From 2ad5c5401011b9289b1ad6f4f83b8cfe84d2e635 Mon Sep 17 00:00:00 2001
From: Oleksandr Havryliak <oleksandr.havryliak@percona.com>
Date: Wed, 12 Feb 2025 16:41:50 +0200
Subject: [PATCH 1/3] PBM fix LDAP group

---
 pmm_psmdb_diffauth_setup/conf/mongod.conf    | 2 +-
 pmm_psmdb_diffauth_setup/init/setup_psmdb.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pmm_psmdb_diffauth_setup/conf/mongod.conf b/pmm_psmdb_diffauth_setup/conf/mongod.conf
index d721facb..538749c4 100644
--- a/pmm_psmdb_diffauth_setup/conf/mongod.conf
+++ b/pmm_psmdb_diffauth_setup/conf/mongod.conf
@@ -26,7 +26,7 @@ security:
     validateLDAPServerConfig: false
     transportSecurity: none
     servers: ldap-server:1389
-    userToDNMapping: '[{match: "arn:aws:iam::(.+):user/(.+)|CN=(.+)", substitution: "cn={1}{2},ou=users,dc=example,dc=org"}]'
+    userToDNMapping: '[{match: "arn:aws:iam::(.+):user/(.+)|CN=(.+)", substitution: "cn={1}{2},ou=groups,dc=example,dc=org"}]'
     authz:
        queryTemplate: 'dc=example,dc=org??sub?(&(objectClass=groupOfNames)(member={USER}))'
 setParameter:
diff --git a/pmm_psmdb_diffauth_setup/init/setup_psmdb.js b/pmm_psmdb_diffauth_setup/init/setup_psmdb.js
index 8f1c8fe0..3614f545 100644
--- a/pmm_psmdb_diffauth_setup/init/setup_psmdb.js
+++ b/pmm_psmdb_diffauth_setup/init/setup_psmdb.js
@@ -26,7 +26,7 @@ db.getSiblingDB("admin").createRole({
     roles:[]
 });
 db.getSiblingDB("admin").createRole({
-     role: "cn=readers,ou=users,dc=example,dc=org",
+     role: "cn=readers,ou=groups,dc=example,dc=org",
      privileges: [],
      roles: [
        { role: "explainRole", db: "admin" },

From 84cd7712a5585d8b757e913693bddf24fb1a6da6 Mon Sep 17 00:00:00 2001
From: Oleksandr Havryliak <oleksandr.havryliak@percona.com>
Date: Wed, 12 Feb 2025 17:16:11 +0200
Subject: [PATCH 2/3] PSMDB do not fail on the first failure

---
 pmm_psmdb_diffauth_setup/test-auth.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pmm_psmdb_diffauth_setup/test-auth.sh b/pmm_psmdb_diffauth_setup/test-auth.sh
index d7230d6f..05df4906 100755
--- a/pmm_psmdb_diffauth_setup/test-auth.sh
+++ b/pmm_psmdb_diffauth_setup/test-auth.sh
@@ -68,7 +68,7 @@ done
 tests=${TESTS:-yes}
 if [ $tests = "yes" ]; then
     echo "running tests"
-    output=$(docker compose -f docker-compose-pmm-psmdb.yml run test pytest -s -x --verbose test.py)
+    output=$(docker compose -f docker-compose-pmm-psmdb.yml run test pytest -s --verbose test.py)
     else
     echo "skipping tests"
 fi

From bca0ad0ab3553498d9d7fa83101bcd18a42d6641 Mon Sep 17 00:00:00 2001
From: Oleksandr Havryliak <oleksandr.havryliak@percona.com>
Date: Wed, 12 Feb 2025 18:11:06 +0200
Subject: [PATCH 3/3] Use latest openldap

---
 pmm_psmdb_diffauth_setup/conf/mongod.conf             | 2 +-
 pmm_psmdb_diffauth_setup/docker-compose-pmm-psmdb.yml | 2 +-
 pmm_psmdb_diffauth_setup/test-auth.sh                 | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pmm_psmdb_diffauth_setup/conf/mongod.conf b/pmm_psmdb_diffauth_setup/conf/mongod.conf
index 538749c4..d721facb 100644
--- a/pmm_psmdb_diffauth_setup/conf/mongod.conf
+++ b/pmm_psmdb_diffauth_setup/conf/mongod.conf
@@ -26,7 +26,7 @@ security:
     validateLDAPServerConfig: false
     transportSecurity: none
     servers: ldap-server:1389
-    userToDNMapping: '[{match: "arn:aws:iam::(.+):user/(.+)|CN=(.+)", substitution: "cn={1}{2},ou=groups,dc=example,dc=org"}]'
+    userToDNMapping: '[{match: "arn:aws:iam::(.+):user/(.+)|CN=(.+)", substitution: "cn={1}{2},ou=users,dc=example,dc=org"}]'
     authz:
        queryTemplate: 'dc=example,dc=org??sub?(&(objectClass=groupOfNames)(member={USER}))'
 setParameter:
diff --git a/pmm_psmdb_diffauth_setup/docker-compose-pmm-psmdb.yml b/pmm_psmdb_diffauth_setup/docker-compose-pmm-psmdb.yml
index f1ee9fcb..53997b11 100644
--- a/pmm_psmdb_diffauth_setup/docker-compose-pmm-psmdb.yml
+++ b/pmm_psmdb_diffauth_setup/docker-compose-pmm-psmdb.yml
@@ -76,7 +76,7 @@ services:
   ldap-server:
     container_name: ldap-server
     hostname: ldap-server
-    image: bitnami/openldap:2
+    image: bitnami/openldap
     environment:
       - LDAP_ADMIN_USERNAME=admin
       - LDAP_ADMIN_PASSWORD=adminpassword
diff --git a/pmm_psmdb_diffauth_setup/test-auth.sh b/pmm_psmdb_diffauth_setup/test-auth.sh
index 05df4906..d290f368 100755
--- a/pmm_psmdb_diffauth_setup/test-auth.sh
+++ b/pmm_psmdb_diffauth_setup/test-auth.sh
@@ -37,6 +37,7 @@ cat pki/private/pmm-test.key pki/issued/pmm-test.crt > certs/client.pem
 find certs -type f -exec chmod 644 {} \;
 
 #Start setup
+docker compose -f docker-compose-pmm-psmdb.yml down -v --remove-orphans
 docker compose -f docker-compose-pmm-psmdb.yml build
 docker compose -f docker-compose-pmm-psmdb.yml up -d