Add other schemas to server

2025-04-11 21:49:24 +10:00 · 2025-04-11 21:49:24 +10:00 · 99d3c2f25e
commit 99d3c2f25e
parent 086a28bb33
2 changed files with 182 additions and 5 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -11,15 +11,13 @@ RUN apk add --no-cache bash openldap openldap-backend-all openldap-clients openl

 ADD schema /etc/openldap/schema/custom
 ADD tls /etc/openldap/tls
+ADD slapd.ldif /etc/openldap/slapd.ldif

-RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \
-	&& sed -i -e 's/openldap-data/data/' /etc/openldap/slapd.ldif \
-	&& mv /var/lib/openldap/openldap-data /var/lib/openldap/data \
+RUN mv /var/lib/openldap/openldap-data /var/lib/openldap/data \
 	&& mkdir /etc/openldap/slapd.d /etc/openldap/schema/add.d /etc/openldap/schema/modify.d /etc/openldap/schema/data.d \
-	&& ln -s ../misc.ldif /etc/openldap/schema/add.d/01-misc.ldif \
-	&& ln -s ../dyngroup.ldif /etc/openldap/schema/add.d/01-dyngroup.ldif \
 	&& ln -s ../custom/samba.ldif /etc/openldap/schema/add.d/02-samba.ldif \
 	&& ln -s ../custom/wurley.ldif /etc/openldap/schema/add.d/10-wurley.ldif \
+	&& sed -i -e 's/cn=module/cn=z-module/' /etc/openldap/schema/custom/modules-enable.ldif \
 	&& ln -s ../custom/modules-enable.ldif /etc/openldap/schema/modify.d/20-modules-enable.ldif \
 	&& ln -s ../custom/syncprov-options.ldif /etc/openldap/schema/modify.d/21-syncprov-options.ldif \
 	&& ln -s ../custom/syncprov-index.ldif /etc/openldap/schema/modify.d/22-syncprov-index.ldif \
--- a/slapd.ldif
+++ b/slapd.ldif
@ -0,0 +1,179 @@
+#
+# See slapd-config(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+#
+#
+# Define global ACLs to disable default read access.
+#
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#olcReferral:	ldap://root.openldap.org
+#
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 64-bit encryption for simple bind
+#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
+
+
+#
+# Load dynamic backend modules:
+#
+dn: cn=z-module,cn=config
+objectClass: olcModuleList
+cn: z-module
+olcModulepath:	/usr/lib/openldap
+olcModuleload:	back_mdb.so
+#olcModuleload:	back_ldap.so
+#olcModuleload:	back_passwd.so
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/openldap/schema/core.ldif
+include: file:///etc/openldap/schema/cosine.ldif
+include: file:///etc/openldap/schema/inetorgperson.ldif
+include: file:///etc/openldap/schema/nis.ldif
+
+include: file:///etc/openldap/schema/collective.ldif
+include: file:///etc/openldap/schema/corba.ldif
+#include: file:///etc/openldap/schema/dsee.ldif
+include: file:///etc/openldap/schema/duaconf.ldif
+include: file:///etc/openldap/schema/dyngroup.ldif
+include: file:///etc/openldap/schema/java.ldif
+include: file:///etc/openldap/schema/misc.ldif
+include: file:///etc/openldap/schema/msuser.ldif
+include: file:///etc/openldap/schema/namedobject.ldif
+include: file:///etc/openldap/schema/openldap.ldif
+include: file:///etc/openldap/schema/pmi.ldif
+
+
+# Frontend settings
+#
+dn: olcDatabase=frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: frontend
+#
+# Sample global access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#
+#olcAccess: to dn.base="" by * read
+#olcAccess: to dn.base="cn=Subschema" by * read
+#olcAccess: to *
+#	by self write
+#	by users read
+#	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+#
+
+
+#######################################################################
+# LMDB database definitions
+#######################################################################
+#
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDatabase: mdb
+olcDbMaxSize: 1073741824
+olcSuffix: c=AU
+olcRootDN: cn=Manager,c=AU
+# Cleartext passwords, especially for the rootdn, should
+# be avoided.  See slappasswd(8) and slapd-config(5) for details.
+# Use of strong authentication encouraged.
+olcRootPW: secret
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+olcDbDirectory:	/var/lib/openldap/data
+# Indices to maintain
+olcDbIndex: objectClass eq
+
+dn: olcDatabase=monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: monitor
+olcRootDN: cn=config
+olcMonitoring: FALSE
+
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDbDirectory: /var/lib/openldap/data
+olcDatabase: mdb
+olcLastMod: TRUE
+olcMonitoring: TRUE
+olcSuffix: dc=example,dc=com
+olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
+olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by dn="cn=admin,dc=Test" write by * read
+olcRootDN: cn=admin,dc=example,dc=com
+olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq
+
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDbDirectory: /var/lib/openldap/data
+olcDatabase: mdb
+olcLastMod: TRUE
+olcMonitoring: TRUE
+olcSuffix: dc=example.com
+olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
+olcAccess: to * by dn="cn=AdminUser,dc=Test" write by anonymous write by * write
+olcRootDN: cn=admin,dc=example.com
+olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq
+
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDbDirectory: /var/lib/openldap/data
+olcDatabase: mdb
+olcLastMod: TRUE
+olcMonitoring: TRUE
+olcSuffix: o=Flintstones
+olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
+olcAccess: to * by dn="cn=admin,o=Flintstones" write by dn="cn=admin,dc=Test" write by * read
+olcRootDN: cn=admin,o=Flintstones
+olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq
+
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDbDirectory: /var/lib/openldap/data
+olcDatabase: mdb
+olcLastMod: TRUE
+olcMonitoring: TRUE
+olcSuffix: o=Simpsons
+olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
+#olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=Test" write by anonymous auth by self =xw by * none
+olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=Test" write by anonymous auth by self write by * none
+olcAccess: to * by dn="cn=admin,o=Simpsons" write by dn="cn=admin,dc=Test" write by * read
+olcRootDN: cn=admin,o=Simpsons
+olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq
+
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDbDirectory: /var/lib/openldap/data
+olcDatabase: mdb
+olcLastMod: TRUE
+olcMonitoring: TRUE
+olcSuffix: dc=Test
+olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
+olcAccess: to * by dn="cn=admin,dc=Test" write by dn="cn=admin,dc=Test" write by * read
+olcRootDN: cn=admin,dc=Test
+olcRootPW: {SSHA}UCTtlcHOSqGCFuKtOCJAU8k8icNpVGiw