Added ldap setup

2024-03-29 10:12:05 -04:00
parent f2d3a10617
commit 042d7b58e6
8 changed files with 200 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@ license.txt
 ## Ignoring keycloak so it can be pulled already setup.
 volumes

-**/.DS_Store
+**/.DS_Store
+.DS_Store
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@

 This is a basic reproduction that includes various components preconfigured like SAML, LDAP, advanced logging, prometheus, grafana, and elasticsearch.

+- [LDAP](#ldap)
+
 ## Making Changes

 If you're testing changes with Mattermost I do not suggest running `make restart` or `make stop` because the keycloak instance can quickly get into a failed state with too frequent of restarts. Instead do `make restart-mattermost`. 
@@ -121,3 +123,76 @@ All the Mattermost grafana charts are already installed and linked, you just hav
 2. Sign in with `admin` / `admin`. Change the password if you want, I don't suggest it.
 3. Click `Dashboards` > `Manage`
 4. Click any of the dashboards you want to view. 
+
+
+## LDAP
+
+### Adding Users
+
+You can easily add users to the ldap container by using the provided ldif file and query.
+
+Here is an example of the command. If you run this right now you'll add two users to your ldap environment.
+Note that if the data already exists in the ldif the command will fail.
+
+```bash
+docker exec -it cs-repro-openldap ldapmodify \
+  -x \
+  -H ldap://openldap:10389 \
+  -D "cn=admin,dc=planetexpress,dc=com" \
+  -w GoodNewsEveryone \
+  -f /ldap/ldapadd.ldif
+```
+
+### Adding Group Members
+
+To add a group member we have to use `ldapmodify`. Below is an example of the command. If you run the example we take the two user from the above command and add them to the `robot_mafia` group.
+
+```bash
+docker exec -it cs-repro-openldap ldapmodify \
+  -x \
+  -H ldap://openldap:10389 \
+  -D "cn=admin,dc=planetexpress,dc=com" \
+  -w GoodNewsEveryone \
+  -f /ldap/ldapmodify.ldif
+```
+
+### LDAP Search
+
+Everything that comes after the `-w` flag is a part of the search on the base DN. Just replace that with what you have in the user filter. 
+
+#### Searching for Groups
+
+```bash
+docker exec -it cs-repro-openldap ldapsearch \
+  -x -b "DC=planetexpress,DC=com" \
+  -H ldap://openldap:10389 \
+  -D "cn=admin,dc=planetexpress,dc=com" \
+  -w GoodNewsEveryone \
+  "(objectClass=Group)"
+```
+
+#### Searching for People
+
+```bash
+docker exec -it cs-repro-openldap ldapsearch \
+  -x -b "DC=planetexpress,DC=com" \
+  -H ldap://openldap:10389 \
+  -D "cn=admin,dc=planetexpress,dc=com" \
+  -w GoodNewsEveryone \
+  "(objectClass=Person)"
+```
+
+### Add New Attributes to LDAP
+
+Let's say you need a special attribute added to LDAP for testing, like a uniqueID you can tweak. Using the below command we'll add an attribute called `uniqueID` to our users from above. If we want to extend this to the rest of Futurama they'll need to be in the ldif file. 
+
+```bash
+docker exec -it cs-repro-openldap ldapmodify \
+  -x \
+  -H ldap://openldap:10389 \
+  -D "cn=admin,cn=config" \
+  -w GoodNewsEveryone \
+  -f /ldap/addUniqueID.ldif
+```
+
+A few notes, when adding this attribute you must add the `customPerson` objectclass to the person before you can assign the attribute. See the `ldapadd.ldif` file for help. 
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -97,6 +97,8 @@ services:
    hostname: openldap
    restart: unless-stopped
    image: rroemhild/test-openldap:latest
+    volumes:
+      - ./ldap:/ldap:rw
    ports:
      - "10389:10389"
      - "10636:10636"
--- a/ldap/addUniqueID.ldif
+++ b/ldap/addUniqueID.ldif
@@ -0,0 +1,18 @@
+version: 1
+
+# Add the UNIQUEID Attribute
+dn: cn={0}core,cn=schema,cn=config
+changetype: modify
+add: olcAttributetypes
+olcAttributetypes: ( 1.2.840.113556.1.4.9990 NAME 'uniqueId'
+   DESC 'Unique Identifier'
+   SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
+
+# Define customPerson as an auxiliary class
+dn: cn={0}core,cn=schema,cn=config
+changetype: modify
+add: olcObjectClasses
+olcObjectClasses: ( 1.2.840.113556.1.5.999 NAME 'customPerson'
+  DESC 'Custom Person Object Class'
+  AUXILIARY
+  MAY uniqueId )
--- a/ldap/ldapadd.ldif
+++ b/ldap/ldapadd.ldif
@@ -0,0 +1,98 @@
+dn: cn=Joey Mousepad,ou=people,dc=planetexpress,dc=com
+changetype: add
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: customPerson
+cn: Joey Mousepad
+sn: Mousepad
+givenName: Joey
+userPassword: password
+mail: jMousepad@aol.com
+title: Robot Mafia Henchperson
+uid: jmousepad
+jpegPhoto: < file:///ldap/photos/JoeyMousepad.jpg
+uniqueId: 2
+
+dn: cn=Donbot Smith,ou=people,dc=planetexpress,dc=com
+changetype: add
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: customPerson
+cn: Donbot Smith
+sn: Smith
+givenName: Donbot
+userPassword: password
+mail: dsmith@planetexpress.com
+title: Robot Mafia Godfather
+uid: dsmith
+jpegPhoto: < file:///ldap/photos/Donbot.jpg
+uniqueId: 1
+
+dn: cn=robot_mafia,ou=people,dc=planetexpress,dc=com
+changetype: add
+objectClass: Group
+objectClass: top
+groupType: 2147483650
+cn: robot_mafia
+member: cn=Donbot Smith,ou=people,dc=planetexpress,dc=com
+member: cn=Joey Mousepad,ou=people,dc=planetexpress,dc=com
+
+dn: cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: objectClass
+objectClass: customPerson
+-
+add: uniqueId
+uniqueId: 3
+
+dn: cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: objectClass
+objectClass: customPerson
+-
+add: uniqueId
+uniqueId: 4
+
+dn: cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: objectClass
+objectClass: customPerson
+-
+add: uniqueId
+uniqueId: 4
+
+dn: cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: objectClass
+objectClass: customPerson
+-
+add: uniqueId
+uniqueId: 5
+
+dn: cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: objectClass
+objectClass: customPerson
+-
+add: uniqueId
+uniqueId: 5
+
+dn: cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: objectClass
+objectClass: customPerson
+-
+add: uniqueId
+uniqueId: 6
+
+dn: cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: objectClass
+objectClass: customPerson
+-
+add: uniqueId
+uniqueId: 7
--- a/ldap/ldapmodify.ldif
+++ b/ldap/ldapmodify.ldif
@@ -0,0 +1,5 @@
+dn: cn=ship_crew,ou=people,dc=planetexpress,dc=com
+changetype: modify
+add: member
+member: uid=jdoe,ou=people,dc=planetexpress,dc=com
+member: uid=jsmith,ou=people,dc=planetexpress,dc=com
--- a/ldap/photos/Donbot.jpeg
+++ b/ldap/photos/Donbot.jpeg
--- a/ldap/photos/JoeyMousepad.jpeg
+++ b/ldap/photos/JoeyMousepad.jpeg