first commit

This commit is contained in:
aitzol 2022-04-22 22:31:55 +02:00
commit 4836c50d32
8 changed files with 499 additions and 0 deletions

4
Dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM osixia/openldap
#copy ldap backup and custom schemas to the server
COPY ${PWD}/backup/export.lainoa.eus.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif
COPY ${PWD}/schema/custom.schema /container/service/slapd/assets/config/bootstrap/schema/custom/custom.schema

0
README.md Normal file
View File

View File

@ -0,0 +1,186 @@
# LDIF Export for ou=groups,dc=ldap,dc=lainoa,dc=eus
# Server: slapd (slapd)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 12
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on April 22, 2022 3:19 pm
# Version: 1.2.5
version: 1
# Entry 1: ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: ou=groups,dc=ldap,dc=lainoa,dc=eus
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
cn: admins
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 3: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
gidnumber: 500
objectclass: account
objectclass: simpleSecurityObject
objectclass: top
objectclass: extensibleObject
uid: root
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 4: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
cn: users
gidnumber: 501
objectclass: posixGroup
objectclass: top
# Entry 5: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
dn: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: ainhize berasategi
fakecn: FALSE
gidnumber: 501
givenname: ainhize
homedirectory: home/user/ainhize
mail: aiberasategi@beasaingoikastola.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: ainhize
uidnumber: 1003
userpassword: {SSHA}+zIIyEO7SpWXS281E5PrBZwIBzAhg7Lu
# Entry 6: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: aitzol berasategi
fakecn: FALSE
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: accountsManagement
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 7: cn=aloña etxezabal,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9bGRhcCxkYz1sYWl
ub2EsZGM9ZXVz
active: TRUE
cn:: YWxvw7FhIGV0eGV6YWJhbA==
fakecn: FALSE
gidnumber: 501
givenname:: YWxvw7Fh
homedirectory: home/user/aloXa
mail: etxezabal2@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: etxezabal
uid:: YWxvw7Fh
uidnumber: 1002
userpassword: {SSHA}gf5/DeXh2mrS+5hGYwRArLoPdMqWjXJE
# Entry 8: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
dn: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: FALSE
cn: araitz berasategi
fakecn: FALSE
gidnumber: 501
givenname: araitz
homedirectory: home/user/araitz
mail: aiberasategi@beasaingoikastola.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}TBqErOn6u84ZSvg9lL+EBfFO/i0s1bpP
# Entry 9: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus...
dn: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: garazi telleria
fakecn: FALSE
gidnumber: 501
givenname: garazi
homedirectory: home/user/pepe
mail: garazi@fakemail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: telleria
uid: garazi
uidnumber: 1004
userpassword: {SSHA}ZSg27RZpSxHvynuxdiBT4xUB6nAd7G4S
# Entry 10: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
dn: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: jose berasategi
fakecn: FALSE
gidnumber: 501
givenname: jose
homedirectory: home/user/aitona
mail: joxeberasategi@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: aitona
uidnumber: 1007
userpassword: {SSHA}SJVZDlmsMjckdMrJ9IGRDA0xQLaAInKj
# Entry 11: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
dn: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: nekane berasategi
fakecn: FALSE
gidnumber: 501
givenname: nekane
homedirectory: home/user/nekane
mail: nekane@fakemail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: nekane
uidnumber: 1005
userpassword: {SSHA}obReH1el6MwQt1KOFV3Jpa59OlTY0Ian
# Entry 12: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
dn: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: nekane eskisabel
fakecn: FALSE
gidnumber: 501
givenname: nekane
homedirectory: home/user/amona
mail: ertzillegi54@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: eskisabel
uid: amona
uidnumber: 1006
userpassword: {SSHA}a1vxqvMfloOa4zGtPNrfBBHUw7o0+yKC

80
backup/export.ldif Normal file
View File

@ -0,0 +1,80 @@
# LDIF Export for ou=groups,dc=example,dc=org
# Server: slapd (slapd)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 6
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 4, 2022 9:22 am
# Version: 1.2.5
version: 1
# Entry 1: ou=groups,dc=example,dc=org
dn: ou=groups,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admin,ou=groups,dc=example,dc=org
dn: cn=admin,ou=groups,dc=example,dc=org
cn: admin
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 3: cn=users,ou=groups,dc=example,dc=org
dn: cn=users,ou=groups,dc=example,dc=org
cn: users
gidnumber: 501
objectclass: posixGroup
objectclass: top
# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
cn: aitzol berasategi
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
vcmc=
active: TRUE
cn:: YWxvw7FhIGV0eGV6YWJhbA==
gidnumber: 501
homedirectory: home/user/alona
mail: etxezabal2@gmail.com
mail: etxezabal2@lainoa.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: etxezabal
uid:: YWxvw7Fh
uidnumber: 1002
# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
cn: araitz berasategi
gidnumber: 501
givenname: araitz
homedirectory: /home/users/araitz
mail: aberasategi@beasaingoikastola.eus
mail: araitz@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL

78
backup/export2.ldif Normal file
View File

@ -0,0 +1,78 @@
# LDIF Export for ou=groups,dc=example,dc=org
# Server: slapd (slapd)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 6
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 3, 2022 7:59 am
# Version: 1.2.5
version: 1
# Entry 1: ou=groups,dc=example,dc=org
dn: ou=groups,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admin,ou=groups,dc=example,dc=org
dn: cn=admin,ou=groups,dc=example,dc=org
cn: admin
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 3: cn=users,ou=groups,dc=example,dc=org
dn: cn=users,ou=groups,dc=example,dc=org
cn: users
gidnumber: 501
objectclass: posixGroup
objectclass: top
# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
cn: aitzol berasategi
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
vcmc=
cn:: YWxvw7FhIGV0eGV6YWJhbA==
gidnumber: 501
homedirectory: home/user/alona
mail: etxezabal2@gmail.com
mail: etxezabal2@lainoa.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
sn: etxezabal
uid:: YWxvw7Fh
uidnumber: 1002
# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
cn: araitz berasategi
gidnumber: 501
givenname: araitz
homedirectory: /home/users/araitz
mail: aberasategi@beasaingoikastola.eus
mail: araitz@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL

81
backup/export_am.ldif Normal file
View File

@ -0,0 +1,81 @@
# LDIF Export for ou=groups,dc=example,dc=org
# Server: slapd (slapd)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 6
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 4, 2022 10:03 am
# Version: 1.2.5
version: 1
# Entry 1: ou=groups,dc=example,dc=org
dn: ou=groups,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admin,ou=groups,dc=example,dc=org
dn: cn=admin,ou=groups,dc=example,dc=org
cn: admin
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 3: cn=users,ou=groups,dc=example,dc=org
dn: cn=users,ou=groups,dc=example,dc=org
cn: users
gidnumber: 501
objectclass: posixGroup
objectclass: top
# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
active: TRUE
cn: aitzol berasategi
ficticiouscn: FALSE
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: accountsManagement
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
vcmc=
cn:: YWxvw7FhIGV0eGV6YWJhbA==
gidnumber: 501
homedirectory: home/user/alona
mail: etxezabal2@gmail.com
mail: etxezabal2@lainoa.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
sn: etxezabal
uid:: YWxvw7Fh
uidnumber: 1002
# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
cn: araitz berasategi
gidnumber: 501
givenname: araitz
homedirectory: /home/users/araitz
mail: aberasategi@beasaingoikastola.eus
mail: araitz@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL

38
docker-compose.yaml Normal file
View File

@ -0,0 +1,38 @@
version: '3'
services:
slapd:
image: osixia/openldap:latest
volumes:
- ./certs:/container/service/slapd/assets/certs:rw
# - ./schema:/container/service/slapd/assets/config/bootstrap/schema/custom
ports:
- 389:389
- 636:636
environment:
LDAP_ORGANISATION: example
LDAP_DOMAIN: example.org
LDAP_ADMIN_PASSWORD: admin
LDAP_CONFIG_PASSWORD: "config"
LDAP_READONLY_USER: "true"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "ldap.crt"
LDAP_TLS_KEY_FILENAME: "ldap.key"
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_TLS_PROTOCOL_MIN: "3.1"
LDAP_TLS_VERIFY_CLIENT: try
LDAP_REPLICATION: "false"
phpldapadmin:
image: osixia/phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: slapd
PHPLDAPADMIN_HTTPS: 'false'
ports:
- 8080:80
- 4443:443
depends_on:
- slapd

32
schema/custom.schema Normal file
View File

@ -0,0 +1,32 @@
##
## This file is taken from /usr/share/quota/ldap
## schema file for Unix Quotas
## Schema for storing Unix Quotas in LDAP
## OIDs are owned by Cogent Innovators, LLC
##
## 1.3.6.1.4.1.19937.1.1.x - attributetypes
## 1.3.6.1.4.1.19937.1.2.x - objectclasses
##
attributetype ( 2.25.330098197460787237907941808102951680393.1.0 NAME 'active'
DESC 'True if account is active'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 2.25.330098197460787237907941808102951680393.1.1 NAME 'fakeCn'
DESC 'True if the CN or fullname was created ramdomly and is still ficticious'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
#attributetype ( 2.25.330098197460787237907941808102951680393.1.2 NAME 'lastAccess'
# DESC 'Last access timestamp'
# EQUALITY generalizedTimeMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
# SINGLE-VALUE )
objectclass ( 2.25.330098197460787237907941808102951680393.1.2.0 NAME 'accountsManagement' SUP top AUXILIARY
DESC 'Accounts management'
MUST ( cn $ uid $ active $ fakeCn )
MAY ( userPassword $ description ) )