAULT_TREE=yes 
--- a/README.md
+++ b/README.md
@ -23,11 +23,10 @@ sudo chown 1001 /home/docker/openldap -R
 1001 is important because the container is running with user no-root

 ## Delete Directory
-ATTENTION. The commands below delete the entire directory.
+ATTENTION. The command below delete the entire directory.
 This is useful when you want to test configs (problems with certificates)
 ```bash
-sudo rm -rf /home/docker/openldap/data/*
-sudo rm -rf /home/docker/openldap/slapd.d/*
+./reinit-ldap.sh
 ```

 ## Run
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,25 +1,12 @@
-networks:
-  my-network:
-    driver: bridge
 services:
  openldap:
    image: bitnami/openldap:latest
+    restart: always
    container_name: ldap
    ports:
      - '1389:1389'
      - '1636:1636'
    env_file: ".env"  
-#    environment:
-#      - LDAP_ADMIN_USERNAME=admin
-#      - LDAP_ADMIN_PASSWORD=password
-#      - LDAP_ROOT=dc=gmolab,dc=net
-#      - LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
-#      - LDAP_ENABLE_TLS=yes
-#      - LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
-#      - LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
-#      - LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt 
-    networks:
-      - my-network
    volumes:
      - /home/docker/openldap:/bitnami/openldap/
      - /home/docker/openldap/certs:/opt/bitnami/openldap/certs
--- a/ldap-init.sh
+++ b/ldap-init.sh
@ -2,25 +2,32 @@
 source .env
 LDAP_SRV=ldaps://gmoadm.gmolab.net:1636

-echo "Delete from the box users"
-ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
-  "cn=user01,ou=people,$LDAP_ROOT" \
-  "cn=user02,ou=people,$LDAP_ROOT" \
-  "cn=readers,ou=people,$LDAP_ROOT" \
-  "ou=people,$LDAP_ROOT"
+#echo "Delete from the box users"
+#ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
+#  "cn=user01,ou=people,$LDAP_ROOT" \
+#  "cn=user02,ou=people,$LDAP_ROOT" \
+#  "cn=readers,ou=people,$LDAP_ROOT" \
+#  "ou=people,$LDAP_ROOT"

 echo "create OUs"
 ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
+dn: $LDAP_ROOT
+objectClass: top
+objectClass: dcObject
+objectclass: organization
+o: GMoLab Directory
+dc: gmolab
+
 dn: ou=people,$LDAP_ROOT
 objectClass: organizationalUnit
 ou: people
-EOF
-#dn: ou=groups,$LDAP_ROOT
-#objectClass: organizationalUnit
-#ou: groups
-#EOF

-echo "Create users"
+dn: ou=groups,$LDAP_ROOT
+objectClass: organizationalUnit
+ou: groups
+EOF
+
+echo "Populate the directory"
 ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
 dn: cn=Admin LDAP,ou=people,$LDAP_ROOT
 cn: Admin LDAP
@ -30,7 +37,7 @@ givenName: Admin
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: shadowAccount
-userPassword: pa55w0rd
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: adminldap
 uidNumber: 10001
 gidNumber: 10001
@ -45,14 +52,103 @@ givenName: Access
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: shadowAccount
-userPassword: pa55w0rd
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: accessldap
 uidNumber: 10002
 gidNumber: 10002
 homeDirectory: /home/accessldap
 mail: access.ldap@gmolab.net
+
+dn: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
+cn: Gilles Mouchet
+displayName: Gilles Mouchet
+sn: Mouchet
+givenName: Gilles
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: gilles.mouchet
+uidNumber: 10003
+gidNumber: 10003
+homeDirectory: /home/gilmouchet
+mail: gilles.mouchet@gmolab.net
+
+dn: cn=Christine Mouchet,ou=people,$LDAP_ROOT
+cn: Christine Mouchet
+displayName: Christine Mouchet
+sn: Mouchet
+givenName: Christine
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: christine.mouchet
+uidNumber: 10004
+gidNumber: 10004
+homeDirectory: /home/chrmouchet
+mail: christine.mouchet@gmolab.net
+
+dn: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
+cn: Bryan Mouchet
+displayName: Bryan Mouchet
+sn: Mouchet
+givenName: Bryan
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: bryan.mouchet
+uidNumber: 10005
+gidNumber: 10005
+homeDirectory: /home/brymouchet
+mail: bryan.mouchet@gmolab.net
+
+dn: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
+cn: Aurelie Mouchet
+displayName: Aurelie Mouchet
+sn: Mouchet
+givenName: Aurelie
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: aurelie.mouchet
+uidNumber: 10006
+gidNumber: 10006
+homeDirectory: /home/aurmouchet
+mail: aurelie.mouchet@gmolab.net
+
+dn: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
+cn: Sarah Mouchet
+displayName: Sarah Mouchet
+sn: Mouchet
+givenName: Sarah
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
+uid: sarah.mouchet
+uidNumber: 10006
+gidNumber: 10006
+homeDirectory: /home/sarmouchet
+mail: sarah.mouchet@gmolab.net
+
+dn: cn=Mouchet Family,ou=groups,$LDAP_ROOT
+objectClass: groupOfNames
+cn: Mouchet Family
+member: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
+member: cn=Christine Mouchet,ou=people,$LDAP_ROOT
+member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
+member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
+member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
+
 EOF

+
+
+
+
 echo "change ACL"
 docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
 dn: olcDatabase={2}mdb,cn=config
@ -75,10 +171,10 @@ olcAccess: to *
 EOF
 '

-echo "Change organization name"
-ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
-dn: dc=gmolab,dc=net
-changetype: modify
-replace: o
-o: GMOLab (Gilles Mouchet Sandbox)
-EOF
+#echo "Change organization name"
+#ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
+#dn: dc=gmolab,dc=net
+#changetype: modify
+#replace: o
+#o: GMOLab (Gilles Mouchet Sandbox)
+#EOF
--- a/reinit-ldap.sh
+++ b/reinit-ldap.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+# DELETE ALL DIRECTORY DATA
+echo "You will DELETE ALL DATA from the directory!!"
+read -p "Are you sure? " -n 1 -r
+echo    # (optional) move to a new line
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    docker compose down
+    sudo rm -rf /home/docker/openldap/data/*
+    sudo rm -rf /home/docker/openldap/slapd.d/*
+    docker compose up -d
+    sleep 5
+    ./ldap-init.sh
+    ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
+fi