Add missing slapd.sh script from LDAP docs, and convert it to using Docker

Signed-off-by: Martin Heide <martin.heide@faro.com>
2020-07-13 15:33:35 +00:00 · 2020-07-13 15:33:35 +00:00 · ce337661b9
parent 62efe7bf07
commit ce337661b9
4 changed files with 59 additions and 7 deletions
--- a/Documentation/connectors/ldap.md
+++ b/Documentation/connectors/ldap.md
@ -13,7 +13,7 @@ The connector executes two primary queries:

 The dex repo contains a basic LDAP setup using [OpenLDAP][openldap].

-First start the LDAP server using the example script. This will run the OpenLDAP daemon and seed it with an initial set of users.
+First start the LDAP server using the example script. This will run the OpenLDAP daemon in a Docker container, and seed it with an initial set of users.

 ```
 ./scripts/slapd.sh
--- a/examples/config-ldap.ldif
+++ b/examples/config-ldap.ldif
@ -1,8 +1,10 @@
-dn: dc=example,dc=org
-objectClass: dcObject
-objectClass: organization
-o: Example Company
-dc: example
+# Already included in default config of Docker image osixia/openldap:1.4.0.
+#
+# dn: dc=example,dc=org
+# objectClass: dcObject
+# objectClass: organization
+# o: Example Company
+# dc: example

 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
--- a/examples/config-ldap.yaml
+++ b/examples/config-ldap.yaml
@ -11,7 +11,7 @@ connectors:
  name: OpenLDAP
  id: ldap
  config:
-    host: localhost:10389
+    host: localhost:389

    # No TLS for this setup.
    insecureNoSSL: true
--- a/scripts/slapd.sh
+++ b/scripts/slapd.sh
@ -0,0 +1,50 @@
+#!/bin/bash
+#
+# Start an OpenLDAP container and populate it with example entries.
+# https://github.com/dexidp/dex/blob/master/Documentation/connectors/ldap.md
+#
+# Usage:
+#   slapd.sh          Kill a possibly preexisting "ldap" container, start a new one, and populate the directory.
+#   slapd.sh --keep   Same, but keep the container if it is already running.
+#
+set -eu
+cd -- "$(dirname "$0")/.."
+
+keep_running=
+if [ $# -gt 0 ] && [ "$1" = "--keep" ]; then
+    keep_running=1
+fi
+
+if [ -z "$keep_running" ] || [ "$(docker inspect --format="{{.State.Running}}" ldap 2> /dev/null)" != "true" ]; then
+    echo "LDAP container not running, or running and --keep not specified."
+    echo "Removing old LDAP container (if any)..."
+    docker rm --force ldap || true
+    echo "Starting LDAP container..."
+    # Currently the most popular OpenLDAP image on Docker Hub. Comes with the latest version OpenLDAP 2.4.50.
+    docker run -p 389:389 -p 636:636 -v $PWD:$PWD --name ldap --detach osixia/openldap:1.4.0
+
+    tries=1
+    max_tries=10
+    echo "Waiting for LDAP container ($tries/$max_tries)..."
+    # Wait until expected line "structuralObjectClass: organization" shows up.
+    # Seems to work more reliably than waiting for exit code 0. That would be:
+    #   while ! docker exec ldap slapcat -b "dc=example,dc=org" > /dev/null 2>&1; do
+    while [[ ! "$(docker exec ldap slapcat -b "dc=example,dc=org" 2>/dev/null)" =~ organization ]]; do
+        ((++tries))
+        if [ "$tries" -gt "$max_tries" ]; then
+            echo "ERROR: Timeout waiting for LDAP container."
+            exit 1
+        fi
+        sleep 1
+        echo "Waiting for LDAP container ($tries/$max_tries)..."
+    done
+fi
+
+echo "Adding example entries to directory..."
+set -x
+docker exec ldap ldapadd \
+    -x \
+    -D "cn=admin,dc=example,dc=org" \
+    -w admin \
+    -H ldap://localhost:389/ \
+    -f $PWD/examples/config-ldap.ldif