diff options
Diffstat (limited to '')
-rwxr-xr-x | scripts/ci/ldap-setup.sh | 51 | ||||
-rw-r--r-- | scripts/ci/ldap/slapd.conf | 51 | ||||
-rw-r--r-- | scripts/ci/ldap/slapd2.conf | 61 | ||||
-rwxr-xr-x | scripts/ci/ldap2-setup.sh | 63 |
4 files changed, 226 insertions, 0 deletions
diff --git a/scripts/ci/ldap-setup.sh b/scripts/ci/ldap-setup.sh new file mode 100755 index 0000000..ec3ba2c --- /dev/null +++ b/scripts/ci/ldap-setup.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +# Allow setup script to work with homebrew too +export PATH="/usr/local/opt/openldap/libexec:$PATH" + +# Clean out any existing DB +rm -rf /tmp/ldap/db +# Create directory we can write DB files to +mkdir -p /tmp/ldap/db/ + +# Change db location to /tmp as we can't write to /var +sed -i -e 's/\/var\/lib\/ldap/\/tmp\/ldap\/db/' src/tests/salt-test-server/salt/ldap/base.ldif + +# Create a directory we can link schema files into +if [ -d /tmp/ldap/schema ]; then + echo "Schema dir already linked" +# Debian +elif [ -d /etc/ldap/schema ]; then + ln -fs /etc/ldap/schema /tmp/ldap/schema +# Redhat +elif [ -d /etc/openldap/schema ]; then + ln -fs /etc/openldap/schema /tmp/ldap/schema +# macOS (homebrew) +elif [ -d /usr/local/etc/openldap/schema ]; then + ln -fs /usr/local/etc/openldap/schema /tmp/ldap/schema +else + echo "Can't locate OpenLDAP schema dir" + exit 1 +fi + +# Start slapd +slapd -h "ldap://127.0.0.1:3890/" -f scripts/ci/ldap/slapd.conf & + +# Wait for LDAP to start +sleep 1 + +# Add test data +count=0 +while [ $count -lt 10 ] ; do + if ldapadd -x -H ldap://127.0.0.1:3890/ -D "cn=admin,cn=config" -w secret -f src/tests/salt-test-server/salt/ldap/base.ldif ; then + break 2 + else + count=$((count+1)) + sleep 1 + fi +done + +if [ $? -ne 0 ]; then + echo "Error configuring server" + exit 1 +fi diff --git a/scripts/ci/ldap/slapd.conf b/scripts/ci/ldap/slapd.conf new file mode 100644 index 0000000..7782616 --- /dev/null +++ b/scripts/ci/ldap/slapd.conf @@ -0,0 +1,51 @@ +# +###### SAMPLE 1 - SIMPLE DIRECTORY ############ +# +# NOTES: inetorgperson picks up attributes and objectclasses +# from all three schemas +# +# NB: RH Linux schemas in /etc/openldap +# +include /tmp/ldap/schema/core.schema +include /tmp/ldap/schema/cosine.schema +include /tmp/ldap/schema/inetorgperson.schema +include /tmp/ldap/schema/nis.schema +include doc/schemas/ldap/openldap/freeradius.schema +include doc/schemas/ldap/openldap/freeradius-clients.schema +pidfile /tmp/slapd.pid + +# enable a lot of logging - we might need it +# but generates huge logs +loglevel -1 + +# MODULELOAD definitions +# not required (comment out) before version 2.3 +moduleload back_mdb.la + +database config +rootdn "cn=admin,cn=config" +rootpw secret + +####################################################################### +# mdb database definitions +# +# replace example and com below with a suitable domain +# +# If you don't have a domain you can leave it since example.com +# is reserved for experimentation or change them to my and inc +# +####################################################################### + +database mdb +suffix "dc=nodomain" + +# root or superuser +rootdn "cn=admin,dc=nodomain" +rootpw secret +# The database directory MUST exist prior to running slapd AND +# change path as necessary +directory /tmp/ldap/db/ + +# other database parameters +# read more in slapd.conf reference section +checkpoint 128 15 diff --git a/scripts/ci/ldap/slapd2.conf b/scripts/ci/ldap/slapd2.conf new file mode 100644 index 0000000..52c16a7 --- /dev/null +++ b/scripts/ci/ldap/slapd2.conf @@ -0,0 +1,61 @@ +# +###### SAMPLE 1 - SIMPLE DIRECTORY ############ +# +# NOTES: inetorgperson picks up attributes and objectclasses +# from all three schemas +# +# NB: RH Linux schemas in /etc/openldap +# +include /tmp/ldap2/schema/core.schema +include /tmp/ldap2/schema/cosine.schema +include /tmp/ldap2/schema/inetorgperson.schema +include /tmp/ldap2/schema/nis.schema +include doc/schemas/ldap/openldap/freeradius.schema +include doc/schemas/ldap/openldap/freeradius-clients.schema +pidfile /tmp/slapd2.pid + +# enable a lot of logging - we might need it +# but generates huge logs +loglevel -1 + +# MODULELOAD definitions +# not required (comment out) before version 2.3 +moduleload back_mdb.la + +database config +rootdn "cn=admin,cn=config" +rootpw secret + +# +# Certificates for SSL/TLS connections +# Note - these will not match the host name so clients need to use +# the "allow" option when checking certificates +# +#TLSCACertificateFile /tmp/ldap2/certs/cacert.pem +#TLSCertificateFile /tmp/ldap2/certs/servercert.pem +#TLSCertificateKeyFile /tmp/ldap2/certs/serverkey.pem + +####################################################################### +# mdb database definitions +# +# replace example and com below with a suitable domain +# +# If you don't have a domain you can leave it since example.com +# is reserved for experimentation or change them to my and inc +# +####################################################################### + +database mdb +suffix "dc=nodomain" + +# root or superuser +rootdn "cn=admin,dc=nodomain" +rootpw secret +# The database directory MUST exist prior to running slapd AND +# change path as necessary +directory /tmp/ldap2/db/ + +# other database parameters +# read more in slapd.conf reference section +checkpoint 128 15 + diff --git a/scripts/ci/ldap2-setup.sh b/scripts/ci/ldap2-setup.sh new file mode 100755 index 0000000..c274414 --- /dev/null +++ b/scripts/ci/ldap2-setup.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +# Allow setup script to work with homebrew too +export PATH="/usr/local/opt/openldap/libexec:$PATH" + +# Clean out any existing DB +rm -rf /tmp/ldap2/db +# Create directory we can write DB files to +mkdir -p /tmp/ldap2/db/ + +# Change db location to /tmp as we can't write to /var +sed -i -e 's/\/var\/lib\/ldap/\/tmp\/ldap2\/db/' src/tests/salt-test-server/salt/ldap/base2.ldif + +# Create a directory we can link schema files into +if [ -d /tmp/ldap2/schema ]; then + echo "Schema dir already linked" +# Debian +elif [ -d /etc/ldap/schema ]; then + ln -fs /etc/ldap/schema /tmp/ldap2/schema +# Redhat +elif [ -d /etc/openldap/schema ]; then + ln -fs /etc/openldap/schema /tmp/ldap2/schema +# macOS (homebrew) +elif [ -d /usr/local/etc/openldap/schema ]; then + ln -fs /usr/local/etc/openldap/schema /tmp/ldap2/schema +else + echo "Can't locate OpenLDAP schema dir" + exit 1 +fi + +# Clean out any old certificates +##rm -rf /tmp/ldap2/certs +# Create certificate directory +##mkdir -p /tmp/ldap2/certs + +# Copy certificates - whilst not stricltly LDAP certs they work fine for these tests +##cp src/tests/certs/rsa/ca.pem /tmp/ldap2/certs/cacert.pem +##cp src/tests/certs/rsa/server.pem /tmp/ldap2/certs/servercert.pem +# OpenLDAP wants an un-encrypted key +##openssl rsa -in src/tests/certs/rsa/server.key -out /tmp/ldap2/certs/serverkey.pem -passin pass:whatever + +# Start slapd +slapd -h "ldap://127.0.0.1:3891/" -f scripts/ci/ldap/slapd2.conf & + +# Wait for LDAP to start +sleep 1 + +# Add test data +count=0 +while [ $count -lt 10 ] ; do + if ldapadd -x -H ldap://127.0.0.1:3891/ -D "cn=admin,cn=config" -w secret -f src/tests/salt-test-server/salt/ldap/base2.ldif ; then + break 2 + else + count=$((count+1)) + sleep 1 + fi +done + +if [ $? -ne 0 ]; then + echo "Error configuring server" + exit 1 +fi + |