-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ldap testing image with active directory schema #166
Add ldap testing image with active directory schema #166
Conversation
Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to cla@trino.io. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla |
i have signed the cla and returned on 16/5/23. cheers |
cc: @Praveen2112 .. this will need to merge as well .. for tests. |
# limitations under the License. | ||
|
||
ARG ARCH | ||
FROM testing/centos7-oj17:unlabelled$ARCH |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to have an unlabelled image which could be shared both by OpenLDAP and AD configuration - Most of the statements are similar to OpenLDAP and it would be nice if we could extract them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, its possible. would involve refactoring both images of course. the code + tests for LDAP authentication are not impacted at the moment - but would be if we do this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK @Praveen2112 - refactored into a common base now. PTAL.
...os7-oj17-openldap-active-directory/files/etc/openldap/certs/active-directory-certificate.crt
Outdated
Show resolved
Hide resolved
@Praveen2112 - i may need some help around order of these builds to make this pass testing ? can you advise best way to achieve it (base will need to be built + pushed i think) testing/centos7-oj17-openldap-base
\
\ -- testing/centos7-oj17-openldap-active-directory
\
\ -- testing/centos7-oj17-openldap
|
testing/centos7-oj17-openldap-referrals |
@Praveen2112 i have fixed up the ldap test now - looks like a random other image test build failed which is unrelated. What else is holding this one up from being merged ? |
Thanks for fixing it. Can we squash and rearrange the commit - first commit would be the refactor one and AD can added in the next commit. |
30624d6
to
4502c44
Compare
@Praveen2112 - done. thx. |
The failure is not related to the changes - it is a blocker for releasing this image - I'll try to fix the failure in a different PR. |
Can you rebase the PR to the recent changes in the master ? |
Done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we remove the merge commit (last commit) and instead do a rebase
- so the history could be a bit clear
@@ -0,0 +1,4298 @@ | |||
# $OpenLDAP$ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be in the next commit right ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to wget
or download them from a specific url ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as documented in the Dockerfile its from here
- active dictory schema from https://git.openldap.org/openldap/openldap/-/raw/master/servers/slapd/schema/msuser.ldif
you cant easily wget it, as there are some minor modifications required to make sure it loads properly.
its pretty old, so wont load as-is without commenting out a couple of duplicate definitions that were clearly loaded ok at some time in the distant past.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be in the next commit, and it should be in directory relative to AD
dae0079
to
2ad1117
Compare
Let me know if you need any help on moving the changes across commits. Happy to help |
c254981
to
6155136
Compare
f145488
to
e13cded
Compare
changes moved commits as requested. cheers. |
@@ -0,0 +1,4298 @@ | |||
# $OpenLDAP$ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be in the next commit, and it should be in directory relative to AD
testing/cdh5.15-hive-kerberized-kms/files/usr/bin/extract_rpms.sh
Outdated
Show resolved
Hide resolved
testing/centos7-oj17-openldap-base/files/etc/openldap/setup/refint.ldif
Outdated
Show resolved
Hide resolved
testing/centos7-oj17-openldap-base/files/etc/openldap/setup/createOU.ldif
Outdated
Show resolved
Hide resolved
77f8830
to
f08e5e6
Compare
@Praveen2112 - can we get this merged please ? i dont have a tonne of time to keep making small changes in commit ordering. Those are cosmetic changes really to the functionality. I am happy to squash it all in one commit if that is easier for you to review. |
f08e5e6
to
7110a2f
Compare
Thanks for working on this. |
add a testing image for open ldap server with active directory schema from openldap. see:
https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/schema/msuser.ldif
this is linked to tests coming in this PR - "Ldap Group Provider" - trinodb/trino#17518
there are some slight tweaks to the msuser schema to make it load correctly e.g whitespace (tab for spaces) and rename a couple of clashing attributes.
for testing, the memberOf attribute is intentionally made a String. for RDN based memberOf, we can use the existing openldap image OK.