go-gitea
/
test-openldap
зеркало из https://github.com/go-gitea/test-openldap.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Initial configuration with added ssh public keys

This commit is contained in:
Lauris Bukšis-Haberkorns 2018-05-05 01:32:25 +03:00
Родитель 6da4391268
Коммит 3f2033efbc
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: AECE216D007B1CCC
7 изменённых файлов: 138 добавлений и 6 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

38
.drone.yml Normal file
Просмотреть файл

@ -0,0 +1,38 @@
workspace:
base: /srv/app
path: src
clone:
git:
image: plugins/git:1
depth: 50
tags: true
pipeline:
docker:
image: plugins/docker:17.05
pull: true
secrets: [ docker_username, docker_password ]
repo: gitea/test-openldap
tags: [ '${DRONE_BRANCH##release/v}' ]
when:
event: [ push ]
branch: [ release/* ]
docker:
image: plugins/docker:17.05
pull: true
secrets: [ docker_username, docker_password ]
repo: gitea/test-openldap
tags: [ 'latest' ]
when:
event: [ push ]
branch: [ master ]
discord:
image: appleboy/drone-discord:1.0.0
pull: true
secrets: [ discord_webhook_id, discord_webhook_token ]
when:
event: [ push, tag, pull_request ]
status: [ changed, failure ]

3
.lgtm Normal file
Просмотреть файл

@ -0,0 +1,3 @@
pattern = "(?)LGTM"
self_approval_off = true
ignore_maintainers_file = true

2
Dockerfile
Просмотреть файл

@ -1,5 +1,5 @@
FROM debian:stretch-slim
MAINTAINER Rafael Römhild <rafael@roemhild.de>
LABEL maintainer="maintainers@gitea.io"
# Install slapd and requirements
RUN apt-get update \

72
README.md
Просмотреть файл

@ -1,9 +1,9 @@
# OpenLDAP Docker Image for testing
![Docker Build Status](https://img.shields.io/docker/build/rroemhild/test-openldap.svg) ![Docker Stars](https://img.shields.io/docker/stars/rroemhild/test-openldap.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/rroemhild/test-openldap.svg)
This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain `planetexpress.com` with data from the [Futurama Wiki][futuramawikia].
Based on Rafael Römhild [docker-test-openldap][dockertestopenldap].
Parts of the image are based on the work from Nick Stenning [docker-slapd][slapd] and Bertrand Gouny [docker-openldap][openldap].
The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit tests.
@ -12,6 +12,7 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test
[openldap]: https://github.com/osixia/docker-openldap
[flaskldapconn]: https://github.com/rroemhild/flask-ldapconn
[futuramawikia]: http://futurama.wikia.com
[dockertestopenldap]: https://github.com/rroemhild/docker-test-openldap
## Features
@ -24,8 +25,8 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test
## Usage
```
docker pull rroemhild/test-openldap
docker run --privileged -d -p 389:389 rroemhild/test-openldap
docker pull gitea/test-openldap
docker run --privileged -d -p 389:389 gitea/test-openldap
```
## Exposed ports
@ -123,6 +124,69 @@ docker run --privileged -d -p 389:389 rroemhild/test-openldap
| ou | Office Management |
| uid | hermes |
| userPassword | hermes |
| sshPublicKey | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Fk93z/DLVBj4gHUw3+LOhaIAwCmmXHSfCOlD9Pa1NUTDgURf32m//tRBSDn6o9BTsaHkXyOdTYUF6mXxfwdHaGx3bfXDnUQEX/1J88x0LL6p+sigrGc9/2OUZtL5Af4lNPgbUl1U15U2hhh/Nv9URObSPIbAxURIIArrfYMgDNcUoA/BA4dxnk2lc9Mc/Fozkx7N7bNVT1GOAtosR5Y+ukdTwJFzKmrH6hBAzRKVIxfa4XT+cOmOYW4kL/ca/owHQURxqI4VMKcLEkEYdwANRt1/HJL5kJkpDPQF2gmrH+XNs46E3zicMIzEzKa53gks9hiyRt/AT7UMwXbmSbGv hermes@pc |
| sshPublicKey | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOajx6+YcZCdu97aJiC0cIoOkk63kp8mv3ZAOrC0m0g6kibiPmCVmo/ITegtu58boy0CMpmwD/thk36FFdy4Ig5ZNMCRv+9m6PtIE06pvUB6rtYfgzwMc+G3Wibs/zsb7XUwl6Cl/JtsYyeXpdlzIgSt7SzrWf+BVQxOAtJD7bjLXtvQhjHbBO21Zh/Xp0kKlMWlzhSSs5AEjUY0jRAXMPkXPzf8dqhd6JKpdxvk1fjc14BWISZqgeiLpUUL+hk+md5SB31NEKtTkx6nQ5QbXe9BSwu0CtxjAq1vaHwL3bLNL7NFArrltIfOh0BDSADOVfMJ6nSnRgv4uk50gnUr2F hermes@laptop |
Private key `hermes@pc`:
```
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvBZPd8/wy1QY+IB1MN/izoWiAMApplx0nwjpQ/T2tTVEw4FE
X99pv/7UQUg5+qPQU7Gh5F8jnU2FBepl8X8HR2hsd231w51EBF/9SfPMdCy+qfrI
oKxnPf9jlGbS+QH+JTT4G1JdVNeVNoYYfzb/VETm0jyGwMVESCAK632DIAzXFKAP
wQOHcZ5NpXPTHPxaM5Meze2zVU9RjgLaLEeWPrpHU8CRcypqx+oQQM0SlSMX2uF0
/nDpjmFuJC/3Gv6MB0FEcaiOFTCnCxJBGHcADUbdfxyS+ZCZKQz0BdoJqx/lzbOO
hN84nDCMxMymud4JLPYYskbfwE+1DMF25kmxrwIDAQABAoIBAFJH+E/TueVZTus3
Vw0ghFoQf8SQTCgo/iOshE9kVKEFQqW8YSsH031Yf4ZnkGWjUDms1cPQEwZ3qR/j
YOF6zrZgakL86ay/mcfILkgxzVltUaOOwEH56dhnZyq+qMCiLIoeWAOrzoSVIwON
Oh488wnscoW6UMD4C1z6F4zZhYl5E82pQpwacoBmxa9VjCuY+zLhzJKVfZ6N0KWt
d08XcS5rG+ZGpmF4g4LTLFxuBWUJw+3HUHzlolW+II2g6LYNs98DmYdQp+5d/wyD
nPpIamO4ta69AL1qcCNCRGVnUByOUF/WpHM++f3XFcLhbJ4kVbrtQMG53SZ8mCER
GfuSfzECgYEA73GeVAb2BlmrbQpp6PXaFG80quswXcSTExaZhIMQotwb2+Q3PG9a
CUXmtgx8fY95l1EVrCJvW2LsbJIqe0kXwNXBuHDLtFbBTIlsOVrvmzw3qHuCmj3l
VcaPXDZV655NzDNvHsufJjIghfPhLYJn23/+38G1hrTRFmHKbMjicXMCgYEAyReh
YoehC30NMyn775t4kzPHTdydFIZUNUqxa4znA56n+JgIzKWsp8THjUhrfwv90h6U
vh/nD3PC9JJZARs5cWmveVVLppachcpl0OXuEtPadW8oCi1PK+dV5ZrM++NeGfns
9qUOvGs7TRJAyZnjeQ//4vXwBnJceBQxiMKyP9UCgYB90z/3Of05Ew/xagKDyAYE
rPeJRbQR4kXDRyH/L3yjiHUfVUrteDphGxmE2wTkWmvz50kzPpkz9cT1vM2UIbHY
xLta9/Mj3l8PoDt93FqDQd6hq93Svenw7DnTpD38ZiDNyM2A6lHEmZzbp2/SIXAA
Ob+ux7Vjh0tErrjX96x/HwKBgQCjPaSLyJAqNFSP0SgsRSgnTuQex9VYAQfAzyah
qRsrbBLtEfYqst8qvepEPaLN2p0sghi7EkjO2WlMgrTv2frSnzmMJHqp/B+J2Fi4
sL6H2CTCKf716/wWJtAq+HQoklUkfycmvazttZrJIOUpAtyOvTc7NeyoPxPjgnkH
jQ2IFQKBgHENrLBtC1AS5EGsw67z7Dhn0lLu6y5lorXXpYbpdIjGLpI4XaUqIHdV
+5IEa3vT+tpppA0lOy2g8s5b89kgBaXI1h21Bi42q7SL8ZDQnZvzKP6XMstFX0GJ
gUMPD/s2KNO+mwusxyPadtEy+D30VvUwXEBUvXalKsLXg3gZTcre
-----END RSA PRIVATE KEY-----
```
Private key `hermes@laptop`:
```
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzmo8evmHGQnbve2iYgtHCKDpJOt5KfJr92QDqwtJtIOpIm4j
5glZqPyE3oLbufG6MtAjKZsA/7YZN+hRXcuCIOWTTAkb/vZuj7SBNOqb1Aeq7WH4
M8DHPht1om7P87G+11MJegpfybbGMnl6XZcyIEre0s61n/gVUMTgLSQ+24y17b0I
Yx2wTttWYf16dJCpTFpc4UkrOQBI1GNI0QFzD5Fz83/HaoXeiSqXcb5NX43NeAVi
EmaoHoi6VFC/oZPpneUgd9TRCrU5Mep0OUG13vQUsLtArcYwKtb2h8C92yzS+zRQ
K65bSHzodAQ0gAzlXzCep0p0YL+LpOdIJ1K9hQIDAQABAoIBAAXbtgO3eUIYqYfm
aqllsIpqJrPJixLJso6+4+vC0kCxS+eSQKqSsVy+bfbyt9G7LpGqnpTbtVeMj4Kq
sUR8NiFA4sFRsN23mMOzV8dssSd/YDaEhUrSudTlap1Fj9lWvhfWX3p7OOS8rztX
f0WQuPd5qIFLJJR5sgEs1T/yu2X3t0uctiGqHKe3Bm+5T74/1DCBPvW+3HCESiFs
ePlDzK0DuHBNIS116Ff//4ZFSNjClf/Sld61TrJQtdwNLSID3WcofN57wr+2HFO8
Bghljz9uap1m/MarDe6HaHGjlIfc33XOtBybftE2/tPz3bFbpR3lHuKwfikbAunF
80/Bh4ECgYEA+H4NIctq6Oni17I/8YaaRBp7fzYYFmgq009CqamwnxLVvJ8X/iPf
qnI0b5WypIFEj7vzPbuaIrRySy8GVQke2eGsiZrcgvHCwwcmceE484BHh7N93556
d/RXqBnMd6nT+c6In5rPLj4cJfqGgD2QQ13MmII/ID3k0guPc8VSNN0CgYEA1Ka9
bJjEE6ru1vHW7tbmGBLXyFYohcL4VECAosSpv4FbuPpzscwBWCmh/Sfoi/V8nKVr
GJmG9cao2mVJJv2ebo/q9bJ96oXV1A4W5ah4BExG+F524sI+bJJAr7sGsZ/P247r
SbXP1w8VVIMHqaGLtQ/ygX3EMTt3oCqQ76zCbMkCgYBRivvANUJ2ABpCcent1h/V
bWNNUXECGVjEUuQrTNX6vXGKHiL/cMI66pMucs9WkFzxVdnyThe8f75p0ZqgWQfY
s+esmDb4eWFSIoyJHkFUFqpia5JIyXai2nnRXfXs5rv6472Nsn1+TT9rbxSoDIvE
r4kuGr+gUu89xjFi6kOZuQKBgQDHGr+tWHPuPlOWaaVmx0t1Kt9jMliKtXyx1hsb
S6vsJQBueAGvbWWs2H5Ve/JeaSGdwbw+sjENGk6q/b66hSi8OIA0QEVpOpp1DCQg
L9b/nzOsBTanJlwwZ9etMh4YXZvO5UgkIdlScUr1cCHSj/ExPJdA6zKxLg7ZpkFC
R61bEQKBgCJTuCZzEXN6AZ721QgJWlJakcqV62NTXlRxPR9kW4msRHodkXMVjUhF
IAS9tJObLcVpOiL2TaZ5jvrjP/9u8Zq7AVLmY36oaEz3Uw2abGGn0+lM0Ai019p7
g8Jnx5PIr5hLY4qCMOY2ItdP5n+Kne9WwZaQETULVUV+m2X+aC/i
-----END RSA PRIVATE KEY-----
```
### cn=Turanga Leela,ou=people,dc=planetexpress,dc=com

9
bootstrap/config/openssh_lpk.ldif Normal file
Просмотреть файл

@ -0,0 +1,9 @@
dn: cn=openssh-lpk,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openssh-lpk
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey'
SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass'
MUST ( sshPublicKey $ uid ) )

14
bootstrap/data/10_people_hermes.ldif
Просмотреть файл

@ -3,6 +3,7 @@ objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ldapPublicKey
cn: Hermes Conrad
sn: Conrad
description: Human
@ -14,4 +15,15 @@ ou: Office Management
uid: hermes
userPassword:: e3NzaGF9M3UzcUdCSmFMc2tiUEg0OVJrYlFtUk9HTktFb1lOUXZkU2lOZmc9P
Q==
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Fk93z/DLVBj4gHUw3+LOh
aIAwCmmXHSfCOlD9Pa1NUTDgURf32m//tRBSDn6o9BTsaHkXyOdTYUF6mXxfwdHaGx3bfXDnUQE
X/1J88x0LL6p+sigrGc9/2OUZtL5Af4lNPgbUl1U15U2hhh/Nv9URObSPIbAxURIIArrfYMgDNc
UoA/BA4dxnk2lc9Mc/Fozkx7N7bNVT1GOAtosR5Y+ukdTwJFzKmrH6hBAzRKVIxfa4XT+cOmOYW
4kL/ca/owHQURxqI4VMKcLEkEYdwANRt1/HJL5kJkpDPQF2gmrH+XNs46E3zicMIzEzKa53gks9
hiyRt/AT7UMwXbmSbGv hermes@pc
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOajx6+YcZCdu97aJiC0cIo
Okk63kp8mv3ZAOrC0m0g6kibiPmCVmo/ITegtu58boy0CMpmwD/thk36FFdy4Ig5ZNMCRv+9m6P
tIE06pvUB6rtYfgzwMc+G3Wibs/zsb7XUwl6Cl/JtsYyeXpdlzIgSt7SzrWf+BVQxOAtJD7bjLX
tvQhjHbBO21Zh/Xp0kKlMWlzhSSs5AEjUY0jRAXMPkXPzf8dqhd6JKpdxvk1fjc14BWISZqgeiL
pUUL+hk+md5SB31NEKtTkx6nQ5QbXe9BSwu0CtxjAq1vaHwL3bLNL7NFArrltIfOh0BDSADOVfM
J6nSnRgv4uk50gnUr2F hermes@laptop

6
bootstrap/slapd-init.sh
Просмотреть файл

@ -66,6 +66,11 @@ configure_msad_features(){
ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/msad.ldif -Q
}
configure_ssh_features(){
echo "Configure SSH Extensions"
ldapadd -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/openssh_lpk.ldif -Q
}
load_initial_data() {
echo "Load data..."
local data=$(find ${DATA_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort)
@ -87,6 +92,7 @@ chown -R openldap:openldap /etc/ldap
slapd -h "ldapi:///" -u openldap -g openldap
configure_msad_features
configure_ssh_features
configure_tls
configure_logging
load_initial_data