More syncprov configuration, and enable SASL EXTERNAL auth

This commit is contained in:
Deon George 2023-05-17 23:07:11 +10:00
parent a49ab8c40a
commit 676c31a27a
6 changed files with 35 additions and 3 deletions

View File

@ -8,8 +8,8 @@ RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositori
RUN apk add --no-cache bash openldap openldap-back-mdb openldap-clients openldap-overlay-syncprov RUN apk add --no-cache bash openldap openldap-back-mdb openldap-clients openldap-overlay-syncprov
ADD acl.ldif samba.ldif wurley.ldif /etc/openldap/schema/ ADD acl*.ldif samba.ldif wurley.ldif /etc/openldap/schema/
ADD certinfo.ldif /etc/openldap/ ADD certinfo.ldif syncprov*ldif /etc/openldap/
RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \ RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \
&& sed -i -e 's/openldap-data/data/' /etc/openldap/slapd.ldif \ && sed -i -e 's/openldap-data/data/' /etc/openldap/slapd.ldif \
&& mv /var/lib/openldap/openldap-data /var/lib/openldap/data \ && mv /var/lib/openldap/openldap-data /var/lib/openldap/data \
@ -18,8 +18,12 @@ RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \
&& slapadd -b cn=config -l /etc/openldap/schema/misc.ldif \ && slapadd -b cn=config -l /etc/openldap/schema/misc.ldif \
&& slapadd -b cn=config -l /etc/openldap/schema/samba.ldif \ && slapadd -b cn=config -l /etc/openldap/schema/samba.ldif \
&& slapadd -b cn=config -l /etc/openldap/schema/wurley.ldif \ && slapadd -b cn=config -l /etc/openldap/schema/wurley.ldif \
&& slapmodify -b cn=config -l /etc/openldap/schema/acl.ldif \
&& slapmodify -b cn=config -l /etc/openldap/certinfo.ldif \ && slapmodify -b cn=config -l /etc/openldap/certinfo.ldif \
&& slapmodify -b cn=config -l /etc/openldap/syncprov-enable.ldif \
&& slapmodify -b cn=config -l /etc/openldap/syncprov-options.ldif \
&& slapmodify -b cn=config -l /etc/openldap/syncprov-index.ldif \
&& slapmodify -b cn=config -l /etc/openldap/schema/acl-schema.ldif \
&& slapmodify -b cn=config -l /etc/openldap/schema/acl-data.ldif \
&& mkdir /var/lib/openldap/run \ && mkdir /var/lib/openldap/run \
&& chown -R ldap:ldap /etc/openldap/slapd.d /var/lib/openldap/data /var/lib/openldap/run && chown -R ldap:ldap /etc/openldap/slapd.d /var/lib/openldap/data /var/lib/openldap/run

View File

@ -1,6 +1,9 @@
dn: olcDatabase={1}mdb,cn=config dn: olcDatabase={1}mdb,cn=config
changetype: modify changetype: modify
replace: olcAccess replace: olcAccess
olcAccess: to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break
olcAccess: to attrs=userPassword olcAccess: to attrs=userPassword
by self write by self write
by anonymous auth by anonymous auth

6
acl-schema.ldif Normal file
View File

@ -0,0 +1,6 @@
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcAccess
olcAccess: to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break

4
syncprov-enable.ldif Normal file
View File

@ -0,0 +1,4 @@
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov.so

7
syncprov-index.ldif Normal file
View File

@ -0,0 +1,7 @@
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq

8
syncprov-options.ldif Normal file
View File

@ -0,0 +1,8 @@
dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpCheckpoint: 100 10
olcSpSessionlog: 100