Add ldap testing image with active directory schema #166
Conversation
|
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
eformat
changed the title
|
i have signed the cla and returned on 16/5/23. cheers |
|
cc: @Praveen2112 .. this will need to merge as well .. for tests. |
| # limitations under the License. | ||
|
|
||
| ARG ARCH | ||
| FROM testing/centos7-oj17:unlabelled$ARCH |
There was a problem hiding this comment.
Is it possible to have an unlabelled image which could be shared both by OpenLDAP and AD configuration - Most of the statements are similar to OpenLDAP and it would be nice if we could extract them.
There was a problem hiding this comment.
yes, its possible. would involve refactoring both images of course. the code + tests for LDAP authentication are not impacted at the moment - but would be if we do this
There was a problem hiding this comment.
OK @Praveen2112 - refactored into a common base now. PTAL.
...os7-oj17-openldap-active-directory/files/etc/openldap/certs/active-directory-certificate.crt
Outdated
Show resolved
Hide resolved
|
@Praveen2112 - i may need some help around order of these builds to make this pass testing ? can you advise best way to achieve it (base will need to be built + pushed i think) testing/centos7-oj17-openldap-base
\
\ -- testing/centos7-oj17-openldap-active-directory
\
\ -- testing/centos7-oj17-openldap
|
testing/centos7-oj17-openldap-referrals |
|
@Praveen2112 i have fixed up the ldap test now - looks like a random other image test build failed which is unrelated. What else is holding this one up from being merged ? |
|
Thanks for fixing it. Can we squash and rearrange the commit - first commit would be the refactor one and AD can added in the next commit. |
eformat
force-pushed
the
add-centos7-oj17-openldap-active-directory
branch
6 times, most recently
from
30624d6
to
4502c44
Compare
|
@Praveen2112 - done. thx. |
|
The failure is not related to the changes - it is a blocker for releasing this image - I'll try to fix the failure in a different PR. |
|
Can you rebase the PR to the recent changes in the master ? |
|
Done |
| @@ -0,0 +1,4298 @@ | |||
| # $OpenLDAP$ | |||
There was a problem hiding this comment.
This should be in the next commit right ?
There was a problem hiding this comment.
Is it possible to wget or download them from a specific url ?
There was a problem hiding this comment.
as documented in the Dockerfile its from here
- active dictory schema from https://git.openldap.org/openldap/openldap/-/raw/master/servers/slapd/schema/msuser.ldif
you cant easily wget it, as there are some minor modifications required to make sure it loads properly.
its pretty old, so wont load as-is without commenting out a couple of duplicate definitions that were clearly loaded ok at some time in the distant past.
There was a problem hiding this comment.
This should be in the next commit, and it should be in directory relative to AD
eformat
force-pushed
the
add-centos7-oj17-openldap-active-directory
branch
3 times, most recently
from
dae0079
to
2ad1117
Compare
|
Let me know if you need any help on moving the changes across commits. Happy to help |
eformat
force-pushed
the
add-centos7-oj17-openldap-active-directory
branch
2 times, most recently
from
c254981
to
6155136
Compare
eformat
force-pushed
the
add-centos7-oj17-openldap-active-directory
branch
4 times, most recently
from
f145488
to
e13cded
Compare
|
changes moved commits as requested. cheers. |
| @@ -0,0 +1,4298 @@ | |||
| # $OpenLDAP$ | |||
There was a problem hiding this comment.
This should be in the next commit, and it should be in directory relative to AD
testing/cdh5.15-hive-kerberized-kms/files/usr/bin/extract_rpms.sh
Outdated
Show resolved
Hide resolved
testing/centos7-oj17-openldap-base/files/etc/openldap/setup/refint.ldif
Outdated
Show resolved
Hide resolved
testing/centos7-oj17-openldap-base/files/etc/openldap/setup/createOU.ldif
Outdated
Show resolved
Hide resolved
eformat
force-pushed
the
add-centos7-oj17-openldap-active-directory
branch
from
77f8830
to
f08e5e6
Compare
|
@Praveen2112 - can we get this merged please ? i dont have a tonne of time to keep making small changes in commit ordering. Those are cosmetic changes really to the functionality. I am happy to squash it all in one commit if that is easier for you to review. |
Praveen2112
force-pushed
the
add-centos7-oj17-openldap-active-directory
branch
from
f08e5e6
to
7110a2f
Compare
|
Thanks for working on this. |
add a testing image for open ldap server with active directory schema from openldap. see:
https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/schema/msuser.ldif
this is linked to tests coming in this PR - "Ldap Group Provider" - trinodb/trino#17518
there are some slight tweaks to the msuser schema to make it load correctly e.g whitespace (tab for spaces) and rename a couple of clashing attributes.
for testing, the memberOf attribute is intentionally made a String. for RDN based memberOf, we can use the existing openldap image OK.