From ce337661b9ddc618e7391d5b132e209c601f3d29 Mon Sep 17 00:00:00 2001 From: Martin Heide Date: Mon, 13 Jul 2020 15:33:35 +0000 Subject: [PATCH] Add missing slapd.sh script from LDAP docs, and convert it to using Docker Signed-off-by: Martin Heide --- Documentation/connectors/ldap.md | 2 +- examples/config-ldap.ldif | 12 ++++---- examples/config-ldap.yaml | 2 +- scripts/slapd.sh | 50 ++++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 7 deletions(-) create mode 100755 scripts/slapd.sh diff --git a/Documentation/connectors/ldap.md b/Documentation/connectors/ldap.md index e69c3005..c1c102f1 100644 --- a/Documentation/connectors/ldap.md +++ b/Documentation/connectors/ldap.md @@ -13,7 +13,7 @@ The connector executes two primary queries: The dex repo contains a basic LDAP setup using [OpenLDAP][openldap]. -First start the LDAP server using the example script. This will run the OpenLDAP daemon and seed it with an initial set of users. +First start the LDAP server using the example script. This will run the OpenLDAP daemon in a Docker container, and seed it with an initial set of users. ``` ./scripts/slapd.sh diff --git a/examples/config-ldap.ldif b/examples/config-ldap.ldif index 55cc81f9..8840bf80 100644 --- a/examples/config-ldap.ldif +++ b/examples/config-ldap.ldif @@ -1,8 +1,10 @@ -dn: dc=example,dc=org -objectClass: dcObject -objectClass: organization -o: Example Company -dc: example +# Already included in default config of Docker image osixia/openldap:1.4.0. +# +# dn: dc=example,dc=org +# objectClass: dcObject +# objectClass: organization +# o: Example Company +# dc: example dn: ou=People,dc=example,dc=org objectClass: organizationalUnit diff --git a/examples/config-ldap.yaml b/examples/config-ldap.yaml index 05265b4b..f35465ad 100644 --- a/examples/config-ldap.yaml +++ b/examples/config-ldap.yaml @@ -11,7 +11,7 @@ connectors: name: OpenLDAP id: ldap config: - host: localhost:10389 + host: localhost:389 # No TLS for this setup. insecureNoSSL: true diff --git a/scripts/slapd.sh b/scripts/slapd.sh new file mode 100755 index 00000000..6d2e774d --- /dev/null +++ b/scripts/slapd.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# +# Start an OpenLDAP container and populate it with example entries. +# https://github.com/dexidp/dex/blob/master/Documentation/connectors/ldap.md +# +# Usage: +# slapd.sh Kill a possibly preexisting "ldap" container, start a new one, and populate the directory. +# slapd.sh --keep Same, but keep the container if it is already running. +# +set -eu +cd -- "$(dirname "$0")/.." + +keep_running= +if [ $# -gt 0 ] && [ "$1" = "--keep" ]; then + keep_running=1 +fi + +if [ -z "$keep_running" ] || [ "$(docker inspect --format="{{.State.Running}}" ldap 2> /dev/null)" != "true" ]; then + echo "LDAP container not running, or running and --keep not specified." + echo "Removing old LDAP container (if any)..." + docker rm --force ldap || true + echo "Starting LDAP container..." + # Currently the most popular OpenLDAP image on Docker Hub. Comes with the latest version OpenLDAP 2.4.50. + docker run -p 389:389 -p 636:636 -v $PWD:$PWD --name ldap --detach osixia/openldap:1.4.0 + + tries=1 + max_tries=10 + echo "Waiting for LDAP container ($tries/$max_tries)..." + # Wait until expected line "structuralObjectClass: organization" shows up. + # Seems to work more reliably than waiting for exit code 0. That would be: + # while ! docker exec ldap slapcat -b "dc=example,dc=org" > /dev/null 2>&1; do + while [[ ! "$(docker exec ldap slapcat -b "dc=example,dc=org" 2>/dev/null)" =~ organization ]]; do + ((++tries)) + if [ "$tries" -gt "$max_tries" ]; then + echo "ERROR: Timeout waiting for LDAP container." + exit 1 + fi + sleep 1 + echo "Waiting for LDAP container ($tries/$max_tries)..." + done +fi + +echo "Adding example entries to directory..." +set -x +docker exec ldap ldapadd \ + -x \ + -D "cn=admin,dc=example,dc=org" \ + -w admin \ + -H ldap://localhost:389/ \ + -f $PWD/examples/config-ldap.ldif