From 086a28bb331293ca5723abbb0cf7924fa339a9e8 Mon Sep 17 00:00:00 2001 From: Deon George Date: Thu, 20 Mar 2025 11:19:50 +1100 Subject: [PATCH] Add all backends and overlays, configure dynlist, enhancements to startup to allow schema modification --- docker/Dockerfile | 7 ++-- docker/init-docker | 32 +++++++++++++++---- schema/dynlist-options.ldif | 11 +++++++ ...ncprov-enable.ldif => modules-enable.ldif} | 1 + 4 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 schema/dynlist-options.ldif rename schema/{syncprov-enable.ldif => modules-enable.ldif} (82%) diff --git a/docker/Dockerfile b/docker/Dockerfile index 9a612eb..2491fe0 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -6,7 +6,8 @@ FROM alpine # Change to http respositories, so they we can cache the install packages RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi -RUN apk add --no-cache bash openldap openldap-back-mdb openldap-clients openldap-overlay-syncprov openldap-overlay-accesslog +RUN apk add --no-cache bash openldap openldap-backend-all openldap-clients openldap-overlay-all \ + openldap-passwd-argon2 openldap-passwd-pbkdf2 openldap-passwd-sha2 ADD schema /etc/openldap/schema/custom ADD tls /etc/openldap/tls @@ -16,11 +17,13 @@ RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \ && mv /var/lib/openldap/openldap-data /var/lib/openldap/data \ && mkdir /etc/openldap/slapd.d /etc/openldap/schema/add.d /etc/openldap/schema/modify.d /etc/openldap/schema/data.d \ && ln -s ../misc.ldif /etc/openldap/schema/add.d/01-misc.ldif \ + && ln -s ../dyngroup.ldif /etc/openldap/schema/add.d/01-dyngroup.ldif \ && ln -s ../custom/samba.ldif /etc/openldap/schema/add.d/02-samba.ldif \ && ln -s ../custom/wurley.ldif /etc/openldap/schema/add.d/10-wurley.ldif \ - && ln -s ../custom/syncprov-enable.ldif /etc/openldap/schema/modify.d/20-syncprov-enable.ldif \ + && ln -s ../custom/modules-enable.ldif /etc/openldap/schema/modify.d/20-modules-enable.ldif \ && ln -s ../custom/syncprov-options.ldif /etc/openldap/schema/modify.d/21-syncprov-options.ldif \ && ln -s ../custom/syncprov-index.ldif /etc/openldap/schema/modify.d/22-syncprov-index.ldif \ + && ln -s ../custom/dynlist-options.ldif /etc/openldap/schema/modify.d/23-dynlist-options.ldif \ && ln -s ../custom/certinfo.ldif /etc/openldap/schema/modify.d/23-certinfo.ldif \ && ln -s ../custom/acl-schema.ldif /etc/openldap/schema/modify.d/90-acl-schema.ldif \ && ln -s ../custom/acl-data.ldif /etc/openldap/schema/modify.d/91-acl-data.ldif \ diff --git a/docker/init-docker b/docker/init-docker index f9c4a52..f62023e 100755 --- a/docker/init-docker +++ b/docker/init-docker @@ -10,11 +10,21 @@ SLAPD_DEBUG=${SLAPD_DEBUG:-0} SLAPD_URLS=${SLAPD_URLS:-"ldapi:/// ldap:/// ldaps:///"} SLAPD_OPTIONS="${SLAPD_OPTIONS} -d ${SLAPD_DEBUG}" SLAPD_SCHEMA_BASE=${SLAPD_SCHEMA_BASE:-"/etc/openldap/schema"} +SLAPD_DBS=${SLAPD_DBS:-10} SLAPD_CUSTOM_BASES=${SLAPD_CUSTOM_BASES:-"/ldap/bases"} SLAPD_CUSTOM_SCHEMA=${SLAPD_CUSTOM_SCHEMA:-"/ldap/schema"} SLAPD_CUSTOM_DATA=${SLAPD_CUSTOM_DATA:-"/ldap/data"} +# The flow of activity when a DB doesnt exist +# * items in SLAPD_CUSTOM_SCHEMA/[add|modify] are queued for inclusion in SLAPD_SCHEMA_BASE/[add.d|modify.d] +# * items in SLAPD_CUSTOM_DATA are queued for inclusion in SLAPD_SCHEMA_BASE/data.d +# * items in SLAPD_CUSTOM_BASES are slapadd'ed to the server +# * items in SLAPD_SCHEMA_BASE/add.d are slapadd'ed to the server +# * items in SLAPD_SCHEMA_BASE/modify.d are slapmodify'ed to the server +# * items in SLAPD_SCHEMA_BASE/data.d/ are combined (first 2 chars are DB id) and slapadd'ed to the server + + function stop { echo "Stopping ${NAME}" kill $(pidof slapd) @@ -41,11 +51,18 @@ if [ -z "$@" ]; then # Check if we have any custom schema to add [ -d ${SLAPD_SCHEMA_BASE}/add.d ] || mkdir ${SLAPD_SCHEMA_BASE}/add.d + [ -d ${SLAPD_SCHEMA_BASE}/modify.d ] || mkdir ${SLAPD_SCHEMA_BASE}/modify.d + if [ -d ${SLAPD_CUSTOM_SCHEMA} ]; then - for f in ${SLAPD_CUSTOM_SCHEMA}/*.ldif; do - echo "- Adding SCHEMA item [${f}]" - ln -s ${f} ${SLAPD_SCHEMA_BASE}/add.d - done + for f in ${SLAPD_CUSTOM_SCHEMA}/add/*.ldif; do + echo "- Adding SCHEMA item [${f}]" + ln -s ${f} ${SLAPD_SCHEMA_BASE}/add.d + done + + for f in ${SLAPD_CUSTOM_SCHEMA}/modify/*.ldif; do + echo "- Modify SCHEMA item [${f}]" + ln -s ${f} ${SLAPD_SCHEMA_BASE}/modify.d + done fi # Check if we have any custom data to add @@ -79,9 +96,12 @@ if [ -z "$@" ]; then shopt -u nullglob # Add custom data definitions - for i in 01 03 04 05 06 07; do - ls -al ${SLAPD_SCHEMA_BASE}/data.d/${i}-* >/dev/null 2>&1 || continue + for i in $(seq -w 0 ${SLAPD_DBS}); do echo "- Processing DATABASE item(s) for DB [${i}]" + if ! ls -al ${SLAPD_SCHEMA_BASE}/data.d/${i}-* >/dev/null 2>&1; then + echo " - Nothing to process" + continue + fi cat ${SLAPD_SCHEMA_BASE}/data.d/${i}-* | slapadd -n ${i} done diff --git a/schema/dynlist-options.ldif b/schema/dynlist-options.ldif new file mode 100644 index 0000000..0ee2b9a --- /dev/null +++ b/schema/dynlist-options.ldif @@ -0,0 +1,11 @@ +dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcDynListConfig +olcOverlay: dynlist +olcDynListAttrSet: nisMailAlias labeledURI +#olcDynListAttrSet: groupOfURLs memberURL memberOf +#olcDynListAttrSet: groupOfURLs memberURL member+dgMemberOf +#olcDynListAttrSet: groupOfURLs memberURL member +#olcDynListAttrSet: groupOfURLs memberURL member +#olcDynListAttrSet: groupOfURLs labeledURI member diff --git a/schema/syncprov-enable.ldif b/schema/modules-enable.ldif similarity index 82% rename from schema/syncprov-enable.ldif rename to schema/modules-enable.ldif index b3c2168..902807c 100644 --- a/schema/syncprov-enable.ldif +++ b/schema/modules-enable.ldif @@ -3,3 +3,4 @@ changetype: modify add: olcModuleLoad olcModuleLoad: syncprov.so olcModuleLoad: accesslog.so +olcModuleLoad: dynlist.so