Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fixup for full test script
  • Loading branch information
pcaskey committed Aug 14, 2024
1 parent 654e8c4 commit 5f78603
Show file tree
Hide file tree
Showing 11 changed files with 344 additions and 56 deletions.
39 changes: 25 additions & 14 deletions test-compose/data/Dockerfile
@@ -1,19 +1,24 @@
FROM centos:centos7
FROM rockylinux:8.9

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"

# Set UTC Timezone & Networking
RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
&& echo "NETWORKING=yes" > /etc/sysconfig/network

# Install base deps
RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
yum -y install 389-ds-base 389-admin 389-adminutil net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \
yum -y clean all && \
mkdir -p /opt/tier && \
# Install Trusted Certificates
update-ca-trust force-enable

RUN dnf module enable -y php:7.4
RUN yum install -y epel-release \
&& yum update -y \
&& yum install -y phpldapadmin mod_ssl net-tools wget epel-release yum-utils php php-common php-opcache php-cli php-gd mod_php php-pgsql php-curl php-zip php-mbstring \
&& yum clean all \
&& rm -rf /var/cache/yum
RUN yum module enable -y 389-ds:1.4
RUN yum install -y 389-ds-base 389-ds-base-devel 389-ds-base-legacy-tools
RUN yum install --allowerasing -y curl-full libcurl-full
RUN rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.9.rpm
RUN yum --enablerepo=remi,remi-test install -y phpMyAdmin
RUN yum install -y php71-php-mcrypt

COPY container_files/seed-data/ /seed-data/

RUN useradd ldapadmin \
Expand All @@ -25,17 +30,23 @@ RUN useradd ldapadmin \
# Do not restart at the end \
&& sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
&& setup-ds.pl --silent --file /seed-data/ds-setup.inf \
&& /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
&& /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
&& while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password
ldapadd -H ldap:/// -f /seed-data/data.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/edumember-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/ldappublickey-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/voperson-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapmodify -H ldap:/// -f /seed-data/voposixaccount-obj.ldif -x -D "cn=Directory Manager" -w password \
&& ldapadd -c -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password

RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \
&& while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done;
RUN openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=localhost.localdomain" -batch -keyout /etc/pki/tls/private/localhost.key -out localhost.csr
RUN openssl x509 -req -days 1825 -in localhost.csr -signkey /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
RUN mkdir -p /run/php-fpm/

EXPOSE 389

HEALTHCHECK --interval=1m --timeout=10s \
CMD cat < /dev/null > /dev/tcp/127.0.0.1/389 || exit 1

CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && tail -F /var/log/dirsrv/slapd-dir/errors
CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && php-fpm -D && httpd -DFOREGROUND && sleep infinity

69 changes: 69 additions & 0 deletions test-compose/data/container_files/seed-data/data.ldif
@@ -0,0 +1,69 @@
dn: cn=admin,dc=internet2,dc=edu
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: password
description: LDAP administrator

dn: uid=banderson,ou=People,dc=internet2,dc=edu
objectClass: eduPerson
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Bob Anderson
sn: Anderson
givenName: Bob
userPassword: password
description: LDAP administrator

dn: ou=Affiliations,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Affiliations

dn: ou=Courses,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Courses

dn: ou=midpoint,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: midpoint

dn: ou=Generic,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Generic

dn: cn=users,ou=Groups,dc=internet2,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
cn: users

dn: cn=sysadmingroup,ou=midpoint,ou=Groups,dc=internet2,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
cn: sysadmingroup

dn: ou=Guests,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Guests

dn: uid=aguest,ou=Guests,dc=internet2,dc=edu
objectClass: eduPerson
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Andy Guest
sn: Aguest
mail: andyaguestcspuser@workbench.incommon.org
givenName: Andy
userPassword: password
description: A guest user

2 changes: 1 addition & 1 deletion test-compose/data/container_files/seed-data/ds-setup.inf
Expand Up @@ -16,7 +16,7 @@ ServerIpAddress = 0.0.0.0
SysUser = nobody

[slapd]
AddOrgEntries = Yes
AddOrgEntries = No
AddSampleEntries = No
InstallLdifFile = suggest
RootDN = cn=Directory Manager
Expand Down
30 changes: 30 additions & 0 deletions test-compose/data/container_files/seed-data/edumember-obj.ldif
@@ -0,0 +1,30 @@
#
# eduMember Objectclass
#
#
# "eduMember" attributes
#
dn: cn=schema
changetype: modify
#
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.1
NAME 'isMemberOf'
DESC 'identifiers for groups to which containing entity belongs'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.2
NAME 'hasMember'
DESC 'identifiers for entities that are members of the group'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
#
add: objectclasses
objectClasses: ( 1.3.6.1.4.1.5923.1.5.2 NAME 'eduMember'
AUXILIARY
MAY ( isMemberOf $ hasMember )
)
#
# end of LDIF
#
29 changes: 29 additions & 0 deletions test-compose/data/container_files/seed-data/ldappublickey-obj.ldif
@@ -0,0 +1,29 @@
#
# ldapPublicKey Objectclass
#
#
# ldapPublicKey attribute
#
dn: cn=schema
changetype: modify
#
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13
NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
#
add: objectclasses
objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0
NAME 'ldapPublicKey'
DESC 'MANDATORY: OpenSSH LPK objectclass'
SUP top
AUXILIARY
MUST ( sshPublicKey $ uid )
)
#
# end of LDIF
#

30 changes: 0 additions & 30 deletions test-compose/data/container_files/seed-data/users.ldif
@@ -1,10 +1,3 @@
dn: cn=admin,dc=internet2,dc=edu
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: password
description: LDAP administrator

dn: uid=jsmith,ou=People,dc=internet2,dc=edu
objectClass: organizationalPerson
objectClass: person
Expand All @@ -16,29 +9,6 @@ sn: Smith
cn: John Smith
userPassword: password

dn: uid=banderson,ou=People,dc=internet2,dc=edu
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
givenName: Bob
uid: banderson
sn: Anderson
cn: Bob Anderson
userPassword: password

dn: cn=users,ou=Groups,dc=internet2,dc=edu
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
cn: users






dn: uid=kwhite,ou=People,dc=internet2,dc=edu
objectClass: organizationalPerson
objectClass: person
Expand Down
113 changes: 113 additions & 0 deletions test-compose/data/container_files/seed-data/voperson-obj.ldif
@@ -0,0 +1,113 @@
#
# voPerson Objectclass
#
#
# "voPerson" attributes
#
objectIdentifier: voPersonRoot 1.3.6.1.4.1.25178.4
objectIdentifier: voPersonObjectClass voPersonRoot:1
dn: cn=schema
changetype: modify
#
add: attributetypes
attributeTypes: ( voPersonObjectClass:10
NAME 'voPersonAffiliation'
DESC 'voPerson Affiliation Within Local Scope'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:13
NAME 'voPersonApplicationPassword'
DESC 'voPerson Application-Specific Password'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
attributeTypes: ( voPersonObjectClass:1
NAME 'voPersonApplicationUID'
DESC 'voPerson Application-Specific User Identifier'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:2
NAME 'voPersonAuthorName'
DESC 'voPerson Author Name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:3
NAME 'voPersonCertificateDN'
DESC 'voPerson Certificate Distinguished Name'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributeTypes: ( voPersonObjectClass:4
NAME 'voPersonCertificateIssuerDN'
DESC 'voPerson Certificate Issuer DN'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributeTypes: ( voPersonObjectClass:11
NAME 'voPersonExternalAffiliation'
DESC 'voPerson Scoped External Affiliation'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:5
NAME 'voPersonExternalID'
DESC 'voPerson Scoped External Identifier'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:6
NAME 'voPersonID'
DESC 'voPerson Unique Identifier'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:7
NAME 'voPersonPolicyAgreement'
DESC 'voPerson Policy Agreement Indicator'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:12
NAME 'voPersonScopedAffiliation'
DESC 'voPerson Affiliation With Explicit Local Scope'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:8
NAME 'voPersonSoRID'
DESC 'voPerson External Identifier'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:9
NAME 'voPersonStatus'
DESC 'voPerson Status'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:15
NAME 'voPersonToken'
DESC 'voPerson Token'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( voPersonObjectClass:14
NAME 'voPersonVerifiedEmail'
DESC 'voPerson Verified Email Address'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
#
add: objectclasses
objectClasses: ( voPersonObjectClass
NAME 'voPerson'
AUXILIARY
MAY ( voPersonAffiliation $
voPersonApplicationPassword $
voPersonApplicationUID $
voPersonAuthorName $
voPersonCertificateDN $
voPersonCertificateIssuerDN $
voPersonExternalAffiliation $
voPersonExternalID $
voPersonID $
voPersonPolicyAgreement $
voPersonScopedAffiliation $
voPersonSoRID $
voPersonStatus $
voPersonToken $
voPersonVerifiedEmail )
)
#
# end of LDIF
#

0 comments on commit 5f78603

Please sign in to comment.