From 705cf8bb6a6cdd2bc167769590f93b307bb64d40 Mon Sep 17 00:00:00 2001 From: Martin Heide Date: Wed, 15 Jul 2020 09:37:54 +0000 Subject: [PATCH] Rework to use docker-compose Signed-off-by: Martin Heide --- Documentation/connectors/ldap.md | 9 +++-- examples/{ => ldap}/config-ldap.ldif | 0 examples/{ => ldap}/config-ldap.yaml | 0 examples/ldap/docker-compose.yaml | 17 +++++++++ scripts/slapd.sh | 56 ---------------------------- 5 files changed, 22 insertions(+), 60 deletions(-) rename examples/{ => ldap}/config-ldap.ldif (100%) rename examples/{ => ldap}/config-ldap.yaml (100%) create mode 100644 examples/ldap/docker-compose.yaml delete mode 100755 scripts/slapd.sh diff --git a/Documentation/connectors/ldap.md b/Documentation/connectors/ldap.md index c1c102f1..5c74a319 100644 --- a/Documentation/connectors/ldap.md +++ b/Documentation/connectors/ldap.md @@ -13,16 +13,17 @@ The connector executes two primary queries: The dex repo contains a basic LDAP setup using [OpenLDAP][openldap]. -First start the LDAP server using the example script. This will run the OpenLDAP daemon in a Docker container, and seed it with an initial set of users. +First start the LDAP server using docker-compose. This will run the OpenLDAP daemon in a Docker container, and seed it with an initial set of users. ``` -./scripts/slapd.sh +cd examples/ldap +docker-compose up ``` -This script sets the LDAP daemon to debug mode, and is expected to print several error messages which are normal. Once the server is up, run dex. +This container is expected to print several warning messages which are normal. Once the server is up, run dex in another terminal. ``` -./bin/dex serve examples/config-ldap.yaml +./bin/dex serve examples/ldap/config-ldap.yaml ``` Then run the OAuth client in another terminal. diff --git a/examples/config-ldap.ldif b/examples/ldap/config-ldap.ldif similarity index 100% rename from examples/config-ldap.ldif rename to examples/ldap/config-ldap.ldif diff --git a/examples/config-ldap.yaml b/examples/ldap/config-ldap.yaml similarity index 100% rename from examples/config-ldap.yaml rename to examples/ldap/config-ldap.yaml diff --git a/examples/ldap/docker-compose.yaml b/examples/ldap/docker-compose.yaml new file mode 100644 index 00000000..7cb4e658 --- /dev/null +++ b/examples/ldap/docker-compose.yaml @@ -0,0 +1,17 @@ +version: "3" + +services: + ldap: + image: osixia/openldap:1.4.0 + # Copying is required because the entrypoint modifies the *.ldif files. + # For verbose output, use: + #command: ["--copy-service", "--loglevel", "debug"] + command: ["--copy-service"] + volumes: + # https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif + # Option 1: Add additional seed file by mounting to /container/service/slapd/assets/config/bootstrap/ldif/custom/ + # Option 2: Overwrite default seed file by mounting to /container/service/slapd/assets/config/bootstrap/ldif/ + - ./config-ldap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/config-ldap.ldif + ports: + - 389:389 + - 636:636 diff --git a/scripts/slapd.sh b/scripts/slapd.sh deleted file mode 100755 index da3fffdf..00000000 --- a/scripts/slapd.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -# -# Start an OpenLDAP container and populate it with example entries. -# https://github.com/dexidp/dex/blob/master/Documentation/connectors/ldap.md -# -# Usage: -# slapd.sh Kill a possibly preexisting "ldap" container, start a new one, and populate the directory. -# slapd.sh --keep Same, but keep the container if it is already running. -# -set -eu -cd -- "$(dirname "$0")/.." - -run_cmd() { - echo ">" "$@" >&2 - "$@" -} - -keep_running= -if [ $# -gt 0 ] && [ "$1" = "--keep" ]; then - keep_running=1 -fi - -if [ -z "$keep_running" ] || [ "$(docker inspect --format="{{.State.Running}}" ldap 2> /dev/null)" != "true" ]; then - echo "LDAP container not running, or running and --keep not specified." - echo "Removing old LDAP container (if any)..." - run_cmd docker rm --force ldap || true - echo "Starting LDAP container..." - # Currently the most popular OpenLDAP image on Docker Hub. Comes with the latest version OpenLDAP 2.4.50. - run_cmd docker run -p 389:389 -p 636:636 -v $PWD:$PWD --name ldap --detach osixia/openldap:1.4.0 - - tries=1 - max_tries=10 - echo "Waiting for LDAP container ($tries/$max_tries)..." - # Wait until expected line "structuralObjectClass: organization" shows up. - # Seems to work more reliably than waiting for exit code 0. That would be: - # while ! docker exec ldap slapcat -b "dc=example,dc=org" > /dev/null 2>&1; do - while [[ ! "$(docker exec ldap slapcat -b "dc=example,dc=org" 2>/dev/null)" =~ organization ]]; do - ((++tries)) - if [ "$tries" -gt "$max_tries" ]; then - echo "ERROR: Timeout waiting for LDAP container." - exit 1 - fi - sleep 1 - echo "Waiting for LDAP container ($tries/$max_tries)..." - done -fi - -echo "Adding example entries to directory..." -run_cmd docker exec ldap ldapadd \ - -x \ - -D "cn=admin,dc=example,dc=org" \ - -w admin \ - -H ldap://localhost:389/ \ - -f $PWD/examples/config-ldap.ldif - -echo "OK."