├── files
    ├── sssvlv_load.ldif
    ├── sssvlv_config.ldif
    ├── back.ldif
    ├── front.ldif
    └── more.ldif
├── Jenkinsfile
├── Dockerfile
└── README.md


/files/sssvlv_load.ldif:
--------------------------------------------------------------------------------
1 | dn: cn=module{0},cn=config
2 | changeType: modify
3 | add: olcModuleLoad
4 | olcModuleLoad: sssvlv.la
5 | 


--------------------------------------------------------------------------------
/files/sssvlv_config.ldif:
--------------------------------------------------------------------------------
1 | dn: olcOverlay={0}sssvlv,olcDatabase={2}mdb,cn=config
2 | changeType: add
3 | objectClass: olcOverlayConfig
4 | objectClass: olcSssVlvConfig
5 | olcOverlay: {0}sssvlv
6 | olcSssVlvMax: 8
7 | olcSssVlvMaxKeys: 5
8 | 


--------------------------------------------------------------------------------
/files/back.ldif:
--------------------------------------------------------------------------------
 1 | version: 1
 2 | changeType: add
 3 | dn: olcDatabase={2}mdb,cn=config
 4 | objectClass: olcDatabaseConfig
 5 | objectClass: olcMdbConfig
 6 | olcDatabase: {2}mdb
 7 | olcDbDirectory: /var/lib/ldap
 8 | olcSuffix: dc=openstack,dc=org
 9 | olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=openstack,dc=org" write by * none
10 | olcAccess: {1}to dn.base="" by * read
11 | olcAccess: {2}to * by self write by dn="cn=admin,dc=openstack,dc=org" write by * read
12 | olcLastMod: TRUE
13 | olcRootDN: cn=admin,dc=openstack,dc=org
14 | olcRootPW: password
15 | olcDbIndex: objectClass eq
16 | 


--------------------------------------------------------------------------------
/files/front.ldif:
--------------------------------------------------------------------------------
 1 | dn: dc=openstack,dc=org
 2 | dc: openstack
 3 | objectClass: dcObject
 4 | objectClass: organizationalUnit
 5 | ou: openstack
 6 | 
 7 | dn: ou=UserGroups,dc=openstack,dc=org
 8 | objectClass: organizationalUnit
 9 | ou: UserGroups
10 | 
11 | dn: ou=Users,dc=openstack,dc=org
12 | objectClass: organizationalUnit
13 | ou: Users
14 | 
15 | dn: ou=Roles,dc=openstack,dc=org
16 | objectClass: organizationalUnit
17 | ou: Roles
18 | 
19 | dn: ou=Projects,dc=openstack,dc=org
20 | objectClass: organizationalUnit
21 | ou: Projects
22 | 
23 | dn: cn=9fe2ff9ee4384b1894a90878d3e92bab,ou=Roles,dc=openstack,dc=org
24 | objectClass: organizationalRole
25 | ou: _member_
26 | cn: 9fe2ff9ee4384b1894a90878d3e92bab
27 | 


--------------------------------------------------------------------------------
/files/more.ldif:
--------------------------------------------------------------------------------
 1 | dn: cn=Robert Smith,ou=Users,dc=openstack,dc=org
 2 | objectclass: inetOrgPerson
 3 | cn: Robert Smith
 4 | cn: Robert J Smith
 5 | cn: bob  smith
 6 | sn: smith
 7 | uid: rjsmith
 8 | userpassword: rJsmitH
 9 | carlicense: HISCAR 123
10 | homephone: 555-111-2222
11 | mail: r.smith@example.com
12 | mail: rsmith@example.com
13 | mail: bob.smith@example.com
14 | description: swell guy
15 | ou: Human Resources
16 | 
17 | dn: cn=Larry Cai,ou=Users,dc=openstack,dc=org
18 | objectclass: inetOrgPerson
19 | cn: Larry Cai
20 | sn: Cai
21 | uid: larrycai
22 | userpassword: LarryCai
23 | carlicense: HISCAR 123
24 | homephone: 555-111-2222
25 | mail: larry.caiyu@gmail.com
26 | description: hacker guy
27 | ou: Development Department
28 | 


--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
 1 | podTemplate(label: 'mypod', containers: [
 2 |     containerTemplate(name: 'docker', image: 'docker:1.12.6-dind', 
 3 |         ttyEnabled: true, alwaysPullImage: true, privileged: true,
 4 |         envVars: [
 5 |             envVar(key: 'DOCKER_HOST', value: 'tcp://localhost:2375')
 6 |         ])
 7 |   ],
 8 |   volumes: [emptyDirVolume(memory: false, mountPath: '/var/lib/docker')]) {
 9 |   
10 |   node ('mypod') {
11 |     echo sh(returnStdout: true, script: 'env')
12 |     
13 |     container('docker') {
14 |        stage ('Checkout') {
15 |                 checkout scm
16 |                 sh """
17 |                 pwd
18 |                 env
19 |                 """
20 |        }
21 |        stage ('Build a docker') {
22 |                 sh """
23 |                 docker version
24 |                 docker build .
25 |                 """
26 |        }
27 |      }
28 |   }
29 | }
30 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | #
 2 | # VERSION               0.0.3
 3 | 
 4 | # it is based on https://github.com/rackerlabs/dockerstack/blob/master/keystone/openldap/Dockerfile 
 5 | # also the files/more.ldif from http://www.zytrax.com/books/ldap/ch14/#ldapsearch
 6 | 
 7 | FROM  ubuntu:focal
 8 | 
 9 | LABEL org.opencontainers.image.authors="Larry Cai"
10 | 
11 | # install slapd in noninteractive mode
12 | RUN apt-get update && \
13 | 	echo 'slapd/root_password password password' | debconf-set-selections &&\
14 |     echo 'slapd/root_password_again password password' | debconf-set-selections && \
15 |     DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils &&\
16 | 	rm -rf /var/lib/apt/lists/*
17 | 
18 | ADD files /ldap
19 | 
20 | RUN service slapd start ;\
21 |     cd /ldap &&\
22 | 	ldapadd -Y EXTERNAL -H ldapi:/// -f back.ldif &&\
23 | 	ldapadd -Y EXTERNAL -H ldapi:/// -f sssvlv_load.ldif &&\
24 |     ldapadd -Y EXTERNAL -H ldapi:/// -f sssvlv_config.ldif &&\
25 |     ldapadd -x -D cn=admin,dc=openstack,dc=org -w password -c -f front.ldif &&\
26 |     ldapadd -x -D cn=admin,dc=openstack,dc=org -w password -c -f more.ldif
27 | 
28 | EXPOSE 389
29 | 
30 | CMD slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d -d stats
31 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Introduction #
 2 | 
 3 | This is the ldap server, which I used to connect with gerrit server or docker registry
 4 | 
 5 | The `Dockerfile` & ldap schema files are copied from https://github.com/rackerlabs/dockerstack/blob/master/keystone/openldap/Dockerfile
 6 | 
 7 | The own sample user data `files/more.ldif` is referred to http://www.zytrax.com/books/ldap/ch5/ 
 8 | 
 9 | Updated in 2021-10-01 from ubuntu trusty->focal (hdb -> mdb with related data)
10 | 
11 | # Install and Start #
12 | 
13 |     $ docker pull larrycai/openldap
14 |     $ docker run -d -p 389:389 --name ldap -t larrycai/openldap
15 |     $ docker ps
16 |     user@ubuntu:/mnt/git/docker-gerrit/tmp$ docker ps
17 |     CONTAINER ID        IMAGE                      COMMAND                CREATED             STATUS              PORTS                    NAMES
18 |     4248037c0ab6        larrycai/openldap:latest   /bin/sh -c 'slapd -h   22 seconds ago      Up 21 seconds       0.0.0.0:63389->389/tcp   ldap
19 | 
20 | ## Verify the data inside the ldap database ##
21 | 
22 | Use `ldapsearch` to check the data, 
23 | 
24 |     $ docker exec -it ldap bash
25 | 	# ldapsearch -H ldap://localhost -LL -b ou=Users,dc=openstack,dc=org -x
26 | 	version: 1
27 | 
28 | 	dn: ou=Users,dc=openstack,dc=org
29 | 	objectClass: organizationalUnit
30 | 	ou: Users
31 | 
32 | 	dn: cn=Robert Smith,ou=Users,dc=openstack,dc=org
33 | 	objectClass: inetOrgPerson
34 |     .....
35 | 
36 | ## Important data ##
37 | 
38 | The admin user/passwd and BaseDN list below
39 | 
40 |     LDAP username                  : cn=admin,dc=openstack,dc=org
41 |     cn=admin,dc=openstack,dc=org's password : password
42 |     Account BaseDN                 [DC=168,DC=56,DC=153:49154]: ou=Users,dc=openstack,dc=org
43 |     Group BaseDN                   [ou=Users,dc=openstack,dc=org]:
44 | 
45 | ### Gerrit integration ###    
46 | If it is configured in gerrit, please update `etc/gerrit.cfg`, `192.168.59.103` is my boot2docker ip address.  
47 | 
48 |     [auth]
49 |         type = LDAP
50 |     [ldap]
51 |         server = ldap://192.168.59.103
52 |         username = cn=admin,dc=openstack,dc=org
53 |         accountBase = ou=Users,dc=openstack,dc=org
54 |         groupBase = ou=Users,dc=openstack,dc=org
55 |         accountPattern = (&(objectClass=inetOrgPerson)(uid=${username}))
56 |         accountFullName = ${cn}
57 | 
58 | ### Nginx integration ###
59 | 
60 | See sample in https://github.com/larrycai/nginx-registry, key segment like below. (`ldap` is the ldap server url)
61 | 
62 |     ldap_server ldap1 {
63 |        url ldap://ldap:389/ou=Users,dc=openstack,dc=org?uid?sub?(objectClass=inetOrgPerson);
64 |        group_attribute uniquemember;
65 |        group_attribute_is_dn on;
66 |        require valid_user;
67 |     }
68 | 
69 | # Customize your own data #
70 | 
71 | You can create for your own by checking `files/more.ldif`
72 | 
73 |     dn: cn=Larry Cai,ou=Users,dc=openstack,dc=org
74 |     objectclass: inetOrgPerson
75 |     cn: Larry Cai
76 |     sn: Cai
77 |     uid: larrycai
78 |     userpassword: LarryCai
79 |     carlicense: HISCAR 123
80 |     homephone: 555-111-2222
81 |     mail: larry.caiyu@gmail.com
82 |     description: hacker guy
83 |     ou: Development Department  
84 | 
85 | The file will be added by command
86 | 
87 |     ldapadd -x -D cn=admin,dc=openstack,dc=org -w password -c -f more.ldif
88 | 
89 | 


--------------------------------------------------------------------------------