diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..6c55d43 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,38 @@ +workspace: + base: /srv/app + path: src + +clone: + git: + image: plugins/git:1 + depth: 50 + tags: true + +pipeline: + docker: + image: plugins/docker:17.05 + pull: true + secrets: [ docker_username, docker_password ] + repo: gitea/test-openldap + tags: [ '${DRONE_BRANCH##release/v}' ] + when: + event: [ push ] + branch: [ release/* ] + + docker: + image: plugins/docker:17.05 + pull: true + secrets: [ docker_username, docker_password ] + repo: gitea/test-openldap + tags: [ 'latest' ] + when: + event: [ push ] + branch: [ master ] + + discord: + image: appleboy/drone-discord:1.0.0 + pull: true + secrets: [ discord_webhook_id, discord_webhook_token ] + when: + event: [ push, tag, pull_request ] + status: [ changed, failure ] diff --git a/.lgtm b/.lgtm new file mode 100644 index 0000000..d39781b --- /dev/null +++ b/.lgtm @@ -0,0 +1,3 @@ +pattern = "(?)LGTM" +self_approval_off = true +ignore_maintainers_file = true diff --git a/Dockerfile b/Dockerfile index 7cc63a9..13e7efc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM debian:stretch-slim -MAINTAINER Rafael Römhild +LABEL maintainer="maintainers@gitea.io" # Install slapd and requirements RUN apt-get update \ diff --git a/README.md b/README.md index 99f783a..5387193 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # OpenLDAP Docker Image for testing -![Docker Build Status](https://img.shields.io/docker/build/rroemhild/test-openldap.svg) ![Docker Stars](https://img.shields.io/docker/stars/rroemhild/test-openldap.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/rroemhild/test-openldap.svg) - This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain `planetexpress.com` with data from the [Futurama Wiki][futuramawikia]. +Based on Rafael Römhild [docker-test-openldap][dockertestopenldap]. + Parts of the image are based on the work from Nick Stenning [docker-slapd][slapd] and Bertrand Gouny [docker-openldap][openldap]. The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit tests. @@ -12,6 +12,7 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test [openldap]: https://github.com/osixia/docker-openldap [flaskldapconn]: https://github.com/rroemhild/flask-ldapconn [futuramawikia]: http://futurama.wikia.com +[dockertestopenldap]: https://github.com/rroemhild/docker-test-openldap ## Features @@ -24,8 +25,8 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test ## Usage ``` -docker pull rroemhild/test-openldap -docker run --privileged -d -p 389:389 rroemhild/test-openldap +docker pull gitea/test-openldap +docker run --privileged -d -p 389:389 gitea/test-openldap ``` ## Exposed ports @@ -123,6 +124,69 @@ docker run --privileged -d -p 389:389 rroemhild/test-openldap | ou | Office Management | | uid | hermes | | userPassword | hermes | +| sshPublicKey | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Fk93z/DLVBj4gHUw3+LOhaIAwCmmXHSfCOlD9Pa1NUTDgURf32m//tRBSDn6o9BTsaHkXyOdTYUF6mXxfwdHaGx3bfXDnUQEX/1J88x0LL6p+sigrGc9/2OUZtL5Af4lNPgbUl1U15U2hhh/Nv9URObSPIbAxURIIArrfYMgDNcUoA/BA4dxnk2lc9Mc/Fozkx7N7bNVT1GOAtosR5Y+ukdTwJFzKmrH6hBAzRKVIxfa4XT+cOmOYW4kL/ca/owHQURxqI4VMKcLEkEYdwANRt1/HJL5kJkpDPQF2gmrH+XNs46E3zicMIzEzKa53gks9hiyRt/AT7UMwXbmSbGv hermes@pc | +| sshPublicKey | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOajx6+YcZCdu97aJiC0cIoOkk63kp8mv3ZAOrC0m0g6kibiPmCVmo/ITegtu58boy0CMpmwD/thk36FFdy4Ig5ZNMCRv+9m6PtIE06pvUB6rtYfgzwMc+G3Wibs/zsb7XUwl6Cl/JtsYyeXpdlzIgSt7SzrWf+BVQxOAtJD7bjLXtvQhjHbBO21Zh/Xp0kKlMWlzhSSs5AEjUY0jRAXMPkXPzf8dqhd6JKpdxvk1fjc14BWISZqgeiLpUUL+hk+md5SB31NEKtTkx6nQ5QbXe9BSwu0CtxjAq1vaHwL3bLNL7NFArrltIfOh0BDSADOVfMJ6nSnRgv4uk50gnUr2F hermes@laptop | + +Private key `hermes@pc`: +``` +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvBZPd8/wy1QY+IB1MN/izoWiAMApplx0nwjpQ/T2tTVEw4FE +X99pv/7UQUg5+qPQU7Gh5F8jnU2FBepl8X8HR2hsd231w51EBF/9SfPMdCy+qfrI +oKxnPf9jlGbS+QH+JTT4G1JdVNeVNoYYfzb/VETm0jyGwMVESCAK632DIAzXFKAP +wQOHcZ5NpXPTHPxaM5Meze2zVU9RjgLaLEeWPrpHU8CRcypqx+oQQM0SlSMX2uF0 +/nDpjmFuJC/3Gv6MB0FEcaiOFTCnCxJBGHcADUbdfxyS+ZCZKQz0BdoJqx/lzbOO +hN84nDCMxMymud4JLPYYskbfwE+1DMF25kmxrwIDAQABAoIBAFJH+E/TueVZTus3 +Vw0ghFoQf8SQTCgo/iOshE9kVKEFQqW8YSsH031Yf4ZnkGWjUDms1cPQEwZ3qR/j +YOF6zrZgakL86ay/mcfILkgxzVltUaOOwEH56dhnZyq+qMCiLIoeWAOrzoSVIwON +Oh488wnscoW6UMD4C1z6F4zZhYl5E82pQpwacoBmxa9VjCuY+zLhzJKVfZ6N0KWt +d08XcS5rG+ZGpmF4g4LTLFxuBWUJw+3HUHzlolW+II2g6LYNs98DmYdQp+5d/wyD +nPpIamO4ta69AL1qcCNCRGVnUByOUF/WpHM++f3XFcLhbJ4kVbrtQMG53SZ8mCER +GfuSfzECgYEA73GeVAb2BlmrbQpp6PXaFG80quswXcSTExaZhIMQotwb2+Q3PG9a +CUXmtgx8fY95l1EVrCJvW2LsbJIqe0kXwNXBuHDLtFbBTIlsOVrvmzw3qHuCmj3l +VcaPXDZV655NzDNvHsufJjIghfPhLYJn23/+38G1hrTRFmHKbMjicXMCgYEAyReh +YoehC30NMyn775t4kzPHTdydFIZUNUqxa4znA56n+JgIzKWsp8THjUhrfwv90h6U +vh/nD3PC9JJZARs5cWmveVVLppachcpl0OXuEtPadW8oCi1PK+dV5ZrM++NeGfns +9qUOvGs7TRJAyZnjeQ//4vXwBnJceBQxiMKyP9UCgYB90z/3Of05Ew/xagKDyAYE +rPeJRbQR4kXDRyH/L3yjiHUfVUrteDphGxmE2wTkWmvz50kzPpkz9cT1vM2UIbHY +xLta9/Mj3l8PoDt93FqDQd6hq93Svenw7DnTpD38ZiDNyM2A6lHEmZzbp2/SIXAA +Ob+ux7Vjh0tErrjX96x/HwKBgQCjPaSLyJAqNFSP0SgsRSgnTuQex9VYAQfAzyah +qRsrbBLtEfYqst8qvepEPaLN2p0sghi7EkjO2WlMgrTv2frSnzmMJHqp/B+J2Fi4 +sL6H2CTCKf716/wWJtAq+HQoklUkfycmvazttZrJIOUpAtyOvTc7NeyoPxPjgnkH +jQ2IFQKBgHENrLBtC1AS5EGsw67z7Dhn0lLu6y5lorXXpYbpdIjGLpI4XaUqIHdV ++5IEa3vT+tpppA0lOy2g8s5b89kgBaXI1h21Bi42q7SL8ZDQnZvzKP6XMstFX0GJ +gUMPD/s2KNO+mwusxyPadtEy+D30VvUwXEBUvXalKsLXg3gZTcre +-----END RSA PRIVATE KEY----- +``` +Private key `hermes@laptop`: +``` +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzmo8evmHGQnbve2iYgtHCKDpJOt5KfJr92QDqwtJtIOpIm4j +5glZqPyE3oLbufG6MtAjKZsA/7YZN+hRXcuCIOWTTAkb/vZuj7SBNOqb1Aeq7WH4 +M8DHPht1om7P87G+11MJegpfybbGMnl6XZcyIEre0s61n/gVUMTgLSQ+24y17b0I +Yx2wTttWYf16dJCpTFpc4UkrOQBI1GNI0QFzD5Fz83/HaoXeiSqXcb5NX43NeAVi +EmaoHoi6VFC/oZPpneUgd9TRCrU5Mep0OUG13vQUsLtArcYwKtb2h8C92yzS+zRQ +K65bSHzodAQ0gAzlXzCep0p0YL+LpOdIJ1K9hQIDAQABAoIBAAXbtgO3eUIYqYfm +aqllsIpqJrPJixLJso6+4+vC0kCxS+eSQKqSsVy+bfbyt9G7LpGqnpTbtVeMj4Kq +sUR8NiFA4sFRsN23mMOzV8dssSd/YDaEhUrSudTlap1Fj9lWvhfWX3p7OOS8rztX +f0WQuPd5qIFLJJR5sgEs1T/yu2X3t0uctiGqHKe3Bm+5T74/1DCBPvW+3HCESiFs +ePlDzK0DuHBNIS116Ff//4ZFSNjClf/Sld61TrJQtdwNLSID3WcofN57wr+2HFO8 +Bghljz9uap1m/MarDe6HaHGjlIfc33XOtBybftE2/tPz3bFbpR3lHuKwfikbAunF +80/Bh4ECgYEA+H4NIctq6Oni17I/8YaaRBp7fzYYFmgq009CqamwnxLVvJ8X/iPf +qnI0b5WypIFEj7vzPbuaIrRySy8GVQke2eGsiZrcgvHCwwcmceE484BHh7N93556 +d/RXqBnMd6nT+c6In5rPLj4cJfqGgD2QQ13MmII/ID3k0guPc8VSNN0CgYEA1Ka9 +bJjEE6ru1vHW7tbmGBLXyFYohcL4VECAosSpv4FbuPpzscwBWCmh/Sfoi/V8nKVr +GJmG9cao2mVJJv2ebo/q9bJ96oXV1A4W5ah4BExG+F524sI+bJJAr7sGsZ/P247r +SbXP1w8VVIMHqaGLtQ/ygX3EMTt3oCqQ76zCbMkCgYBRivvANUJ2ABpCcent1h/V +bWNNUXECGVjEUuQrTNX6vXGKHiL/cMI66pMucs9WkFzxVdnyThe8f75p0ZqgWQfY +s+esmDb4eWFSIoyJHkFUFqpia5JIyXai2nnRXfXs5rv6472Nsn1+TT9rbxSoDIvE +r4kuGr+gUu89xjFi6kOZuQKBgQDHGr+tWHPuPlOWaaVmx0t1Kt9jMliKtXyx1hsb +S6vsJQBueAGvbWWs2H5Ve/JeaSGdwbw+sjENGk6q/b66hSi8OIA0QEVpOpp1DCQg +L9b/nzOsBTanJlwwZ9etMh4YXZvO5UgkIdlScUr1cCHSj/ExPJdA6zKxLg7ZpkFC +R61bEQKBgCJTuCZzEXN6AZ721QgJWlJakcqV62NTXlRxPR9kW4msRHodkXMVjUhF +IAS9tJObLcVpOiL2TaZ5jvrjP/9u8Zq7AVLmY36oaEz3Uw2abGGn0+lM0Ai019p7 +g8Jnx5PIr5hLY4qCMOY2ItdP5n+Kne9WwZaQETULVUV+m2X+aC/i +-----END RSA PRIVATE KEY----- +``` ### cn=Turanga Leela,ou=people,dc=planetexpress,dc=com diff --git a/bootstrap/config/openssh_lpk.ldif b/bootstrap/config/openssh_lpk.ldif new file mode 100644 index 0000000..ca48c86 --- /dev/null +++ b/bootstrap/config/openssh_lpk.ldif @@ -0,0 +1,9 @@ +dn: cn=openssh-lpk,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: openssh-lpk +olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' + SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ uid ) ) diff --git a/bootstrap/data/10_people_hermes.ldif b/bootstrap/data/10_people_hermes.ldif index f414466..9c4ddc5 100644 --- a/bootstrap/data/10_people_hermes.ldif +++ b/bootstrap/data/10_people_hermes.ldif @@ -3,6 +3,7 @@ objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson +objectClass: ldapPublicKey cn: Hermes Conrad sn: Conrad description: Human @@ -14,4 +15,15 @@ ou: Office Management uid: hermes userPassword:: e3NzaGF9M3UzcUdCSmFMc2tiUEg0OVJrYlFtUk9HTktFb1lOUXZkU2lOZmc9P Q== - +sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Fk93z/DLVBj4gHUw3+LOh + aIAwCmmXHSfCOlD9Pa1NUTDgURf32m//tRBSDn6o9BTsaHkXyOdTYUF6mXxfwdHaGx3bfXDnUQE + X/1J88x0LL6p+sigrGc9/2OUZtL5Af4lNPgbUl1U15U2hhh/Nv9URObSPIbAxURIIArrfYMgDNc + UoA/BA4dxnk2lc9Mc/Fozkx7N7bNVT1GOAtosR5Y+ukdTwJFzKmrH6hBAzRKVIxfa4XT+cOmOYW + 4kL/ca/owHQURxqI4VMKcLEkEYdwANRt1/HJL5kJkpDPQF2gmrH+XNs46E3zicMIzEzKa53gks9 + hiyRt/AT7UMwXbmSbGv hermes@pc +sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOajx6+YcZCdu97aJiC0cIo + Okk63kp8mv3ZAOrC0m0g6kibiPmCVmo/ITegtu58boy0CMpmwD/thk36FFdy4Ig5ZNMCRv+9m6P + tIE06pvUB6rtYfgzwMc+G3Wibs/zsb7XUwl6Cl/JtsYyeXpdlzIgSt7SzrWf+BVQxOAtJD7bjLX + tvQhjHbBO21Zh/Xp0kKlMWlzhSSs5AEjUY0jRAXMPkXPzf8dqhd6JKpdxvk1fjc14BWISZqgeiL + pUUL+hk+md5SB31NEKtTkx6nQ5QbXe9BSwu0CtxjAq1vaHwL3bLNL7NFArrltIfOh0BDSADOVfM + J6nSnRgv4uk50gnUr2F hermes@laptop diff --git a/bootstrap/slapd-init.sh b/bootstrap/slapd-init.sh index 32d1fb8..3431ba5 100644 --- a/bootstrap/slapd-init.sh +++ b/bootstrap/slapd-init.sh @@ -66,6 +66,11 @@ configure_msad_features(){ ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/msad.ldif -Q } +configure_ssh_features(){ + echo "Configure SSH Extensions" + ldapadd -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/openssh_lpk.ldif -Q +} + load_initial_data() { echo "Load data..." local data=$(find ${DATA_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort) @@ -87,6 +92,7 @@ chown -R openldap:openldap /etc/ldap slapd -h "ldapi:///" -u openldap -g openldap configure_msad_features +configure_ssh_features configure_tls configure_logging load_initial_data