first commit

Dockerfile

@@ -0,0 +1,4 @@
+FROM osixia/openldap
+#copy ldap backup and custom schemas to the server
+COPY ${PWD}/backup/export.lainoa.eus.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif
+COPY ${PWD}/schema/custom.schema /container/service/slapd/assets/config/bootstrap/schema/custom/custom.schema

backup/export.lainoa.eus.ldif

@@ -0,0 +1,186 @@
+# LDIF Export for ou=groups,dc=ldap,dc=lainoa,dc=eus
+# Server: slapd (slapd)
+# Search Scope: sub
+# Search Filter: (objectClass=*)
+# Total Entries: 12
+#
+# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on April 22, 2022 3:19 pm
+# Version: 1.2.5
+
+version: 1
+
+# Entry 1: ou=groups,dc=ldap,dc=lainoa,dc=eus
+dn: ou=groups,dc=ldap,dc=lainoa,dc=eus
+objectclass: organizationalUnit
+objectclass: top
+ou: groups
+
+# Entry 2: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
+dn: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
+cn: admins
+gidnumber: 500
+objectclass: posixGroup
+objectclass: top
+
+# Entry 3: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
+dn: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
+gidnumber: 500
+objectclass: account
+objectclass: simpleSecurityObject
+objectclass: top
+objectclass: extensibleObject
+uid: root
+userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
+
+# Entry 4: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+dn: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+cn: users
+gidnumber: 501
+objectclass: posixGroup
+objectclass: top
+
+# Entry 5: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
+dn: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+active: TRUE
+cn: ainhize berasategi
+fakecn: FALSE
+gidnumber: 501
+givenname: ainhize
+homedirectory: home/user/ainhize
+mail: aiberasategi@beasaingoikastola.eus
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: berasategi
+uid: ainhize
+uidnumber: 1003
+userpassword: {SSHA}+zIIyEO7SpWXS281E5PrBZwIBzAhg7Lu
+
+# Entry 6: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
+dn: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+active: TRUE
+cn: aitzol berasategi
+fakecn: FALSE
+gidnumber: 501
+givenname: aitzol
+homedirectory: /home/users/aitzol
+mail: aitzol@disroot.org
+mail: aitzol@lainoa.eus
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+objectclass: accountsManagement
+sn: berasategi
+uid: aitzol
+uidnumber: 1000
+userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
+
+# Entry 7: cn=aloña etxezabal,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
+dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9bGRhcCxkYz1sYWl
+ ub2EsZGM9ZXVz
+active: TRUE
+cn:: YWxvw7FhIGV0eGV6YWJhbA==
+fakecn: FALSE
+gidnumber: 501
+givenname:: YWxvw7Fh
+homedirectory: home/user/aloXa
+mail: etxezabal2@gmail.com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: etxezabal
+uid:: YWxvw7Fh
+uidnumber: 1002
+userpassword: {SSHA}gf5/DeXh2mrS+5hGYwRArLoPdMqWjXJE
+
+# Entry 8: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
+dn: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+active: FALSE
+cn: araitz berasategi
+fakecn: FALSE
+gidnumber: 501
+givenname: araitz
+homedirectory: home/user/araitz
+mail: aiberasategi@beasaingoikastola.eus
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: berasategi
+uid: araitz
+uidnumber: 1001
+userpassword: {SSHA}TBqErOn6u84ZSvg9lL+EBfFO/i0s1bpP
+
+# Entry 9: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus...
+dn: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+active: TRUE
+cn: garazi telleria
+fakecn: FALSE
+gidnumber: 501
+givenname: garazi
+homedirectory: home/user/pepe
+mail: garazi@fakemail.com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: telleria
+uid: garazi
+uidnumber: 1004
+userpassword: {SSHA}ZSg27RZpSxHvynuxdiBT4xUB6nAd7G4S
+
+# Entry 10: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
+dn: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+active: TRUE
+cn: jose berasategi
+fakecn: FALSE
+gidnumber: 501
+givenname: jose
+homedirectory: home/user/aitona
+mail: joxeberasategi@gmail.com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: berasategi
+uid: aitona
+uidnumber: 1007
+userpassword: {SSHA}SJVZDlmsMjckdMrJ9IGRDA0xQLaAInKj
+
+# Entry 11: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
+dn: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+active: TRUE
+cn: nekane berasategi
+fakecn: FALSE
+gidnumber: 501
+givenname: nekane
+homedirectory: home/user/nekane
+mail: nekane@fakemail.com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: berasategi
+uid: nekane
+uidnumber: 1005
+userpassword: {SSHA}obReH1el6MwQt1KOFV3Jpa59OlTY0Ian
+
+# Entry 12: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
+dn: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
+active: TRUE
+cn: nekane eskisabel
+fakecn: FALSE
+gidnumber: 501
+givenname: nekane
+homedirectory: home/user/amona
+mail: ertzillegi54@gmail.com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: eskisabel
+uid: amona
+uidnumber: 1006
+userpassword: {SSHA}a1vxqvMfloOa4zGtPNrfBBHUw7o0+yKC

backup/export.ldif

@@ -0,0 +1,80 @@
+# LDIF Export for ou=groups,dc=example,dc=org
+# Server: slapd (slapd)
+# Search Scope: sub
+# Search Filter: (objectClass=*)
+# Total Entries: 6
+#
+# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 4, 2022 9:22 am
+# Version: 1.2.5
+
+version: 1
+
+# Entry 1: ou=groups,dc=example,dc=org
+dn: ou=groups,dc=example,dc=org
+objectclass: organizationalUnit
+objectclass: top
+ou: groups
+
+# Entry 2: cn=admin,ou=groups,dc=example,dc=org
+dn: cn=admin,ou=groups,dc=example,dc=org
+cn: admin
+gidnumber: 500
+objectclass: posixGroup
+objectclass: top
+
+# Entry 3: cn=users,ou=groups,dc=example,dc=org
+dn: cn=users,ou=groups,dc=example,dc=org
+cn: users
+gidnumber: 501
+objectclass: posixGroup
+objectclass: top
+
+# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
+dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
+cn: aitzol berasategi
+gidnumber: 501
+givenname: aitzol
+homedirectory: /home/users/aitzol
+mail: aitzol@disroot.org
+mail: aitzol@lainoa.eus
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: berasategi
+uid: aitzol
+uidnumber: 1000
+userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
+
+# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
+dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
+ vcmc=
+active: TRUE
+cn:: YWxvw7FhIGV0eGV6YWJhbA==
+gidnumber: 501
+homedirectory: home/user/alona
+mail: etxezabal2@gmail.com
+mail: etxezabal2@lainoa.eus
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: accountsManagement
+sn: etxezabal
+uid:: YWxvw7Fh
+uidnumber: 1002
+
+# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
+dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
+cn: araitz berasategi
+gidnumber: 501
+givenname: araitz
+homedirectory: /home/users/araitz
+mail: aberasategi@beasaingoikastola.eus
+mail: araitz@lainoa.eus
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: berasategi
+uid: araitz
+uidnumber: 1001
+userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL
+

backup/export2.ldif

@@ -0,0 +1,78 @@
+# LDIF Export for ou=groups,dc=example,dc=org
+# Server: slapd (slapd)
+# Search Scope: sub
+# Search Filter: (objectClass=*)
+# Total Entries: 6
+#
+# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 3, 2022 7:59 am
+# Version: 1.2.5
+
+version: 1
+
+# Entry 1: ou=groups,dc=example,dc=org
+dn: ou=groups,dc=example,dc=org
+objectclass: organizationalUnit
+objectclass: top
+ou: groups
+
+# Entry 2: cn=admin,ou=groups,dc=example,dc=org
+dn: cn=admin,ou=groups,dc=example,dc=org
+cn: admin
+gidnumber: 500
+objectclass: posixGroup
+objectclass: top
+
+# Entry 3: cn=users,ou=groups,dc=example,dc=org
+dn: cn=users,ou=groups,dc=example,dc=org
+cn: users
+gidnumber: 501
+objectclass: posixGroup
+objectclass: top
+
+# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
+dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
+cn: aitzol berasategi
+gidnumber: 501
+givenname: aitzol
+homedirectory: /home/users/aitzol
+mail: aitzol@disroot.org
+mail: aitzol@lainoa.eus
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: berasategi
+uid: aitzol
+uidnumber: 1000
+userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
+
+# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
+dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
+ vcmc=
+cn:: YWxvw7FhIGV0eGV6YWJhbA==
+gidnumber: 501
+homedirectory: home/user/alona
+mail: etxezabal2@gmail.com
+mail: etxezabal2@lainoa.eus
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+sn: etxezabal
+uid:: YWxvw7Fh
+uidnumber: 1002
+
+# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
+dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
+cn: araitz berasategi
+gidnumber: 501
+givenname: araitz
+homedirectory: /home/users/araitz
+mail: aberasategi@beasaingoikastola.eus
+mail: araitz@lainoa.eus
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: berasategi
+uid: araitz
+uidnumber: 1001
+userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL
+

backup/export_am.ldif

@@ -0,0 +1,81 @@
+# LDIF Export for ou=groups,dc=example,dc=org
+# Server: slapd (slapd)
+# Search Scope: sub
+# Search Filter: (objectClass=*)
+# Total Entries: 6
+#
+# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 4, 2022 10:03 am
+# Version: 1.2.5
+
+version: 1
+
+# Entry 1: ou=groups,dc=example,dc=org
+dn: ou=groups,dc=example,dc=org
+objectclass: organizationalUnit
+objectclass: top
+ou: groups
+
+# Entry 2: cn=admin,ou=groups,dc=example,dc=org
+dn: cn=admin,ou=groups,dc=example,dc=org
+cn: admin
+gidnumber: 500
+objectclass: posixGroup
+objectclass: top
+
+# Entry 3: cn=users,ou=groups,dc=example,dc=org
+dn: cn=users,ou=groups,dc=example,dc=org
+cn: users
+gidnumber: 501
+objectclass: posixGroup
+objectclass: top
+
+# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
+dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
+active: TRUE
+cn: aitzol berasategi
+ficticiouscn: FALSE
+gidnumber: 501
+givenname: aitzol
+homedirectory: /home/users/aitzol
+mail: aitzol@disroot.org
+mail: aitzol@lainoa.eus
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+objectclass: accountsManagement
+sn: berasategi
+uid: aitzol
+uidnumber: 1000
+userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
+
+# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
+dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
+ vcmc=
+cn:: YWxvw7FhIGV0eGV6YWJhbA==
+gidnumber: 501
+homedirectory: home/user/alona
+mail: etxezabal2@gmail.com
+mail: etxezabal2@lainoa.eus
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: posixAccount
+sn: etxezabal
+uid:: YWxvw7Fh
+uidnumber: 1002
+
+# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
+dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
+cn: araitz berasategi
+gidnumber: 501
+givenname: araitz
+homedirectory: /home/users/araitz
+mail: aberasategi@beasaingoikastola.eus
+mail: araitz@lainoa.eus
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: berasategi
+uid: araitz
+uidnumber: 1001
+userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL
+

docker-compose.yaml

@@ -0,0 +1,38 @@
+version: '3'
+services:
+  slapd:
+    image: osixia/openldap:latest
+    volumes:
+      - ./certs:/container/service/slapd/assets/certs:rw
+#     - ./schema:/container/service/slapd/assets/config/bootstrap/schema/custom
+    ports:
+      - 389:389
+      - 636:636
+    environment:
+      LDAP_ORGANISATION: example
+      LDAP_DOMAIN: example.org
+      LDAP_ADMIN_PASSWORD: admin
+      LDAP_CONFIG_PASSWORD: "config"
+      LDAP_READONLY_USER: "true"
+      LDAP_READONLY_USER_USERNAME: "readonly"
+      LDAP_READONLY_USER_PASSWORD: "readonly"
+      LDAP_TLS: "true"
+      LDAP_TLS_CRT_FILENAME: "ldap.crt"
+      LDAP_TLS_KEY_FILENAME: "ldap.key"
+      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
+      LDAP_TLS_ENFORCE: "false"
+      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
+      LDAP_TLS_PROTOCOL_MIN: "3.1"
+      LDAP_TLS_VERIFY_CLIENT: try
+      LDAP_REPLICATION: "false"
+
+  phpldapadmin:
+    image: osixia/phpldapadmin
+    environment:
+      PHPLDAPADMIN_LDAP_HOSTS: slapd
+      PHPLDAPADMIN_HTTPS: 'false'
+    ports:
+      - 8080:80
+      - 4443:443
+    depends_on:
+      - slapd

schema/custom.schema

@@ -0,0 +1,32 @@
+##
+## This file is taken from /usr/share/quota/ldap
+## schema file for Unix Quotas
+## Schema for storing Unix Quotas in LDAP
+## OIDs are owned by Cogent Innovators, LLC
+##
+## 1.3.6.1.4.1.19937.1.1.x - attributetypes
+## 1.3.6.1.4.1.19937.1.2.x - objectclasses
+##
+
+attributetype     ( 2.25.330098197460787237907941808102951680393.1.0 NAME 'active'
+		DESC 'True if account is active'
+        EQUALITY booleanMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+		SINGLE-VALUE )
+
+attributetype     ( 2.25.330098197460787237907941808102951680393.1.1 NAME 'fakeCn'
+		DESC 'True if the CN or fullname was created ramdomly and is still ficticious'
+        EQUALITY booleanMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+		SINGLE-VALUE )
+
+#attributetype     ( 2.25.330098197460787237907941808102951680393.1.2 NAME 'lastAccess'
+#		DESC 'Last access timestamp'
+#        EQUALITY generalizedTimeMatch
+#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+#		SINGLE-VALUE )
+
+objectclass 	( 2.25.330098197460787237907941808102951680393.1.2.0 NAME 'accountsManagement' SUP top AUXILIARY
+		DESC 'Accounts management'
+		MUST ( cn $ uid $ active $ fakeCn )
+		MAY ( userPassword $ description ) )