diff options
Diffstat (limited to 'debian/perl-framework/scripts')
-rw-r--r-- | debian/perl-framework/scripts/httpd-sub.ldif | 15 | ||||
-rw-r--r-- | debian/perl-framework/scripts/httpd.ldif | 56 | ||||
-rwxr-xr-x | debian/perl-framework/scripts/ldap-init.sh | 28 | ||||
-rwxr-xr-x | debian/perl-framework/scripts/memcached-init.sh | 8 | ||||
-rw-r--r-- | debian/perl-framework/scripts/non-anon.ldif | 14 | ||||
-rwxr-xr-x | debian/perl-framework/scripts/redis-init.sh | 8 | ||||
-rw-r--r-- | debian/perl-framework/scripts/slapd-config.ldif | 10 | ||||
-rw-r--r-- | debian/perl-framework/scripts/suffix.ldif | 5 |
8 files changed, 144 insertions, 0 deletions
diff --git a/debian/perl-framework/scripts/httpd-sub.ldif b/debian/perl-framework/scripts/httpd-sub.ldif new file mode 100644 index 0000000..7908cb6 --- /dev/null +++ b/debian/perl-framework/scripts/httpd-sub.ldif @@ -0,0 +1,15 @@ +dn: cn=httpd,dc=example,dc=com +objectClass: applicationProcess +objectClass: simpleSecurityObject +cn: httpd +description: Service Account for httpd +userPassword: mod_authnz_ldap + +dn: ou=dept,dc=example,dc=com +ou: dept +objectClass: organizationalUnit + +# Group +dn: cn=Subgroup,ou=dept,dc=example,dc=com +objectClass: groupOfUniqueNames +uniqueMember: uid=beta,dc=example,dc=com diff --git a/debian/perl-framework/scripts/httpd.ldif b/debian/perl-framework/scripts/httpd.ldif new file mode 100644 index 0000000..b9211ee --- /dev/null +++ b/debian/perl-framework/scripts/httpd.ldif @@ -0,0 +1,56 @@ +dn: cn=httpd,dc=example,dc=com +objectClass: applicationProcess +objectClass: simpleSecurityObject +cn: httpd +description: Service Account for httpd +userPassword: mod_authnz_ldap + +dn: uid=alpha,dc=example,dc=com +objectClass: inetOrgPerson +cn: Alpha Person +givenName: Alpha +sn: Person +uid: alpha +roomnumber: 42 +userPassword: Alpha + +dn: uid=beta,dc=example,dc=com +objectClass: inetOrgPerson +cn: Beta Person +givenName: Beta +sn: Person +uid: beta +roomnumber: 41 +userPassword: Beta + +dn: uid=gamma,dc=example,dc=com +objectClass: inetOrgPerson +cn: Gamma Person +givenName: Gamma +sn: Person +uid: gamma +roomnumber: 101 +userPassword: Gamma + +dn: uid=delta,dc=example,dc=com +objectClass: inetOrgPerson +cn: Delta Person +givenName: Delta +sn: Person +uid: delta +roomnumber: 43 +userPassword: Delta + +# Group +dn: cn=Group One, dc=example,dc=com +objectClass: groupOfUniqueNames +uniqueMember: uid=alpha,dc=example,dc=com +uniqueMember: uid=beta,dc=example,dc=com +uniqueMember: uid=delta,dc=example,dc=com + +# Referral +dn: ou=dept,dc=example,dc=com +objectClass: referral +objectClass: extensibleObject +ou: dept +ref: ldap://localhost:8390/ou=dept,dc=example,dc=com diff --git a/debian/perl-framework/scripts/ldap-init.sh b/debian/perl-framework/scripts/ldap-init.sh new file mode 100755 index 0000000..148a9d0 --- /dev/null +++ b/debian/perl-framework/scripts/ldap-init.sh @@ -0,0 +1,28 @@ +#!/bin/bash -ex +DOCKER=${DOCKER:-`which docker 2>/dev/null || which podman 2>/dev/null`} +cid1=`${DOCKER} run -d -p 8389:389 httpd_ldap` +cid2=`${DOCKER} run -d -p 8390:389 httpd_ldap` +sleep 5 + +# For the CentOS slapd configuration, load some default schema: +if ${DOCKER} exec -i $cid1 test -f /etc/centos-release; then + ${DOCKER} exec -i $cid1 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/slapd-config.ldif + ${DOCKER} exec -i $cid2 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/slapd-config.ldif + + for sc in cosine inetorgperson nis; do + fn=/etc/openldap/schema/${sc}.ldif + ${DOCKER} exec -i $cid1 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// -f ${fn} + ${DOCKER} exec -i $cid2 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// -f ${fn} + done + + ldapadd -x -H ldap://localhost:8390 -D cn=admin,dc=example,dc=com -w travis < scripts/suffix.ldif + ldapadd -x -H ldap://localhost:8389 -D cn=admin,dc=example,dc=com -w travis < scripts/suffix.ldif +fi + +# Disable anonymous bind; must be done as an authenticated local user +# hence via ldapadd -Y EXTERNAL within the container. +${DOCKER} exec -i $cid1 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/non-anon.ldif +${DOCKER} exec -i $cid2 /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// < scripts/non-anon.ldif + +ldapadd -x -H ldap://localhost:8389 -D cn=admin,dc=example,dc=com -w travis < scripts/httpd.ldif +ldapadd -x -H ldap://localhost:8390 -D cn=admin,dc=example,dc=com -w travis < scripts/httpd-sub.ldif diff --git a/debian/perl-framework/scripts/memcached-init.sh b/debian/perl-framework/scripts/memcached-init.sh new file mode 100755 index 0000000..f90f055 --- /dev/null +++ b/debian/perl-framework/scripts/memcached-init.sh @@ -0,0 +1,8 @@ +#!/bin/bash -ex +DOCKER=${DOCKER:-`which docker 2>/dev/null || which podman 2>/dev/null`} +${DOCKER} build -t httpd_memcached - <<EOF +FROM quay.io/centos/centos:stream8 +RUN yum install -y memcached +CMD /usr/bin/memcached -u memcached -v +EOF +${DOCKER} run -d -p 11211:11211 httpd_memcached diff --git a/debian/perl-framework/scripts/non-anon.ldif b/debian/perl-framework/scripts/non-anon.ldif new file mode 100644 index 0000000..535312c --- /dev/null +++ b/debian/perl-framework/scripts/non-anon.ldif @@ -0,0 +1,14 @@ +dn: cn=config +changetype: modify +add: olcDisallows +olcDisallows: bind_anon + +dn: cn=config +changetype: modify +add: olcRequires +olcRequires: authc + +dn: olcDatabase={-1}frontend,cn=config +changetype: modify +add: olcRequires +olcRequires: authc diff --git a/debian/perl-framework/scripts/redis-init.sh b/debian/perl-framework/scripts/redis-init.sh new file mode 100755 index 0000000..f950138 --- /dev/null +++ b/debian/perl-framework/scripts/redis-init.sh @@ -0,0 +1,8 @@ +#!/bin/bash -ex +DOCKER=${DOCKER:-`which docker 2>/dev/null || which podman 2>/dev/null`} +${DOCKER} build -t httpd_redis - <<EOF +FROM quay.io/centos/centos:stream8 +RUN yum install -y redis +CMD /usr/bin/redis-server +EOF +${DOCKER} run -d -p 6379:6379 httpd_redis diff --git a/debian/perl-framework/scripts/slapd-config.ldif b/debian/perl-framework/scripts/slapd-config.ldif new file mode 100644 index 0000000..fa9763e --- /dev/null +++ b/debian/perl-framework/scripts/slapd-config.ldif @@ -0,0 +1,10 @@ +dn: olcDatabase={2}hdb,cn=config +changetype: modify +replace: olcSuffix +olcSuffix: dc=example,dc=com +- +replace: olcRootDN +olcRootDN: cn=admin,dc=example,dc=com +- +add: olcRootPW +olcRootPW: travis diff --git a/debian/perl-framework/scripts/suffix.ldif b/debian/perl-framework/scripts/suffix.ldif new file mode 100644 index 0000000..bf5cbdb --- /dev/null +++ b/debian/perl-framework/scripts/suffix.ldif @@ -0,0 +1,5 @@ +dn: dc=example,dc=com +objectClass: organization +objectClass: dcObject +dc: example +o: Example Organization |