Skip to content
Permalink
Browse files
FC-305 - Upgrade OpenLDAP Docker Container
  • Loading branch information
shawnmckinney committed Dec 30, 2021
1 parent 90a30c9 commit 118bb13559c872366d9b5f4e1373b7b25daccceb
Showing 2 changed files with 51 additions and 53 deletions.
@@ -1,5 +1,5 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
@@ -11,35 +11,35 @@
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#

FROM debian:8

FROM centos:8
# Install openldap
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN apt-get install -y -qq slapd ldap-utils

RUN dnf install 'dnf-command(copr)' -y
RUN dnf install epel-release -y
ADD https://repo.symas.com/configs/SOLDAP/rhel8/release25.repo /etc/yum.repos.d/soldap-release25.repo
RUN yum install symas-openldap-clients symas-openldap-servers -y
# Add fortress schema and slapd config
ADD ldap/schema/fortress.schema /etc/ldap/schema/
ADD ldap/schema/rbac.schema /etc/ldap/schema/
ADD src/docker/openldap-for-apache-fortress-tests/slapd.conf /etc/ldap/

ADD ldap/schema/fortress.schema /opt/symas/etc/openldap/schema/
ADD ldap/schema/rbac.schema /opt/symas/etc/openldap/schema/
ADD src/docker/openldap-for-apache-fortress-tests/slapd.conf /opt/symas/etc/openldap/
# Create run directory
RUN mkdir -p /var/run/openldap
# Create database directories
RUN mkdir -p /var/lib/ldap/dflt
RUN mkdir -p /var/lib/ldap/hist
RUN chown -R openldap:openldap /var/lib/ldap

# Delete slapd-config which was created during installation
# and create new one by converting from old slapd.conf
RUN rm -rf /etc/ldap/slapd.d/*
RUN slaptest -u -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d

RUN mkdir -p "/var/symas/openldap-data/dc=example,dc=com"
RUN mkdir -p "/var/symas/openldap-data/cn=log"
# create slapd user and group
RUN groupadd openldap
RUN useradd openldap -g openldap
# Prepare the runtime env
RUN chown -R openldap:openldap /opt/symas/lib/
RUN chown -R openldap:openldap /var/run/openldap/
RUN chown -R openldap:openldap /opt/symas/etc/openldap/
RUN chown -R openldap:openldap /var/symas/openldap-data/
RUN /opt/symas/sbin/slaptest -u -f /opt/symas/etc/openldap/slapd.conf -u
EXPOSE 389

CMD ["/usr/sbin/slapd", "-d", "32768", "-u", "root", "-g", "root"]

# Start daemon
CMD ["/opt/symas/lib/slapd", "-d", "stats", "-u", "openldap", "-g", "openldap"]
@@ -18,29 +18,26 @@
#
#
# Fortress slapd.conf default settings.

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/fortress.schema
include /etc/ldap/schema/rbac.schema
include /opt/symas/etc/openldap/schema/core.schema
include /opt/symas/etc/openldap/schema/cosine.schema
include /opt/symas/etc/openldap/schema/inetorgperson.schema
include /opt/symas/etc/openldap/schema/openldap.schema
include /opt/symas/etc/openldap/schema/rfc2307bis.schema
include /opt/symas/etc/openldap/schema/fortress.schema
include /opt/symas/etc/openldap/schema/rbac.schema

disallow bind_anon
idletimeout 0
sizelimit 5000
timelimit 60
threads 4
loglevel 32768
gentlehup on
loglevel stats
threads 4
sortvals roleOccupant

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

modulepath /usr/lib/ldap
modulepath /opt/symas/lib/openldap
moduleload back_mdb.la
moduleload ppolicy.la
moduleload accesslog.la
@@ -55,23 +52,26 @@ access to dn.base="" by * read
access to dn.base="cn=subschema"
by * read

password-hash {SSHA}
password-hash "{CRYPT}"
password-crypt-salt-format "$6$%.8s"

#######################################################################
# History DB Settings
#######################################################################
database mdb
maxreaders 64
maxsize 1000000000
database mdb
maxsize 1000000000
suffix "cn=log"
rootdn "cn=Manager,cn=log"
rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
directory "/var/lib/ldap/hist"
access to *
by dn.base="cn=Manager,cn=log" write
directory "/var/symas/openldap-data/cn=log"
# Accesslog is readable by replicator and fortress:
access to dn.subtree="cn=log"
by dn.exact="cn=replicator,dc=admin,dc=example,dc=com" read
by dn.exact="cn=fortress-admin,dc=admin,dc=example,dc=com" read
by * break
dbnosync
checkpoint 64 5
checkpoint 0 5

# Accesslog is readable by replicator and fortress:
access to dn.subtree="cn=log"
@@ -83,7 +83,6 @@ access to dn.subtree="cn=log"
# Default DB Settings
#######################################################################
database mdb
maxreaders 64
maxsize 1000000000
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
@@ -94,11 +93,11 @@ index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq
index roleOccupant eq

directory "/var/lib/ldap/dflt"
directory "/var/symas/openldap-data/dc=example,dc=com"
overlay accesslog
logdb "cn=log"
dbnosync
checkpoint 64 5
checkpoint 0 5

# The fortress admin needs write access to the whole DIT
access to dn.subtree="dc=example,dc=com"
@@ -146,4 +145,3 @@ ppolicy_hash_cleartext
# Monitor database
#######################################################################
database monitor

0 comments on commit 118bb13

Please sign in to comment.