diff --git a/scripts/docker-compose.yml b/scripts/docker-compose.yml index 77a26251f9a..d65894d3257 100644 --- a/scripts/docker-compose.yml +++ b/scripts/docker-compose.yml @@ -1,7 +1,7 @@ name: uaa services: - postgres: + postgresql: image: "postgres:15" ports: - 5432:5432 @@ -33,22 +33,18 @@ services: - TZ=${TZ} command: - --sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,PAD_CHAR_TO_FULL_LENGTH + openldap: - image: docker.io/bitnami/openldap:2.6 + build: + context: . + dockerfile: ldap/Dockerfile ports: - - '389:1389' - - '636:1636' - # docs of these env vars: https://github.com/bitnami/containers/tree/2724f9cd02b3b4e7986a1e2a0b0b30af3737bbd2/bitnami/openldap#configuration - environment: - - LDAP_ROOT=dc=test,dc=com - - LDAP_ADMIN_USERNAME=admin - - LDAP_ADMIN_PASSWORD=password - - LDAP_USERS=user01,user02 - - LDAP_PASSWORDS=password1,password2 - - LDAP_GROUP=some-ldap-group + - '389:389' + - '636:636' + entrypoint: [ "/bin/bash", "-c" ] + command: + - "/uaa/docker/ldap-start-and-populate.sh" + tty: true volumes: - - 'openldap_data:/bitnami/openldap' + - ./ldap:/uaa/docker/ -volumes: - openldap_data: - driver: local \ No newline at end of file diff --git a/scripts/ldap/Dockerfile b/scripts/ldap/Dockerfile new file mode 100644 index 00000000000..6953eb52462 --- /dev/null +++ b/scripts/ldap/Dockerfile @@ -0,0 +1,49 @@ +FROM ubuntu:jammy + +STOPSIGNAL SIGQUIT + +SHELL ["/bin/bash", "-xo", "pipefail", "-c"] + +# Generate locale C.UTF-8 +ENV LANG=C.UTF-8 +ENV TZ=UTC + +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +RUN DEBIAN_FRONTEND=noninteractive apt-get -qy update +RUN DEBIAN_FRONTEND=noninteractive apt-get -qy install slapd ldap-utils +RUN DEBIAN_FRONTEND=noninteractive apt-get -qy install gnutls-bin ssl-cert + +RUN \ + certtool --generate-privkey > /etc/ssl/private/cakey.pem && \ + echo -e "cn = Pivotal Software Test\nca\ncert_signing_key" > /etc/ssl/ca.info && \ + certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem && \ + certtool --generate-privkey --bits 1024 --outfile /etc/ssl/private/ldap01_slapd_key.pem && \ + echo -e "organization = Pivotal Software Test\ncn = ldap01.example.com\ntls_www_server\nencryption_key\nsigning_key\nexpiration_days = 3650" > /etc/ssl/ldap01.info && \ + certtool --generate-certificate --load-privkey /etc/ssl/private/ldap01_slapd_key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ldap01.info --outfile /etc/ssl/certs/ldap01_slapd_cert.pem + +RUN \ + adduser openldap ssl-cert && \ + chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem && \ + chmod g+r /etc/ssl/private/ldap01_slapd_key.pem && \ + chmod o-r /etc/ssl/private/ldap01_slapd_key.pem + +RUN \ + echo "dn: cn=config" > /etc/ssl/certinfo.ldif && \ + echo "changetype: modify" >> /etc/ssl/certinfo.ldif && \ + echo "add: olcTLSCACertificateFile" >> /etc/ssl/certinfo.ldif && \ + echo "olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem" >> /etc/ssl/certinfo.ldif && \ + echo "-" >> /etc/ssl/certinfo.ldif && \ + echo "add: olcTLSCertificateKeyFile" >> /etc/ssl/certinfo.ldif && \ + echo "olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem" >> /etc/ssl/certinfo.ldif && \ + echo "-" >> /etc/ssl/certinfo.ldif && \ + echo "add: olcTLSCertificateFile" >> /etc/ssl/certinfo.ldif && \ + echo "olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem" >> /etc/ssl/certinfo.ldif + +RUN sed -i "s/^SLAPD_SERVICES.*/SLAPD_SERVICES=\"ldap\:\/\/\/ ldapi\:\/\/\/ ldaps\:\/\/\/\"/g" /etc/default/slapd + +RUN mkdir -p /uaa/docker/ + +COPY *.ldif /uaa/docker/ + +STOPSIGNAL SIGQUIT diff --git a/scripts/ldap/docker-compose.yml b/scripts/ldap/docker-compose.yml deleted file mode 100644 index 0d869fb0559..00000000000 --- a/scripts/ldap/docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: '2' - -services: - openldap: - image: docker.io/bitnami/openldap:2.6 - ports: - - '389:1389' - - '636:1636' - # docs of these env vars: https://github.com/bitnami/containers/tree/2724f9cd02b3b4e7986a1e2a0b0b30af3737bbd2/bitnami/openldap#configuration - environment: - - LDAP_ROOT=dc=test,dc=com - - LDAP_ADMIN_USERNAME=admin - - LDAP_ADMIN_PASSWORD=password - - LDAP_USERS=user01,user02 - - LDAP_PASSWORDS=password1,password2 - - LDAP_GROUP=some-ldap-group - volumes: - - 'openldap_data:/bitnami/openldap' - -volumes: - openldap_data: - driver: local diff --git a/scripts/ldap/install-ldap.sh b/scripts/ldap/install-ldap.sh deleted file mode 100755 index 52027a8429b..00000000000 --- a/scripts/ldap/install-ldap.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -set -e - -cd `dirname $0`/../.. - -sudo apt-get -qy purge slapd ldap-utils -set -x - -sudo apt-get -qy update -sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install slapd ldap-utils - -# SSH Installation notes - from https://help.ubuntu.com/14.04/serverguide/openldap-server.html#openldap-tls -if test "$1" == "ssl" -then - sudo apt-get -qy install gnutls-bin ssl-cert - sudo sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem" - sudo sh -c 'echo "cn = Pivotal Software Test - ca - cert_signing_key" > /etc/ssl/ca.info' - sudo certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem - sudo certtool --generate-privkey --bits 1024 --outfile /etc/ssl/private/ldap01_slapd_key.pem - sudo sh -c 'echo "organization = Pivotal Software Test - cn = ldap01.example.com - tls_www_server - encryption_key - signing_key - expiration_days = 3650" > /etc/ssl/ldap01.info' - sudo certtool --generate-certificate --load-privkey /etc/ssl/private/ldap01_slapd_key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ldap01.info --outfile /etc/ssl/certs/ldap01_slapd_cert.pem - sudo adduser openldap ssl-cert - sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem - sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem - sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem - sudo sh -c 'echo "dn: cn=config -changetype: modify -add: olcTLSCACertificateFile -olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem -- -add: olcTLSCertificateFile -olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem -- -add: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem" > /etc/ssl/certinfo.ldif' - echo "Adding LDAP Certs" - sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif - echo "LDAP Certs added" - sudo sed -i "s/^SLAPD_SERVICES.*/SLAPD_SERVICES=\"ldap\:\/\/\/ ldapi\:\/\/\/ ldaps\:\/\/\/\"/g" /etc/default/slapd - sudo /etc/init.d/slapd restart - -fi - -sudo ldapadd -Y EXTERNAL -H ldapi:/// -f uaa/src/test/resources/ldap_db_init.ldif -sudo ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f uaa/src/test/resources/ldap_init.ldif diff --git a/scripts/ldap/ldap-start-and-populate.sh b/scripts/ldap/ldap-start-and-populate.sh new file mode 100755 index 00000000000..dccde75133e --- /dev/null +++ b/scripts/ldap/ldap-start-and-populate.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +# +# **************************************************************************** +# Cloud Foundry +# Copyright (c) [2009-2025] Pivotal Software, Inc. All Rights Reserved. +# This product is licensed to you under the Apache License, Version 2.0 (the "License"). +# You may not use this product except in compliance with the License. +# +# This product includes a number of subcomponents with +# separate copyright notices and license terms. Your use of these +# subcomponents is subject to the terms and conditions of the +# subcomponent's license, as noted in the LICENSE file. +# **************************************************************************** +# + +set -e + +#cd `dirname $0`/../.. +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + +START_FILE=/tmp/run-once + +echo "LDAP server Status:" +service slapd status || true + +if [ ! -f ${START_FILE} ]; then + echo "Starting LDAP server." + service slapd restart + echo "Creating LDAP schema." + ldapadd -Y EXTERNAL -H ldapi:/// -f $SCRIPT_DIR/ldap_slapd_schema.ldif + echo "Populating LDAP database entries." + ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f $SCRIPT_DIR/ldap_slapd_data.ldif + touch ${START_FILE} +else + echo "Starting LDAP server with existing data." + service slapd restart +fi + +doExit() { + echo "Caught SIGTERM signal." + exit 0 +} + +trap doExit SIGINT SIGQUIT SIGTERM + +echo "LDAP server is READY" + +while true; do + sleep 1 +done diff --git a/scripts/ldap/ldap_slapd_data.ldif b/scripts/ldap/ldap_slapd_data.ldif new file mode 100644 index 00000000000..867baac4edb --- /dev/null +++ b/scripts/ldap/ldap_slapd_data.ldif @@ -0,0 +1,326 @@ +dn: dc=test,dc=com +changetype: add +objectClass: top +objectClass: dcObject +objectClass: domain + +dn: ou=Users,dc=test,dc=com +changetype: add +objectClass: organizationalUnit +ou: Users + +dn: cn=admin,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: admin +sn: Administrator +userPassword: adminsecret +uid: 3378a03c-fc8c-46b6-8a76-f67f9d7a7b4a +mail: admin@test.com +givenname: Bob +initials: X +telephonenumber: 8885550987 +streetAddress: 1111 Admin St +l: Adminton +st: California +postalCode: 94119 + +dn: cn=marissa,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa +userPassword: koala +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db1 +mail: marissa@test.com +sn: Marissa + +dn: cn=slash/username,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: slash/username +userPassword: koala +uid: 20f459e0-e30b-4d1f-998c-3ded7fff9db1 +mail: slash-username@test.com +sn: Marissa + +dn: cn=slash/贺琳,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: slash/贺琳 +userPassword: koala +uid: 20f459e0-e30b-4d1f-998c-3ded7fff9db1 +mail: slash-username2@test.com +sn: Marissa + +dn: cn=琳贺,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: 琳贺 +userPassword: koala +uid: 20f459e0-e30b-4d1f-998c-3ded7fff9db1 +mail: username3@test.com +sn: Marissa + +dn: cn=marissa2,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa2 +userPassword: ldap +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db2 +mail: marissa2@test.com +sn: Marissa2 + +dn: cn=marissa3,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +objectClass: customUaaUser +cn: marissa3 +userPassword: ldap3 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db3 +mail: marissa3@test.com +sn: Lastnamerton +givenname: Marissa +initials: M +telephonenumber: 8885550986 +streetAddress: 1111 Marissa St +l: Marissaville +st: Florida +postalCode: 32561 +costCenter: Denver,CO +uaaManager: John the Sloth +uaaManager: Kari the Ant Eater +emailVerified: false +memberOf: cn=developers,ou=scopes,dc=test,dc=com + +dn: cn=marissa4,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa4 +userPassword: ldap4 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db4 +mail: marissa4@test.com +sn: Marissa4 + +dn: cn=marissa5,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa5 +userPassword: ldap5 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db5 +mail: marissa5@test.com +sn: Marissa5 + +dn: cn=marissa6,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa6 +userPassword: ldap6 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db6 +mail: marissa6@test.com +sn: Marissa6 + +dn: cn=marissa7,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa7 +userPassword: ldap7 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db7 +sn: Marissa7 + +dn: cn=marissa8,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa8 +userPassword: ldap8 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db8 +sn: Marissa8 + +dn: cn=marissa9,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +objectClass: customUaaUser +cn: marissa9 +mail: marissa9@test.com +userPassword: ldap9 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769db9 +sn: Marissa9 +costCenter: Denver,CO +uaaManager: John the Sloth +uaaManager: Kari the Ant Eater +givenname: Marissa +initials: M +telephonenumber: 8885550986 +mail: marissa9-custom@test.com +emailVerified: true +memberOf: cn=developers,ou=scopes,dc=test,dc=com + +dn: cn=marissa10,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +objectClass: customUaaUser +cn: marissa10 +userPassword: ldap10 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769d10 +sn: Marissa10 +costCenter: Denver,CO +uaaManager: John the Sloth +uaaManager: Kari the Ant Eater +emailVerified: true +memberOf: cn=developers,ou=scopes,dc=test,dc=com +memberOf: cn=superusers,ou=scopes,dc=test,dc=com + +dn: cn=marissa 11,ou=Users,dc=test,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: marissa 11 +userPassword: ldap11 +uid: 20f459e0-e30b-4d1f-998c-3ded7f769d10 +sn: Marissa11 + +############################################################################### +# BEGIN GROUP TO SCOPE MAPPING +############################################################################### +#scopes as groups mapping - this is the search base + +dn: ou=scopes,dc=test,dc=com +changetype: add +objectClass: organizationalUnit +ou: scopes + +#This groups contains scopes as comma separated list in the description attribute +dn: cn=admins,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: admins +description: uaa.admin,cloud_controller.read +member: cn=admin,ou=Users,dc=test,dc=com +member: cn=marissa3,ou=Users,dc=test,dc=com + +dn: cn=marissagroup1,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: marissagroup1 +description: foobar # the description field is required for ldap-groups-as-scopes.xml, but not for ldap-groups-map-to-scopes.xml +member: cn=marissa,ou=Users,dc=test,dc=com + +dn: cn=marissagroup2,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: marissagroup2 +description: foobar # the description field is required for ldap-groups-as-scopes.xml, but not for ldap-groups-map-to-scopes.xml +member: cn=marissa,ou=Users,dc=test,dc=com + +#This groups contains scope as the cn attribute +dn: cn=uaa.admin,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: uaa.admin +member: cn=admin,ou=Users,dc=test,dc=com +member: cn=marissa3,ou=Users,dc=test,dc=com + +dn: cn=thirdmarissa,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: thirdmarissa +description: thirdmarissa +member: cn=marissa3,ou=Users,dc=test,dc=com + +dn: cn=developers,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: developers +description: test.read +member: cn=operators,ou=scopes,dc=test,dc=com +member: cn=marissa6,ou=Users,dc=test,dc=com + +dn: cn=operators,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: operators +description: test.write +member: cn=superusers,ou=scopes,dc=test,dc=com +member: cn=marissa5,ou=Users,dc=test,dc=com + +dn: cn=superusers,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: superusers +description: test.everything +member: cn=marissa4,ou=Users,dc=test,dc=com + +dn: cn=otherusers,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: otherusers +description: test.everything +member: cn=marissa8,ou=Users,dc=test,dc=com + +# Invalid referral cause PartialResultsException + +dn: cn=Referral1,ou=scopes,dc=test,dc=com +changetype: add +objectclass: referral +objectclass: extensibleObject +member: cn=marissa8,ou=Users,dc=test,dc=com +ref: ldap://localhost:43389/cn=otherusers1,ou=scopes,dc=test,dc=com + +#This groups contains scopes as comma separated list in the description attribute +dn: cn=marissaniner,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: marissaniner +description: marissaniner +member: cn=marissa9,ou=Users,dc=test,dc=com + +#This groups contains scopes as comma separated list in the description attribute +dn: cn=marissaniner2,ou=scopes,dc=test,dc=com +changetype: add +objectClass: groupOfNames +objectClass: top +cn: marissaniner2 +description: marissaniner2 +member: cn=marissa9,ou=Users,dc=test,dc=com + +############################################################################### +# END GROUP TO SCOPE MAPPING +############################################################################### diff --git a/uaa/src/test/resources/ldap_db_init.ldif b/scripts/ldap/ldap_slapd_schema.ldif similarity index 68% rename from uaa/src/test/resources/ldap_db_init.ldif rename to scripts/ldap/ldap_slapd_schema.ldif index 0ed78ad13c0..823ecf6a796 100644 --- a/uaa/src/test/resources/ldap_db_init.ldif +++ b/scripts/ldap/ldap_slapd_schema.ldif @@ -1,21 +1,19 @@ -# Load modules for database type dn: cn=module,cn=config objectclass: olcModuleList cn: module -olcModuleLoad: back_bdb.la -# Create directory database -dn: olcDatabase=bdb,cn=config +# Create an in memory directory database +dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig -objectClass: olcBdbConfig -olcDatabase: bdb -# Domain name (e.g. home.local) -olcSuffix: dc=test,dc=com -# Location on system where database is stored +objectClass: olcMdbConfig +olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap -# Manager of the database +olcSuffix: dc=test,dc=com +olcDbMaxSize: 1073741824 +olcLastMod: TRUE +olcMaxDerefDepth: 15 olcRootDN: cn=admin,dc=test,dc=com -olcRootPW: {SSHA}XerHS1s6xgIHpLrR9hCvelH7grepkqiv +olcRootPW: {SSHA}bycWaE1yKM3DpXpxrx3UAdbxWAk0pcm4 # Indices in database to speed up searches olcDbIndex: uid pres,eq olcDbIndex: cn,sn,mail pres,eq,approx,sub @@ -36,45 +34,30 @@ olcAccess: to * by dn.base="cn=admin,dc=test,dc=com" write by * read -dn: cn=schema,cn=config -changetype: modify -add: olcAttributeTypes +dn: cn=uaaschema,cn=schema,cn=config +changetype: add +objectClass: olcSchemaConfig +cn: uaaschema olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.4 NAME 'costCenter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -dn: cn=schema,cn=config -changetype: modify -add: olcAttributeTypes olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.5 NAME 'uaaManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -dn: cn=schema,cn=config -changetype: modify -add: olcAttributeTypes olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.6 NAME 'memberOf' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -dn: cn=schema,cn=config -changetype: modify -add: olcAttributeTypes olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.7 NAME 'emailVerified' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -dn: cn=schema,cn=config -changetype: modify -add: olcObjectClasses olcObjectClasses: ( 1.3.6.1.4.1.35015.1.2.8 NAME 'customUaaUser' diff --git a/scripts/ldap/mac-ldap-install.sh b/scripts/ldap/mac-ldap-install.sh deleted file mode 100644 index af2d56c6011..00000000000 --- a/scripts/ldap/mac-ldap-install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -brew install ldap-utils slapd - -sudo cp -v ./slapd.conf /etc/openldap - -sudo mkdir -vp /var/lib/ldap -sudo cp -v /private/etc/openldap/DB_CONFIG.example /var/lib/ldap diff --git a/scripts/ldap/mac-ldap-run.sh b/scripts/ldap/mac-ldap-run.sh deleted file mode 100755 index 1458afad6e7..00000000000 --- a/scripts/ldap/mac-ldap-run.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Starting LDAP server on different ports is done through the command line startup with the -h switch -# -h "ldap://localhost:10389" - -# run ldap server with debug output enabled ( -d3 switch ) -if test "$1" == "debug" -then - sudo /usr/libexec/slapd -d3 -else - sudo /usr/libexec/slapd -fi \ No newline at end of file diff --git a/scripts/ldap/slapd.conf b/scripts/ldap/slapd.conf deleted file mode 100644 index c30f3d9e651..00000000000 --- a/scripts/ldap/slapd.conf +++ /dev/null @@ -1,60 +0,0 @@ -# See slapd.conf(5) for details on configuration options. This file should NOT be world readable. -include /opt/homebrew/etc/openldap/schema/core.schema -include /opt/homebrew/etc/openldap/schema/cosine.schema -include /opt/homebrew/etc/openldap/schema/nis.schema -include /opt/homebrew/etc/openldap/schema/inetorgperson.schema - -# Define global ACLs to disable default read access. -# Do not enable referrals until AFTER you have a working directory service AND an understanding of referrals. -#referral ldap://root.openldap.org -pidfile /opt/homebrew/var/run/slapd.pid -argsfile /opt/homebrew/var/run/slapd.args - -# Load dynamic backend modules: -modulepath /opt/homebrew/Cellar/openldap/2.6.3/libexec/openldap -moduleload back_mdb.la -# moduleload back_ldap.la - -# config database definitions -database config -# Uncomment the rootpw line to allow binding as the cn=config rootdn so that temporary modifications to the -# configuration can be made while slapd is running. They will not persist across a restart. -database ldif -suffix "dc=example,dc=com" -rootdn "cn=admin,dc=example,dc=com" -# Cleartext passwords, especially for the rootdn, should be avoided, see slappasswd(8) and slapd.conf(5) for details. -# Use of strong authentication encouraged. -rootpw {SSHA}7e+zIbbJkC++wF3bUnrbXLPDlS6ancY5 -# The database directory MUST exist prior to running slapd AND should only be accessible by the slapd and slap tools. -# Mode 700 recommended. -directory /opt/homebrew/var/openldap-data - -# monitor database definitions -database monitor - -# Sample security restrictions -# Require integrity protection (prevent hijacking) -# Require 112-bit (3DES or better) encryption for updates -# Require 63-bit encryption for simple bind -# security ssf=1 update_ssf=112 simple_bind=64 - -# Sample access control policy: -# Root DSE: allow anyone to read it -# Subschema (sub)entry DSE: allow anyone to read it -# Other DSEs: -# Allow self write access -# Allow authenticated users read access -# Allow anonymous users to authenticate -# Directives needed to implement policy: -# access to dn.base="" by * read -# access to dn.base="cn=Subschema" by * read -# access to * -# by self write -# by users read -# by anonymous auth -# -# if no access controls are present, the default policy -# allows anyone and everyone to read anything but restricts -# updates to rootdn. (e.g., "access to * by * read") -# -# rootdn can always read and write EVERYTHING!