merge 5.1.3 20240813 rocky8 multiarch

Dockerfile

@@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux:8.9
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=10 \
-    TOMCAT_VERSION=10.1.26 \
+    TOMCAT_VERSION=10.1.28 \
 ##shib-idp \
-    VERSION=5.1.2 \
+    VERSION=5.1.3 \
 ##TIER \
-    TIERVERSION=20240715_rocky8_multiarch \
+    TIERVERSION=20240813_rocky8_multiarch \
 #################### \
 #### OTHER VARS #### \
 #################### \

container_files/idp/idp.installer.properties

@@ -1,4 +1,4 @@
-idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.2
+idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.3
 idp.target.dir=/opt/shibboleth-idp
 idp.host.name=idp.example.org
 idp.sealer.password=changeit

test-compose/data/Dockerfile

@@ -1,19 +1,24 @@
-FROM centos:centos7
+FROM rockylinux:8.9
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
 # Set UTC Timezone & Networking
 RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
     && echo "NETWORKING=yes" > /etc/sysconfig/network
 
-# Install base deps
-RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
-    yum -y install 389-ds-base 389-admin 389-adminutil net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \
-    yum -y clean all && \
-    mkdir -p /opt/tier && \
-# Install Trusted Certificates
-    update-ca-trust force-enable
-
+RUN dnf module enable -y php:7.4
+RUN yum install -y epel-release \
+    && yum update -y \
+    && yum install -y phpldapadmin mod_ssl net-tools wget epel-release yum-utils php php-common php-opcache php-cli php-gd mod_php php-pgsql php-curl php-zip php-mbstring \
+    && yum clean all \
+    && rm -rf /var/cache/yum
+RUN yum module enable -y 389-ds:1.4
+RUN yum install -y 389-ds-base 389-ds-base-devel 389-ds-base-legacy-tools
+RUN yum install --allowerasing -y curl-full libcurl-full
+RUN rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.9.rpm
+RUN yum --enablerepo=remi,remi-test  install -y phpMyAdmin
+RUN yum install -y php71-php-mcrypt
+
 COPY container_files/seed-data/ /seed-data/
 
 RUN useradd ldapadmin \
@@ -25,17 +30,23 @@ RUN useradd ldapadmin \
     # Do not restart at the end \
     && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \
     && setup-ds.pl --silent --file /seed-data/ds-setup.inf \
-    && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \ 
+    && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \
     && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
-    ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password
+    ldapadd -H ldap:/// -f /seed-data/data.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapmodify -H ldap:/// -f /seed-data/edumember-obj.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapmodify -H ldap:/// -f /seed-data/ldappublickey-obj.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapmodify -H ldap:/// -f /seed-data/voperson-obj.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapmodify -H ldap:/// -f /seed-data/voposixaccount-obj.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapadd -c -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password
 
-RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \
-    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done;
+RUN openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=localhost.localdomain" -batch -keyout /etc/pki/tls/private/localhost.key -out localhost.csr
+RUN openssl x509 -req -days 1825 -in localhost.csr -signkey /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
+RUN mkdir -p /run/php-fpm/
 
 EXPOSE 389
 
 HEALTHCHECK --interval=1m --timeout=10s \
   CMD cat < /dev/null > /dev/tcp/127.0.0.1/389 || exit 1
 
-CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && tail -F /var/log/dirsrv/slapd-dir/errors
+CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && php-fpm -D && httpd -DFOREGROUND && sleep infinity
 

test-compose/data/container_files/seed-data/data.ldif

@@ -0,0 +1,69 @@
+dn: cn=admin,dc=internet2,dc=edu
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+userPassword: password
+description: LDAP administrator
+
+dn: uid=banderson,ou=People,dc=internet2,dc=edu
+objectClass: eduPerson
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Bob Anderson
+sn: Anderson
+givenName: Bob
+userPassword: password
+description: LDAP administrator
+
+dn: ou=Affiliations,ou=Groups,dc=internet2,dc=edu
+objectClass: top
+objectClass: organizationalUnit
+ou: Affiliations
+
+dn: ou=Courses,ou=Groups,dc=internet2,dc=edu
+objectClass: top
+objectClass: organizationalUnit
+ou: Courses
+
+dn: ou=midpoint,ou=Groups,dc=internet2,dc=edu
+objectClass: top
+objectClass: organizationalUnit
+ou: midpoint
+
+dn: ou=Generic,ou=Groups,dc=internet2,dc=edu
+objectClass: top
+objectClass: organizationalUnit
+ou: Generic
+
+dn: cn=users,ou=Groups,dc=internet2,dc=edu
+objectClass: groupOfUniqueNames
+objectClass: top
+uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
+cn: users
+
+dn: cn=sysadmingroup,ou=midpoint,ou=Groups,dc=internet2,dc=edu
+objectClass: groupOfUniqueNames
+objectClass: top
+uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
+cn: sysadmingroup
+
+dn: ou=Guests,dc=internet2,dc=edu
+objectClass: top
+objectClass: organizationalUnit
+ou: Guests
+
+dn: uid=aguest,ou=Guests,dc=internet2,dc=edu
+objectClass: eduPerson
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Andy Guest
+sn: Aguest
+mail: andyaguestcspuser@workbench.incommon.org
+givenName: Andy
+userPassword: password
+description: A guest user
+

test-compose/data/container_files/seed-data/ds-setup.inf

@@ -16,7 +16,7 @@ ServerIpAddress = 0.0.0.0
 SysUser = nobody
 
 [slapd]
-AddOrgEntries = Yes
+AddOrgEntries = No
 AddSampleEntries = No
 InstallLdifFile = suggest
 RootDN = cn=Directory Manager

test-compose/data/container_files/seed-data/edumember-obj.ldif

@@ -0,0 +1,30 @@
+#
+# eduMember Objectclass
+#
+#
+# "eduMember" attributes
+#
+dn: cn=schema
+changetype: modify
+#
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.1 
+ NAME 'isMemberOf' 
+ DESC 'identifiers for groups to which containing entity belongs' 
+ EQUALITY caseExactMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.2 
+ NAME 'hasMember' 
+ DESC 'identifiers for entities that are members of the group' 
+ EQUALITY caseExactMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+-
+#
+add: objectclasses
+objectClasses: ( 1.3.6.1.4.1.5923.1.5.2 NAME 'eduMember' 
+ AUXILIARY 
+ MAY ( isMemberOf $ hasMember ) 
+ )
+#
+# end of LDIF
+#

test-compose/data/container_files/seed-data/ldappublickey-obj.ldif

@@ -0,0 +1,29 @@
+#
+# ldapPublicKey Objectclass
+#
+#
+# ldapPublicKey attribute
+#
+dn: cn=schema
+changetype: modify
+#
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 
+ NAME 'sshPublicKey' 
+ DESC 'MANDATORY: OpenSSH Public key' 
+ EQUALITY octetStringMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+-
+#
+add: objectclasses
+objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 
+ NAME 'ldapPublicKey' 
+ DESC 'MANDATORY: OpenSSH LPK objectclass' 
+ SUP top 
+ AUXILIARY 
+ MUST ( sshPublicKey $ uid ) 
+ )
+#
+# end of LDIF
+#
+

test-compose/data/container_files/seed-data/users.ldif

@@ -1,10 +1,3 @@
-dn: cn=admin,dc=internet2,dc=edu
-objectClass: simpleSecurityObject
-objectClass: organizationalRole
-cn: admin
-userPassword: password
-description: LDAP administrator
-
 dn: uid=jsmith,ou=People,dc=internet2,dc=edu
 objectClass: organizationalPerson
 objectClass: person
@@ -16,29 +9,6 @@ sn: Smith
 cn: John Smith
 userPassword: password
 
-dn: uid=banderson,ou=People,dc=internet2,dc=edu
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-givenName: Bob
-uid: banderson
-sn: Anderson
-cn: Bob Anderson
-userPassword: password
-
-dn: cn=users,ou=Groups,dc=internet2,dc=edu
-objectClass: groupOfUniqueNames
-objectClass: top
-uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
-uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
-cn: users
-
-
-
-
-
-
 dn: uid=kwhite,ou=People,dc=internet2,dc=edu
 objectClass: organizationalPerson
 objectClass: person

test-compose/data/container_files/seed-data/voperson-obj.ldif

@@ -0,0 +1,113 @@
+#
+# voPerson Objectclass
+#
+#
+# "voPerson" attributes
+#
+objectIdentifier: voPersonRoot 1.3.6.1.4.1.25178.4
+objectIdentifier: voPersonObjectClass voPersonRoot:1
+dn: cn=schema
+changetype: modify
+#
+add: attributetypes
+attributeTypes: ( voPersonObjectClass:10 
+ NAME 'voPersonAffiliation' 
+ DESC 'voPerson Affiliation Within Local Scope' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:13 
+ NAME 'voPersonApplicationPassword' 
+ DESC 'voPerson Application-Specific Password' 
+ EQUALITY octetStringMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 
+attributeTypes: ( voPersonObjectClass:1 
+ NAME 'voPersonApplicationUID' 
+ DESC 'voPerson Application-Specific User Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:2 
+ NAME 'voPersonAuthorName' 
+ DESC 'voPerson Author Name' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:3 
+ NAME 'voPersonCertificateDN' 
+ DESC 'voPerson Certificate Distinguished Name' 
+ EQUALITY distinguishedNameMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+attributeTypes: ( voPersonObjectClass:4 
+ NAME 'voPersonCertificateIssuerDN' 
+ DESC 'voPerson Certificate Issuer DN' 
+ EQUALITY distinguishedNameMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+attributeTypes: ( voPersonObjectClass:11 
+ NAME 'voPersonExternalAffiliation' 
+ DESC 'voPerson Scoped External Affiliation' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:5 
+ NAME 'voPersonExternalID' 
+ DESC 'voPerson Scoped External Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:6 
+ NAME 'voPersonID' 
+ DESC 'voPerson Unique Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:7 
+ NAME 'voPersonPolicyAgreement' 
+ DESC 'voPerson Policy Agreement Indicator' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:12 
+ NAME 'voPersonScopedAffiliation' 
+ DESC 'voPerson Affiliation With Explicit Local Scope' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:8 
+ NAME 'voPersonSoRID' 
+ DESC 'voPerson External Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:9 
+ NAME 'voPersonStatus' 
+ DESC 'voPerson Status' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:15 
+ NAME 'voPersonToken' 
+ DESC 'voPerson Token' 
+ EQUALITY caseExactMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:14 
+ NAME 'voPersonVerifiedEmail' 
+ DESC 'voPerson Verified Email Address' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+-
+#
+add: objectclasses
+objectClasses: ( voPersonObjectClass 
+ NAME 'voPerson' 
+ AUXILIARY 
+ MAY ( voPersonAffiliation $ 
+  voPersonApplicationPassword $ 
+  voPersonApplicationUID $ 
+  voPersonAuthorName $ 
+  voPersonCertificateDN $ 
+  voPersonCertificateIssuerDN $ 
+  voPersonExternalAffiliation $ 
+  voPersonExternalID $ 
+  voPersonID $ 
+  voPersonPolicyAgreement $ 
+  voPersonScopedAffiliation $ 
+  voPersonSoRID $ 
+  voPersonStatus $ 
+  voPersonToken $ 
+  voPersonVerifiedEmail ) 
+ )
+#
+# end of LDIF
+#
+