From 99d3c2f25ef1fd01a7a1e321166767c918391586 Mon Sep 17 00:00:00 2001 From: Deon George Date: Fri, 11 Apr 2025 21:49:24 +1000 Subject: [PATCH] Add other schemas to server --- docker/Dockerfile | 8 +-- slapd.ldif | 179 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 182 insertions(+), 5 deletions(-) create mode 100644 slapd.ldif diff --git a/docker/Dockerfile b/docker/Dockerfile index 2491fe0..71a62aa 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -11,15 +11,13 @@ RUN apk add --no-cache bash openldap openldap-backend-all openldap-clients openl ADD schema /etc/openldap/schema/custom ADD tls /etc/openldap/tls +ADD slapd.ldif /etc/openldap/slapd.ldif -RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \ - && sed -i -e 's/openldap-data/data/' /etc/openldap/slapd.ldif \ - && mv /var/lib/openldap/openldap-data /var/lib/openldap/data \ +RUN mv /var/lib/openldap/openldap-data /var/lib/openldap/data \ && mkdir /etc/openldap/slapd.d /etc/openldap/schema/add.d /etc/openldap/schema/modify.d /etc/openldap/schema/data.d \ - && ln -s ../misc.ldif /etc/openldap/schema/add.d/01-misc.ldif \ - && ln -s ../dyngroup.ldif /etc/openldap/schema/add.d/01-dyngroup.ldif \ && ln -s ../custom/samba.ldif /etc/openldap/schema/add.d/02-samba.ldif \ && ln -s ../custom/wurley.ldif /etc/openldap/schema/add.d/10-wurley.ldif \ + && sed -i -e 's/cn=module/cn=z-module/' /etc/openldap/schema/custom/modules-enable.ldif \ && ln -s ../custom/modules-enable.ldif /etc/openldap/schema/modify.d/20-modules-enable.ldif \ && ln -s ../custom/syncprov-options.ldif /etc/openldap/schema/modify.d/21-syncprov-options.ldif \ && ln -s ../custom/syncprov-index.ldif /etc/openldap/schema/modify.d/22-syncprov-index.ldif \ diff --git a/slapd.ldif b/slapd.ldif new file mode 100644 index 0000000..564e43c --- /dev/null +++ b/slapd.ldif @@ -0,0 +1,179 @@ +# +# See slapd-config(5) for details on configuration options. +# This file should NOT be world readable. +# +dn: cn=config +objectClass: olcGlobal +cn: config +# +# +# Define global ACLs to disable default read access. +# +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#olcReferral: ldap://root.openldap.org +# +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 64-bit encryption for simple bind +#olcSecurity: ssf=1 update_ssf=112 simple_bind=64 + + +# +# Load dynamic backend modules: +# +dn: cn=z-module,cn=config +objectClass: olcModuleList +cn: z-module +olcModulepath: /usr/lib/openldap +olcModuleload: back_mdb.so +#olcModuleload: back_ldap.so +#olcModuleload: back_passwd.so + +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file:///etc/openldap/schema/core.ldif +include: file:///etc/openldap/schema/cosine.ldif +include: file:///etc/openldap/schema/inetorgperson.ldif +include: file:///etc/openldap/schema/nis.ldif + +include: file:///etc/openldap/schema/collective.ldif +include: file:///etc/openldap/schema/corba.ldif +#include: file:///etc/openldap/schema/dsee.ldif +include: file:///etc/openldap/schema/duaconf.ldif +include: file:///etc/openldap/schema/dyngroup.ldif +include: file:///etc/openldap/schema/java.ldif +include: file:///etc/openldap/schema/misc.ldif +include: file:///etc/openldap/schema/msuser.ldif +include: file:///etc/openldap/schema/namedobject.ldif +include: file:///etc/openldap/schema/openldap.ldif +include: file:///etc/openldap/schema/pmi.ldif + + +# Frontend settings +# +dn: olcDatabase=frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: frontend +# +# Sample global access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# +#olcAccess: to dn.base="" by * read +#olcAccess: to dn.base="cn=Subschema" by * read +#olcAccess: to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! +# + + +####################################################################### +# LMDB database definitions +####################################################################### +# +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDatabase: mdb +olcDbMaxSize: 1073741824 +olcSuffix: c=AU +olcRootDN: cn=Manager,c=AU +# Cleartext passwords, especially for the rootdn, should +# be avoided. See slappasswd(8) and slapd-config(5) for details. +# Use of strong authentication encouraged. +olcRootPW: secret +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +olcDbDirectory: /var/lib/openldap/data +# Indices to maintain +olcDbIndex: objectClass eq + +dn: olcDatabase=monitor,cn=config +objectClass: olcDatabaseConfig +olcDatabase: monitor +olcRootDN: cn=config +olcMonitoring: FALSE + +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDbDirectory: /var/lib/openldap/data +olcDatabase: mdb +olcLastMod: TRUE +olcMonitoring: TRUE +olcSuffix: dc=example,dc=com +olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read +olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by dn="cn=admin,dc=Test" write by * read +olcRootDN: cn=admin,dc=example,dc=com +olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq + +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDbDirectory: /var/lib/openldap/data +olcDatabase: mdb +olcLastMod: TRUE +olcMonitoring: TRUE +olcSuffix: dc=example.com +olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read +olcAccess: to * by dn="cn=AdminUser,dc=Test" write by anonymous write by * write +olcRootDN: cn=admin,dc=example.com +olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq + +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDbDirectory: /var/lib/openldap/data +olcDatabase: mdb +olcLastMod: TRUE +olcMonitoring: TRUE +olcSuffix: o=Flintstones +olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read +olcAccess: to * by dn="cn=admin,o=Flintstones" write by dn="cn=admin,dc=Test" write by * read +olcRootDN: cn=admin,o=Flintstones +olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq + +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDbDirectory: /var/lib/openldap/data +olcDatabase: mdb +olcLastMod: TRUE +olcMonitoring: TRUE +olcSuffix: o=Simpsons +olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read +#olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=Test" write by anonymous auth by self =xw by * none +olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=Test" write by anonymous auth by self write by * none +olcAccess: to * by dn="cn=admin,o=Simpsons" write by dn="cn=admin,dc=Test" write by * read +olcRootDN: cn=admin,o=Simpsons +olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq + +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDbDirectory: /var/lib/openldap/data +olcDatabase: mdb +olcLastMod: TRUE +olcMonitoring: TRUE +olcSuffix: dc=Test +olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read +olcAccess: to * by dn="cn=admin,dc=Test" write by dn="cn=admin,dc=Test" write by * read +olcRootDN: cn=admin,dc=Test +olcRootPW: {SSHA}UCTtlcHOSqGCFuKtOCJAU8k8icNpVGiw