Add nis and updated eduperson schemas; fix postgres startup issue

base/Dockerfile

@@ -52,8 +52,9 @@ RUN chown -R ldap:ldap /var/lib/ldap /etc/openldap/slapd.d \
     && ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/base/ldap/domain.ldif \
     && ldapadd -H ldapi:/// -f /etc/openldap/schema/cosine.ldif \
     && ldapadd -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif \
+    && ldapadd -H ldapi:/// -f /etc/openldap/schema/nis.ldif \
     && ldapadd -H ldapi:/// -f /tmp/base/ldap/memberOf.ldif \
-    && ldapadd -H ldapi:/// -f /tmp/base/ldap/eduPerson.ldif \
+    && ldapadd -H ldapi:/// -f /tmp/base/ldap/eduperson.ldif \
     && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /tmp/base/ldap/users.ldif \
     && pkill -HUP slapd \
     && while nc -z localhost 389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done
@@ -70,6 +71,8 @@ RUN . /usr/local/bin/library.sh \
     && (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
     && while ! nc -z localhost 389 > /dev/null; do echo waiting for ldap to start; sleep 1; done \
     && su -l postgres -c /usr/bin/initdb \
+    && sudo mkdir /var/run/postgresql \
+    && sudo chown postgres:postgres /var/run/postgresql \
     && su -l postgres -c "pg_ctl -D /var/lib/pgsql/data -l /tmp/pg_logfile start" \
     && while ! nc -z localhost 5432 > /dev/null; do echo waiting for postgres to start; sleep 3; done \
     && psql -U postgres -f /tmp/base/postgres/00-init_dbs_and_users.sql \

base/container_files/ldap/README

@@ -0,0 +1,3 @@
+nis.ldif: https://git.openldap.org/openldap/openldap/-/raw/master/servers/slapd/schema/nis.ldif?ref_type=heads
+eduPerson.ldif: https://wiki.refeds.org/display/STAN/eduPerson+LDIF+Files > https://github.com/REFEDS/eduperson/blob/master/schema/openldap/eduperson.ldif
+

base/container_files/ldap/eduperson.ldif

@@ -0,0 +1,160 @@
+# REFEDS Schema Board
+#
+# eduPerson (202208) - v4.4.0
+#
+# $Customized for OpenLDAP$
+################################################################################
+#
+# dn: cn=schema
+#
+################################################################################
+#
+dn: cn=eduPerson,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: eduPerson
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.1
+    NAME 'eduPersonAffiliation'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.2
+    NAME 'eduPersonNickname'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.3
+    NAME 'eduPersonOrgDN'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY distinguishedNameMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.12'
+    SINGLE-VALUE )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.4
+    NAME 'eduPersonOrgUnitDN'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY distinguishedNameMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.5
+    NAME 'eduPersonPrimaryAffiliation'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+    SINGLE-VALUE )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.6
+    NAME 'eduPersonPrincipalName'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+    SINGLE-VALUE )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.12
+    NAME 'eduPersonPrincipalNamePrior'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.7
+    NAME 'eduPersonEntitlement'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseExactMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.8
+    NAME 'eduPersonPrimaryOrgUnitDN'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY distinguishedNameMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.12'
+    SINGLE-VALUE )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.9
+    NAME 'eduPersonScopedAffiliation'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.10
+    NAME 'eduPersonTargetedID'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.11
+    NAME 'eduPersonAssurance'
+    DESC 'eduPerson per Internet2 and EDUCAUSE'
+    EQUALITY caseIgnoreMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.13
+    NAME 'eduPersonUniqueId'
+    DESC 'eduPersonUniqueId per Internet2'
+    EQUALITY caseIgnoreMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+#
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.16
+    NAME 'eduPersonOrcid'
+    DESC 'ORCID researcher identifiers belonging to the principal'
+    EQUALITY caseIgnoreMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.17
+    NAME 'eduPersonAnalyticsTag'
+    DESC 'Arbitrary reporting value associated with a subject or transaction'
+    EQUALITY caseExactMatch
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+#
+################################################################################
+olcAttributeTypes: ( 1.3.6.1.4.1.5923.1.1.1.18
+    NAME 'eduPersonDisplayPronouns'
+    DESC 'Human-readable set of pronouns'
+    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE)
+#
+################################################################################
+#
+olcObjectClasses: ( 1.3.6.1.4.1.5923.1.1.2
+    NAME 'eduPerson'
+    DESC 'eduPerson (202208) - v4.4.0 - REFEDS Schema Board'
+    AUXILIARY
+    MAY ( eduPersonAffiliation $ eduPersonNickname $ eduPersonOrgDN $
+          eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $
+          eduPersonPrincipalName $ eduPersonPrincipalNamePrior $ eduPersonEntitlement $
+          eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation $
+          eduPersonTargetedID $ eduPersonAssurance $
+          eduPersonUniqueId $ eduPersonOrcid $ eduPersonDisplayPronouns ) )
+#
+################################################################################

base/container_files/ldap/nis.ldif

@@ -0,0 +1,120 @@
+# NIS (RFC2307)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2024 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Definitions from RFC2307 (Experimental)
+#	An Approach for Using LDAP as a Network Information Service
+#
+# Depends upon core.ldif and cosine.ldif
+#
+# This file was automatically generated from nis.schema; see that file
+# for complete references.
+#
+dn: cn=nis,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: nis
+olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
+ e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
+ e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
+ e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
+ A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
+ seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
+ oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
+ ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
+ ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
+ ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
+  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
+ aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
+ e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
+ tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.26{1024} SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
+ f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
+ mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ 
+ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
+ ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
+  $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive 
+ $ shadowExpire $ shadowFlag $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of 
+ a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
+ sword $ memberUid $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
+ nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
+ rviceProtocol ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of 
+ an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
+  ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
+ NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
+ AY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
+ st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
+ ription $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
+ n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
+ kNumber $ l $ description $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
+  a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
+ tgroup $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
+ on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a 
+ NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
+ ption )
+olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
+ ith a MAC address' SUP top AUXILIARY MAY macAddress )
+olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device 
+ with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )