You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by se...@apache.org on 2016/12/03 23:37:23 UTC
directory-fortress-core git commit: FC-202: Add new Dockerfile that
uses latest slapd install docs
Repository: directory-fortress-core
Updated Branches:
refs/heads/master 755cdc487 -> 03a56291c
FC-202: Add new Dockerfile that uses latest slapd install docs
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/03a56291
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/03a56291
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/03a56291
Branch: refs/heads/master
Commit: 03a56291ca7c5477864d7901553e8fd69b529aa8
Parents: 755cdc4
Author: Stefan Seelmann <ma...@stefan-seelmann.de>
Authored: Sun Dec 4 00:36:50 2016 +0100
Committer: Stefan Seelmann <ma...@stefan-seelmann.de>
Committed: Sun Dec 4 00:36:50 2016 +0100
----------------------------------------------------------------------
.../Dockerfile | 45 ++++++++
.../run-tests.sh | 58 ++++++++++
.../slapd.conf | 115 +++++++++++++++++++
3 files changed, 218 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/03a56291/src/docker/openldap-for-apache-fortress-tests/Dockerfile
----------------------------------------------------------------------
diff --git a/src/docker/openldap-for-apache-fortress-tests/Dockerfile b/src/docker/openldap-for-apache-fortress-tests/Dockerfile
new file mode 100644
index 0000000..f43d4de
--- /dev/null
+++ b/src/docker/openldap-for-apache-fortress-tests/Dockerfile
@@ -0,0 +1,45 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+FROM debian:8
+
+# Install openldap
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update
+RUN apt-get install -y -qq slapd ldap-utils
+
+# Add fortress schema and slapd config
+ADD ldap/schema/fortress.schema /etc/ldap/schema/
+ADD ldap/schema/rbac.schema /etc/ldap/schema/
+ADD src/docker/openldap-for-apache-fortress-tests/slapd.conf /etc/ldap/
+
+# Create database directories
+RUN mkdir -p /var/lib/ldap/dflt
+RUN mkdir -p /var/lib/ldap/hist
+RUN chown -R openldap:openldap /var/lib/ldap
+
+# Delete slapd-config which was created during installation
+# and create new one by converting from old slapd.conf
+RUN rm -rf /etc/ldap/slapd.d/*
+RUN slaptest -u -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
+
+EXPOSE 389
+
+CMD ["/usr/sbin/slapd", "-d", "32768", "-u", "root", "-g", "root"]
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/03a56291/src/docker/openldap-for-apache-fortress-tests/run-tests.sh
----------------------------------------------------------------------
diff --git a/src/docker/openldap-for-apache-fortress-tests/run-tests.sh b/src/docker/openldap-for-apache-fortress-tests/run-tests.sh
new file mode 100755
index 0000000..4238dc1
--- /dev/null
+++ b/src/docker/openldap-for-apache-fortress-tests/run-tests.sh
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# stop execution if any command fails (i.e. exits with status code > 0)
+set -e
+
+# trace commands
+set -x
+
+# startup docker container
+CONTAINER_ID=$(docker run -d -P apachedirectory/openldap-for-apache-fortress-tests)
+CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "389/tcp") 0).HostPort}}' $CONTAINER_ID)
+echo $CONTAINER_PORT
+
+# configure build.properties
+cp build.properties.example build.properties
+sed -i 's/^ldap\.server\.type=.*/ldap.server.type=openldap/' build.properties
+sed -i 's/^ldap\.host=.*/ldap.host=localhost/' build.properties
+sed -i 's/^ldap\.port=.*/ldap.port='${CONTAINER_PORT}'/' build.properties
+sed -i 's/^suffix\.name=.*/suffix.name=example/' build.properties
+sed -i 's/^suffix\.dc=.*/suffix.dc=com/' build.properties
+sed -i 's/^root\.dn=.*/root.dn=cn=Manager,${suffix}/' build.properties
+sed -i 's/^root\.pw=.*/root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU/' build.properties
+sed -i 's/^cfg\.root\.pw=.*/cfg.root.pw=secret/' build.properties
+sed -i 's/^root\.dn=.*/root.dn=cn=Manager,${suffix}/' build.properties
+
+# prepare
+mvn clean install
+mvn install -Dload.file=./ldap/setup/refreshLDAPData.xml
+mvn install -Dload.file=./ldap/setup/DelegatedAdminManagerLoad.xml
+
+# run tests
+mvn test -Dtest=FortressJUnitTest
+
+# rerun tests to verify teardown APIs work
+mvn test -Dtest=FortressJUnitTest
+
+# stop and delete docker container
+docker stop $CONTAINER_ID
+docker rm $CONTAINER_ID
+
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/03a56291/src/docker/openldap-for-apache-fortress-tests/slapd.conf
----------------------------------------------------------------------
diff --git a/src/docker/openldap-for-apache-fortress-tests/slapd.conf b/src/docker/openldap-for-apache-fortress-tests/slapd.conf
new file mode 100644
index 0000000..426a61b
--- /dev/null
+++ b/src/docker/openldap-for-apache-fortress-tests/slapd.conf
@@ -0,0 +1,115 @@
+
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/ppolicy.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/inetorgperson.schema
+include /etc/ldap/schema/nis.schema
+include /etc/ldap/schema/openldap.schema
+include /etc/ldap/schema/fortress.schema
+include /etc/ldap/schema/rbac.schema
+
+disallow bind_anon
+idletimeout 0
+sizelimit 5000
+timelimit 60
+threads 8
+loglevel 32768
+gentlehup on
+pidfile /var/run/slapd/slapd.pid
+argsfile /var/run/slapd/slapd.args
+modulepath /usr/lib/ldap
+moduleload back_mdb.la
+moduleload ppolicy.la
+moduleload accesslog.la
+moduleload dds.la
+moduleload back_monitor.la
+
+### ACLs
+access to dn="" by * read
+access to *
+ by self write
+ by users read
+ by anonymous auth
+ by sockurl="^ldapi:///$" write
+
+### This one allows user to modify their own password (needed for pw policies):
+### This also allows user to modify their own ftmod attributes (needed for audit):
+access to attrs=userpassword
+ by self write
+ by * auth
+
+### Must allow access to dn.base to read supported features on this directory:
+access to dn.base="" by * read
+access to dn.base="cn=Subschema" by * read
+access to *
+ by self write
+ by anonymous auth
+
+### Disable null base search of rootDSE
+### This disables auto-discovery capabilities of clients.
+# Changed -> access to dn.base="" by * read <- to the following:
+access to dn.base=""
+ by * none
+password-hash {SSHA}
+
+#######################################################################
+# History DB Settings
+#######################################################################
+database mdb
+maxreaders 64
+maxsize 1000000000
+suffix "cn=log"
+rootdn "cn=Manager,cn=log"
+rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
+directory "/var/lib/ldap/hist"
+access to *
+ by dn.base="cn=Manager,cn=log" write
+dbnosync
+checkpoint 64 5
+
+
+#######################################################################
+# Default DB Settings
+#######################################################################
+database mdb
+maxreaders 64
+maxsize 1000000000
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+
+index uidNumber,gidNumber,objectclass eq
+index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
+index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq
+
+directory "/var/lib/ldap/dflt"
+overlay accesslog
+logdb "cn=log"
+dbnosync
+checkpoint 64 5
+
+
+#######################################################################
+# Audit Log Settings
+#######################################################################
+logops bind writes compare
+logoldattr ftModifier ftModCode ftModId ftRC ftRA ftARC ftARA ftCstr ftId ftPermName ftObjNm ftOpNm ftObjId ftGroups ftRoles ftUsers ftType
+logpurge 5+00:00 1+00:00
+
+
+#######################################################################
+# PW Policy Settings
+#######################################################################
+# Enable the Password Policy overlay to enforce password policies on this database.
+overlay ppolicy
+ppolicy_default "cn=PasswordPolicy,ou=Policies,dc=example,dc=com"
+ppolicy_use_lockout
+ppolicy_hash_cleartext
+
+
+#######################################################################
+# Monitor database
+#######################################################################
+database monitor
+