feat: ldap

2023-12-01 15:21:07 +01:00 · 2023-12-01 15:21:07 +01:00 · bd649cb305
commit bd649cb305
parent 5d946e8a34
7 changed files with 99 additions and 0 deletions
--- a/ldap/.env
+++ b/ldap/.env
@ -0,0 +1,11 @@
 BASE_URL=ldap.
 EMAIL=
 LDAP_LOG_LEVEL=0
 LDAP_DOMAIN=
 LDAP_ORGANIZATION=
 LDAP_ADMIN_PASSWORD=
 LDAPSIZELIMIT=1000
 LDAPTIMELIMIT=60
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@ -0,0 +1,11 @@
 FROM debian:12-slim
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update                                \
    && apt-get install -y --no-install-recommends \
        ca-certificates                           \
        ldap-utils                                \
        slapd                                     \
    && rm -rf /var/lib/apt/lists/*
 COPY entrypoint.sh /usr/local/bin/
 EXPOSE 389 636
 ENTRYPOINT ["entrypoint.sh"]
--- a/ldap/compose-dev.yaml
+++ b/ldap/compose-dev.yaml
@ -0,0 +1,9 @@
 ---
 services:
  ldap:
    build: .
    ports:
      - "389:389"
      - "636:636"
    env_file:
      - .env
--- a/ldap/compose.yaml
+++ b/ldap/compose.yaml
@ -0,0 +1,24 @@
 ---
 services:
  install_site:
    build: install_site
    environment:
      - BASE_URL
      - EMAIL
    volumes:
      - certs:/etc/letsencrypt/
      - certbotroot:/var/www/certbot/
  ldap:
    build: .
    ports:
      - "389:389"
      - "636:636"
    env_file:
      .env
    volumes:
      - certs:/etc/letsencrypt/:ro
 volumes:
  certs:
    external: true
--- a/ldap/entrypoint.sh
+++ b/ldap/entrypoint.sh
@ -0,0 +1,28 @@
 #!/bin/bash -e
 LDAPMODIFY=(ldapmodify -Q -YEXTERNAL -Hldapi:///)
 SLAPD=(su openldap -c "slapd '-hldap:/// ldaps:/// ldapi:///' -d$LDAP_LOG_LEVEL")
 # https://sources.debian.org/src/openldap/2.5.13+dfsg-5/debian/slapd.templates/
 cat <<EOF | debconf-set-selections && dpkg-reconfigure slapd
 slapd slapd/dump_database select always
 slapd slapd/domain string '$LDAP_DOMAIN'
 slapd shared/organization string '$LDAP_ORGANIZATION'
 slapd slapd/password1 string '$LDAP_ADMIN_PASSWORD'
 slapd slapd/password2 string '$LDAP_ADMIN_PASSWORD'
 EOF
 # start slapd
 "${SLAPD[@]}" &
 sleep 1
 # enable SHA2
 "${LDAPMODIFY[@]}" <<EOF
 dn: cn=module{0},cn=config
 changetype: modify
 add: olcModuleLoad
 olcModuleLoad: pw-sha2
 EOF
 /etc/init.d/slapd stop
 exec "${SLAPD[@]}"
--- a/ldap/install_site
+++ b/ldap/install_site
@ -0,0 +1 @@
 ../_nginx/install_site
--- a/ldap/user.ldif
+++ b/ldap/user.ldif
@ -0,0 +1,15 @@
 dn: cn=firstname.lastname,dc=domain,dc=tld
 givenName: firstname
 cn: firstname.lastname
 sn: lastname
 uid: flastname
 homeDirectory: /home/flastname
 mail: flastname@domain.tld
 mail: first.lastname@domain.tld
 # slappasswd -h{SHA512} -omodule-load=pw-sha2 -s password
 userPassword: {SHA512}sQnzu7wkTrgkQZF+0G1hi5AI3Qmzvv0bXgc5THBqi7mAsdd4Xll27ASbRt9fEyavWi6m0QP9B8lThf+rDKy8hg==
 loginShell: /bin/bash
 uidNumber: 5001
 gidNumber: 0
 objectClass: inetOrgPerson
 objectClass: posixAccount