Initial configuration with added ssh public keys
This commit is contained in:
Родитель
6da4391268
Коммит
3f2033efbc
|
@ -0,0 +1,38 @@
|
|||
workspace:
|
||||
base: /srv/app
|
||||
path: src
|
||||
|
||||
clone:
|
||||
git:
|
||||
image: plugins/git:1
|
||||
depth: 50
|
||||
tags: true
|
||||
|
||||
pipeline:
|
||||
docker:
|
||||
image: plugins/docker:17.05
|
||||
pull: true
|
||||
secrets: [ docker_username, docker_password ]
|
||||
repo: gitea/test-openldap
|
||||
tags: [ '${DRONE_BRANCH##release/v}' ]
|
||||
when:
|
||||
event: [ push ]
|
||||
branch: [ release/* ]
|
||||
|
||||
docker:
|
||||
image: plugins/docker:17.05
|
||||
pull: true
|
||||
secrets: [ docker_username, docker_password ]
|
||||
repo: gitea/test-openldap
|
||||
tags: [ 'latest' ]
|
||||
when:
|
||||
event: [ push ]
|
||||
branch: [ master ]
|
||||
|
||||
discord:
|
||||
image: appleboy/drone-discord:1.0.0
|
||||
pull: true
|
||||
secrets: [ discord_webhook_id, discord_webhook_token ]
|
||||
when:
|
||||
event: [ push, tag, pull_request ]
|
||||
status: [ changed, failure ]
|
|
@ -0,0 +1,3 @@
|
|||
pattern = "(?)LGTM"
|
||||
self_approval_off = true
|
||||
ignore_maintainers_file = true
|
|
@ -1,5 +1,5 @@
|
|||
FROM debian:stretch-slim
|
||||
MAINTAINER Rafael Römhild <rafael@roemhild.de>
|
||||
LABEL maintainer="maintainers@gitea.io"
|
||||
|
||||
# Install slapd and requirements
|
||||
RUN apt-get update \
|
||||
|
|
72
README.md
72
README.md
|
@ -1,9 +1,9 @@
|
|||
# OpenLDAP Docker Image for testing
|
||||
|
||||
![Docker Build Status](https://img.shields.io/docker/build/rroemhild/test-openldap.svg) ![Docker Stars](https://img.shields.io/docker/stars/rroemhild/test-openldap.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/rroemhild/test-openldap.svg)
|
||||
|
||||
This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain `planetexpress.com` with data from the [Futurama Wiki][futuramawikia].
|
||||
|
||||
Based on Rafael Römhild [docker-test-openldap][dockertestopenldap].
|
||||
|
||||
Parts of the image are based on the work from Nick Stenning [docker-slapd][slapd] and Bertrand Gouny [docker-openldap][openldap].
|
||||
|
||||
The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit tests.
|
||||
|
@ -12,6 +12,7 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test
|
|||
[openldap]: https://github.com/osixia/docker-openldap
|
||||
[flaskldapconn]: https://github.com/rroemhild/flask-ldapconn
|
||||
[futuramawikia]: http://futurama.wikia.com
|
||||
[dockertestopenldap]: https://github.com/rroemhild/docker-test-openldap
|
||||
|
||||
|
||||
## Features
|
||||
|
@ -24,8 +25,8 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test
|
|||
## Usage
|
||||
|
||||
```
|
||||
docker pull rroemhild/test-openldap
|
||||
docker run --privileged -d -p 389:389 rroemhild/test-openldap
|
||||
docker pull gitea/test-openldap
|
||||
docker run --privileged -d -p 389:389 gitea/test-openldap
|
||||
```
|
||||
|
||||
## Exposed ports
|
||||
|
@ -123,6 +124,69 @@ docker run --privileged -d -p 389:389 rroemhild/test-openldap
|
|||
| ou | Office Management |
|
||||
| uid | hermes |
|
||||
| userPassword | hermes |
|
||||
| sshPublicKey | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Fk93z/DLVBj4gHUw3+LOhaIAwCmmXHSfCOlD9Pa1NUTDgURf32m//tRBSDn6o9BTsaHkXyOdTYUF6mXxfwdHaGx3bfXDnUQEX/1J88x0LL6p+sigrGc9/2OUZtL5Af4lNPgbUl1U15U2hhh/Nv9URObSPIbAxURIIArrfYMgDNcUoA/BA4dxnk2lc9Mc/Fozkx7N7bNVT1GOAtosR5Y+ukdTwJFzKmrH6hBAzRKVIxfa4XT+cOmOYW4kL/ca/owHQURxqI4VMKcLEkEYdwANRt1/HJL5kJkpDPQF2gmrH+XNs46E3zicMIzEzKa53gks9hiyRt/AT7UMwXbmSbGv hermes@pc |
|
||||
| sshPublicKey | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOajx6+YcZCdu97aJiC0cIoOkk63kp8mv3ZAOrC0m0g6kibiPmCVmo/ITegtu58boy0CMpmwD/thk36FFdy4Ig5ZNMCRv+9m6PtIE06pvUB6rtYfgzwMc+G3Wibs/zsb7XUwl6Cl/JtsYyeXpdlzIgSt7SzrWf+BVQxOAtJD7bjLXtvQhjHbBO21Zh/Xp0kKlMWlzhSSs5AEjUY0jRAXMPkXPzf8dqhd6JKpdxvk1fjc14BWISZqgeiLpUUL+hk+md5SB31NEKtTkx6nQ5QbXe9BSwu0CtxjAq1vaHwL3bLNL7NFArrltIfOh0BDSADOVfMJ6nSnRgv4uk50gnUr2F hermes@laptop |
|
||||
|
||||
Private key `hermes@pc`:
|
||||
```
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAvBZPd8/wy1QY+IB1MN/izoWiAMApplx0nwjpQ/T2tTVEw4FE
|
||||
X99pv/7UQUg5+qPQU7Gh5F8jnU2FBepl8X8HR2hsd231w51EBF/9SfPMdCy+qfrI
|
||||
oKxnPf9jlGbS+QH+JTT4G1JdVNeVNoYYfzb/VETm0jyGwMVESCAK632DIAzXFKAP
|
||||
wQOHcZ5NpXPTHPxaM5Meze2zVU9RjgLaLEeWPrpHU8CRcypqx+oQQM0SlSMX2uF0
|
||||
/nDpjmFuJC/3Gv6MB0FEcaiOFTCnCxJBGHcADUbdfxyS+ZCZKQz0BdoJqx/lzbOO
|
||||
hN84nDCMxMymud4JLPYYskbfwE+1DMF25kmxrwIDAQABAoIBAFJH+E/TueVZTus3
|
||||
Vw0ghFoQf8SQTCgo/iOshE9kVKEFQqW8YSsH031Yf4ZnkGWjUDms1cPQEwZ3qR/j
|
||||
YOF6zrZgakL86ay/mcfILkgxzVltUaOOwEH56dhnZyq+qMCiLIoeWAOrzoSVIwON
|
||||
Oh488wnscoW6UMD4C1z6F4zZhYl5E82pQpwacoBmxa9VjCuY+zLhzJKVfZ6N0KWt
|
||||
d08XcS5rG+ZGpmF4g4LTLFxuBWUJw+3HUHzlolW+II2g6LYNs98DmYdQp+5d/wyD
|
||||
nPpIamO4ta69AL1qcCNCRGVnUByOUF/WpHM++f3XFcLhbJ4kVbrtQMG53SZ8mCER
|
||||
GfuSfzECgYEA73GeVAb2BlmrbQpp6PXaFG80quswXcSTExaZhIMQotwb2+Q3PG9a
|
||||
CUXmtgx8fY95l1EVrCJvW2LsbJIqe0kXwNXBuHDLtFbBTIlsOVrvmzw3qHuCmj3l
|
||||
VcaPXDZV655NzDNvHsufJjIghfPhLYJn23/+38G1hrTRFmHKbMjicXMCgYEAyReh
|
||||
YoehC30NMyn775t4kzPHTdydFIZUNUqxa4znA56n+JgIzKWsp8THjUhrfwv90h6U
|
||||
vh/nD3PC9JJZARs5cWmveVVLppachcpl0OXuEtPadW8oCi1PK+dV5ZrM++NeGfns
|
||||
9qUOvGs7TRJAyZnjeQ//4vXwBnJceBQxiMKyP9UCgYB90z/3Of05Ew/xagKDyAYE
|
||||
rPeJRbQR4kXDRyH/L3yjiHUfVUrteDphGxmE2wTkWmvz50kzPpkz9cT1vM2UIbHY
|
||||
xLta9/Mj3l8PoDt93FqDQd6hq93Svenw7DnTpD38ZiDNyM2A6lHEmZzbp2/SIXAA
|
||||
Ob+ux7Vjh0tErrjX96x/HwKBgQCjPaSLyJAqNFSP0SgsRSgnTuQex9VYAQfAzyah
|
||||
qRsrbBLtEfYqst8qvepEPaLN2p0sghi7EkjO2WlMgrTv2frSnzmMJHqp/B+J2Fi4
|
||||
sL6H2CTCKf716/wWJtAq+HQoklUkfycmvazttZrJIOUpAtyOvTc7NeyoPxPjgnkH
|
||||
jQ2IFQKBgHENrLBtC1AS5EGsw67z7Dhn0lLu6y5lorXXpYbpdIjGLpI4XaUqIHdV
|
||||
+5IEa3vT+tpppA0lOy2g8s5b89kgBaXI1h21Bi42q7SL8ZDQnZvzKP6XMstFX0GJ
|
||||
gUMPD/s2KNO+mwusxyPadtEy+D30VvUwXEBUvXalKsLXg3gZTcre
|
||||
-----END RSA PRIVATE KEY-----
|
||||
```
|
||||
Private key `hermes@laptop`:
|
||||
```
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAzmo8evmHGQnbve2iYgtHCKDpJOt5KfJr92QDqwtJtIOpIm4j
|
||||
5glZqPyE3oLbufG6MtAjKZsA/7YZN+hRXcuCIOWTTAkb/vZuj7SBNOqb1Aeq7WH4
|
||||
M8DHPht1om7P87G+11MJegpfybbGMnl6XZcyIEre0s61n/gVUMTgLSQ+24y17b0I
|
||||
Yx2wTttWYf16dJCpTFpc4UkrOQBI1GNI0QFzD5Fz83/HaoXeiSqXcb5NX43NeAVi
|
||||
EmaoHoi6VFC/oZPpneUgd9TRCrU5Mep0OUG13vQUsLtArcYwKtb2h8C92yzS+zRQ
|
||||
K65bSHzodAQ0gAzlXzCep0p0YL+LpOdIJ1K9hQIDAQABAoIBAAXbtgO3eUIYqYfm
|
||||
aqllsIpqJrPJixLJso6+4+vC0kCxS+eSQKqSsVy+bfbyt9G7LpGqnpTbtVeMj4Kq
|
||||
sUR8NiFA4sFRsN23mMOzV8dssSd/YDaEhUrSudTlap1Fj9lWvhfWX3p7OOS8rztX
|
||||
f0WQuPd5qIFLJJR5sgEs1T/yu2X3t0uctiGqHKe3Bm+5T74/1DCBPvW+3HCESiFs
|
||||
ePlDzK0DuHBNIS116Ff//4ZFSNjClf/Sld61TrJQtdwNLSID3WcofN57wr+2HFO8
|
||||
Bghljz9uap1m/MarDe6HaHGjlIfc33XOtBybftE2/tPz3bFbpR3lHuKwfikbAunF
|
||||
80/Bh4ECgYEA+H4NIctq6Oni17I/8YaaRBp7fzYYFmgq009CqamwnxLVvJ8X/iPf
|
||||
qnI0b5WypIFEj7vzPbuaIrRySy8GVQke2eGsiZrcgvHCwwcmceE484BHh7N93556
|
||||
d/RXqBnMd6nT+c6In5rPLj4cJfqGgD2QQ13MmII/ID3k0guPc8VSNN0CgYEA1Ka9
|
||||
bJjEE6ru1vHW7tbmGBLXyFYohcL4VECAosSpv4FbuPpzscwBWCmh/Sfoi/V8nKVr
|
||||
GJmG9cao2mVJJv2ebo/q9bJ96oXV1A4W5ah4BExG+F524sI+bJJAr7sGsZ/P247r
|
||||
SbXP1w8VVIMHqaGLtQ/ygX3EMTt3oCqQ76zCbMkCgYBRivvANUJ2ABpCcent1h/V
|
||||
bWNNUXECGVjEUuQrTNX6vXGKHiL/cMI66pMucs9WkFzxVdnyThe8f75p0ZqgWQfY
|
||||
s+esmDb4eWFSIoyJHkFUFqpia5JIyXai2nnRXfXs5rv6472Nsn1+TT9rbxSoDIvE
|
||||
r4kuGr+gUu89xjFi6kOZuQKBgQDHGr+tWHPuPlOWaaVmx0t1Kt9jMliKtXyx1hsb
|
||||
S6vsJQBueAGvbWWs2H5Ve/JeaSGdwbw+sjENGk6q/b66hSi8OIA0QEVpOpp1DCQg
|
||||
L9b/nzOsBTanJlwwZ9etMh4YXZvO5UgkIdlScUr1cCHSj/ExPJdA6zKxLg7ZpkFC
|
||||
R61bEQKBgCJTuCZzEXN6AZ721QgJWlJakcqV62NTXlRxPR9kW4msRHodkXMVjUhF
|
||||
IAS9tJObLcVpOiL2TaZ5jvrjP/9u8Zq7AVLmY36oaEz3Uw2abGGn0+lM0Ai019p7
|
||||
g8Jnx5PIr5hLY4qCMOY2ItdP5n+Kne9WwZaQETULVUV+m2X+aC/i
|
||||
-----END RSA PRIVATE KEY-----
|
||||
```
|
||||
|
||||
### cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
|
||||
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
dn: cn=openssh-lpk,cn=schema,cn=config
|
||||
objectClass: olcSchemaConfig
|
||||
cn: openssh-lpk
|
||||
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
|
||||
DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
||||
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey'
|
||||
SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||
MUST ( sshPublicKey $ uid ) )
|
|
@ -3,6 +3,7 @@ objectClass: top
|
|||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: ldapPublicKey
|
||||
cn: Hermes Conrad
|
||||
sn: Conrad
|
||||
description: Human
|
||||
|
@ -14,4 +15,15 @@ ou: Office Management
|
|||
uid: hermes
|
||||
userPassword:: e3NzaGF9M3UzcUdCSmFMc2tiUEg0OVJrYlFtUk9HTktFb1lOUXZkU2lOZmc9P
|
||||
Q==
|
||||
|
||||
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Fk93z/DLVBj4gHUw3+LOh
|
||||
aIAwCmmXHSfCOlD9Pa1NUTDgURf32m//tRBSDn6o9BTsaHkXyOdTYUF6mXxfwdHaGx3bfXDnUQE
|
||||
X/1J88x0LL6p+sigrGc9/2OUZtL5Af4lNPgbUl1U15U2hhh/Nv9URObSPIbAxURIIArrfYMgDNc
|
||||
UoA/BA4dxnk2lc9Mc/Fozkx7N7bNVT1GOAtosR5Y+ukdTwJFzKmrH6hBAzRKVIxfa4XT+cOmOYW
|
||||
4kL/ca/owHQURxqI4VMKcLEkEYdwANRt1/HJL5kJkpDPQF2gmrH+XNs46E3zicMIzEzKa53gks9
|
||||
hiyRt/AT7UMwXbmSbGv hermes@pc
|
||||
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOajx6+YcZCdu97aJiC0cIo
|
||||
Okk63kp8mv3ZAOrC0m0g6kibiPmCVmo/ITegtu58boy0CMpmwD/thk36FFdy4Ig5ZNMCRv+9m6P
|
||||
tIE06pvUB6rtYfgzwMc+G3Wibs/zsb7XUwl6Cl/JtsYyeXpdlzIgSt7SzrWf+BVQxOAtJD7bjLX
|
||||
tvQhjHbBO21Zh/Xp0kKlMWlzhSSs5AEjUY0jRAXMPkXPzf8dqhd6JKpdxvk1fjc14BWISZqgeiL
|
||||
pUUL+hk+md5SB31NEKtTkx6nQ5QbXe9BSwu0CtxjAq1vaHwL3bLNL7NFArrltIfOh0BDSADOVfM
|
||||
J6nSnRgv4uk50gnUr2F hermes@laptop
|
||||
|
|
|
@ -66,6 +66,11 @@ configure_msad_features(){
|
|||
ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/msad.ldif -Q
|
||||
}
|
||||
|
||||
configure_ssh_features(){
|
||||
echo "Configure SSH Extensions"
|
||||
ldapadd -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/openssh_lpk.ldif -Q
|
||||
}
|
||||
|
||||
load_initial_data() {
|
||||
echo "Load data..."
|
||||
local data=$(find ${DATA_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort)
|
||||
|
@ -87,6 +92,7 @@ chown -R openldap:openldap /etc/ldap
|
|||
slapd -h "ldapi:///" -u openldap -g openldap
|
||||
|
||||
configure_msad_features
|
||||
configure_ssh_features
|
||||
configure_tls
|
||||
configure_logging
|
||||
load_initial_data
|
||||
|
|
Загрузка…
Ссылка в новой задаче