mauro/docker-image-openldap
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Compare commits

base: mauro:main
Branches Tags
mauro:main
mauro:master
mauro:provider
mauro:provider2
..
compare: mauro:master
Branches Tags
mauro:main
mauro:master
mauro:provider
mauro:provider2

No commits in common. "main" and "master" have entirely different histories.
main ... master

8 changed files with 31 additions and 221 deletions
Show Stats Expand all files Collapse all files

30
.drone.yml Normal file
View File

@ -0,0 +1,30 @@
---
kind: pipeline
name: default
steps:
- name: build image only
image: plugins/docker
settings:
repo: eumau/openldap
auto_tag: true
dry_run: true
when:
ref:
- refs/pull/**
# event no anda (?)
# event:
# - pull_request
- name: build and publish image
image: plugins/docker
settings:
repo: eumau/openldap
auto_tag: true
username:
from_secret: dockerhub_username
password:
from_secret: dockerhub_password
when:
branch:
- master

39
.gitea/workflows/build.yml
View File

@ -1,39 +0,0 @@
name: Build Docker images
on:
push:
branches:
- main
workflow_dispatch:
jobs:
docker:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
repo:
- "eumau/openldap"
tag:
- "1"
- latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push image
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ matrix.repo }}:${{ matrix.tag }}
platforms: linux/amd64,linux/arm64

3
Dockerfile
View File

@ -1,4 +1,4 @@
FROM eumau/debian:bookworm-slim FROM eumau/debian:buster-slim
# admin CN => dn: cn=%%ADMIN_CN%%,%%DOMAIN_DN%% # admin CN => dn: cn=%%ADMIN_CN%%,%%DOMAIN_DN%%
ENV LDAP_ADMIN_CN="admin" ENV LDAP_ADMIN_CN="admin"
@ -31,7 +31,6 @@ RUN apt-get update \
ADD setup /start.d ADD setup /start.d
ADD confd /etc/confd/ ADD confd /etc/confd/
ADD entrypoint.sh / ADD entrypoint.sh /
ADD ldap_backup ldap_restore /usr/local/sbin/
EXPOSE 389 EXPOSE 389

11
confd/conf.d/add_ldap_group.toml
View File

@ -1,11 +0,0 @@
[template]
src = "add_ldap_group.tmpl"
prefix = "/ldap"
dest = "/usr/local/bin/add_ldap_group"
mode = "0755"
keys = [
"/admin/cn",
"/admin/password",
"/domain",
"/domain/dn",
]

100
confd/templates/add_ldap_group.tmpl
View File

@ -1,100 +0,0 @@
#!/bin/bash
assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && echo ${@} ; exit 1 ; } }
usage() {
cat <<EOF
usage: docker exec [...] add_ldap_group [-c COMMON_NAME] [-u UID] [-p PASSWORD] [-e EMAIL]
Unset options will be prompted interactively.
EOF
}
COMMON_NAME=
USER_UID=
USER_EMAIL=
USER_PASS=
SURNAME=
while getopts "c: u: e: p:" OPCION
do
case ${OPCION} in
"c")
COMMON_NAME=${OPTARG}
;;
"s")
SURNAME=${OPTARG}
;;
"u")
USER_UID=${OPTARG}
;;
"e")
USER_EMAIL=${OPTARG}
;;
"p")
USER_PASS=${OPTARG}
;;
*)
usage
exit 2
;;
esac
done
LDAP_ADMIN_CN="{{ getv "/admin/cn" }}"
LDAP_ADMIN_PASSWORD="{{ getv "/admin/password" }}"
LDAP_DOMAIN="{{ getv "/domain" }}"
LDAP_DOMAIN_DN="{{ getv "/domain/dn" }}"
DN0="dc=${LDAP_DOMAIN//./,dc=}"
LDAP_DOMAIN_DN=${LDAP_DOMAIN_DN:=${DN0}}
[[ -n ${USER_UID} ]] || {
echo -n "Enter user UID (e.g. jdoe) > "
read USER_UID
}
# echo "Check if uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN} exists"
RES_DN=$(ldapsearch -LLL -H ldap:/// -D cn=${LDAP_ADMIN_CN},${LDAP_DOMAIN_DN} \
-w "${LDAP_ADMIN_PASSWORD}" -s base \
-b "uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN}" \
"(objectClass=*)" 2>/dev/null \
| egrep '^dn: ' | sed -e 's/^dn: //g' )
[[ -z ${RES_DN} ]]
assert "User already present. Please choose a different UID."
[[ -n ${COMMON_NAME} ]] || {
echo -n "Enter user CN (e.g. John Doe) > "
read COMMON_NAME
}
[[ -n ${SURNAME} ]] || {
echo -n "Enter user SN (e.g. Doe) > "
read SURNAME
}
[[ -n ${USER_PASS} ]] || {
echo -n "Enter user password (will not be echoed) > "
read -s USER_PASS
echo ""
}
[[ -n ${USER_EMAIL} ]] || {
echo -n "Enter user email (leave blank for ${USER_UID}@${LDAP_DOMAIN}) > "
read USER_EMAIL
}
USER_EMAIL="${USER_EMAIL:=${USER_UID}@${LDAP_DOMAIN}}"
PWHASH=$(slappasswd -h "{SSHA}" -s "${USER_PASS}")
echo "Creating user uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN}"
ldapadd -H ldap:/// -D cn=${LDAP_ADMIN_CN},${LDAP_DOMAIN_DN} \
-w "${LDAP_ADMIN_PASSWORD}" <<-EOF
dn: uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN}
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: ${COMMON_NAME}
sn: ${SURNAME}
uid: ${USER_UID}
userPassword: ${PWHASH}
mail: ${USER_EMAIL}
EOF
assert "Error adding user!"

1
confd/templates/add_ldap_user.tmpl
View File

@ -70,7 +70,6 @@ assert "User already present. Please choose a different UID."
[[ -n ${USER_PASS} ]] || { [[ -n ${USER_PASS} ]] || {
echo -n "Enter user password (will not be echoed) > " echo -n "Enter user password (will not be echoed) > "
read -s USER_PASS read -s USER_PASS
echo ""
} }
[[ -n ${USER_EMAIL} ]] || { [[ -n ${USER_EMAIL} ]] || {
echo -n "Enter user email (leave blank for ${USER_UID}@${LDAP_DOMAIN}) > " echo -n "Enter user email (leave blank for ${USER_UID}@${LDAP_DOMAIN}) > "

15
ldap_backup
View File

@ -1,15 +0,0 @@
#!/bin/bash
assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && echo ${@} ; exit 1 ; } }
[[ -n "${LDAP_CONFIG_PASSWORD}" ]]
assert "FATAL: Please set LDAP_CONFIG_PASSWORD and retry."
# Count databases
DB_COUNT=$(ldapsearch -D cn=admin,cn=config -w "${LDAP_CONFIG_PASSWORD}" -b cn=config -LLL "(olcDatabase=mdb)" dn | tr -s '\n' | wc -l)
# Perform backup
for i in $(seq 0 ${DB_COUNT})
do slapcat -n ${i} -l /var/backups/ldap/${i}.ldif
done
echo "Backed up ${DB_COUNT} databases in /var/backups/ldap."

53
ldap_restore
View File

@ -1,53 +0,0 @@
#!/bin/bash
assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && echo ${@} ; exit 1 ; } }
[[ -f /var/backups/ldap/0.ldif ]]
assert "Unable to restore backup. Missing /var/backups/ldap/0.ldif backup of cn=config."
[[ -f /var/backups/ldap/1.ldif ]]
assert "Unable to restore backup. Missing /var/backups/ldap/1.ldif backup of first database."
[[ -n "${LDAP_DOMAIN}" ]]
assert "FATAL: Please set LDAP_DOMAIN and retry."
DN0="dc=${LDAP_DOMAIN//./,dc=}"
LDAP_DOMAIN_DN=${LDAP_DOMAIN_DN:=${DN0}}
# Backup and clean existing config directory
tar czf /var/backups/ldap/etc_ldap_slapd_d-$(date '+%Y-%m-%d').tar.gz /etc/ldap/slapd.d
assert "FATAL: could not backup /etc/ldap/slapd.d before restoring."
find /etc/ldap/slapd.d -mindepth 1 -delete
assert "FATAL: could not clean /etc/ldap/slapd.d before restoring."
# Backup and clean existing data directory
tar czf /var/backups/ldap/var_lib_ldap-$(date '+%Y-%m-%d').tar.gz /var/lib/ldap
assert "FATAL: could not backup /var/lib/ldap before restoring."
find /var/lib/ldap -mindepth 1 -delete
assert "FATAL: could not clean /var/lib/ldap before restoring."
mkdir "/var/lib/ldap/${LDAP_DOMAIN_DN}"
assert "FATAL: could not create /var/lib/ldap/${LDAP_DOMAIN_DN}."
# Restore cn=config
echo "Restoring cn=config..."
slapadd -n 0 -F /etc/ldap/slapd.d -l /var/backups/ldap/0.ldif
assert "FATAL: error restoring cn=config using slapadd."
chown -R openldap:openldap /etc/ldap/slapd.d
assert "FATAL: could not fix /etc/ldap/slapd.d permissions."
for LDIF in /var/backups/ldap/*.ldif
do
# Check if it's cn=config backup
if [[ "${LDIF}" == "/var/backups/ldap/0.ldif" ]]
then continue
else
INDEX=$(basename "${LDIF}" | sed 's/.ldif$//g')
[[ "${INDEX}" =~ ^[0-9]+$ ]]
assert "FATAL: could not determine the DB index for ${LDIF}."
echo "Restoring database ${INDEX}..."
slapadd -n ${INDEX} -F /etc/ldap/slapd.d -l "${LDIF}"
assert "FATAL: error restoring database ${INDEX} using slapadd."
fi
done
chown -R openldap:openldap /var/lib/ldap
assert "FATAL: could not fix /var/lib/ldap permissions."