diff --git a/ldap_service/data/bootstrap.ldif b/ldap_service/data/bootstrap.ldif new file mode 100644 index 0000000..696246f --- /dev/null +++ b/ldap_service/data/bootstrap.ldif @@ -0,0 +1,54 @@ +dn: cn=developer,dc=example,dc=org +changetype: add +objectclass: inetOrgPerson +cn: developer +givenname: developer +sn: Developer +displayname: Developer User +mail: developer@gmail.com +uid: developer +userpassword: developer_pass + +dn: cn=maintainer,dc=example,dc=org +changetype: add +objectclass: inetOrgPerson +cn: maintainer +givenname: maintainer +sn: Maintainer +displayname: Maintainer User +mail: maintainer@gmail.com +uid: maintainer +userpassword: maintainer_pass + +dn: cn=admin_gh,dc=example,dc=org +changetype: add +objectclass: inetOrgPerson +cn: admin_gh +givenname: admin_gh +sn: AdminGithub +displayname: Admin Github User +mail: admin_gh@gmail.com +userpassword: admin_gh_pass + +dn: ou=Groups,dc=example,dc=org +changetype: add +objectclass: organizationalUnit +ou: Groups + +dn: ou=Users,dc=example,dc=org +changetype: add +objectclass: organizationalUnit +ou: Users + +dn: cn=Admins,ou=Groups,dc=example,dc=org +changetype: add +cn: Admins +objectclass: groupOfUniqueNames +uniqueMember: cn=admin_gh,dc=example,dc=org + +dn: cn=Maintainers,ou=Groups,dc=example,dc=org +changetype: add +cn: Maintainers +objectclass: groupOfUniqueNames +uniqueMember: cn=maintainer,dc=example,dc=org +uniqueMember: cn=developer,dc=example,dc=org \ No newline at end of file diff --git a/ldap_service/data/certs/cfssl.json b/ldap_service/data/certs/cfssl.json new file mode 100644 index 0000000..87639fd --- /dev/null +++ b/ldap_service/data/certs/cfssl.json @@ -0,0 +1,8 @@ +{ + "signing": { + "default": { + "expiry": "87600h", + "usages": ["signing", "key encipherment", "server auth"] + } + } +} diff --git a/ldap_service/data/certs/ldap-ca-key.pem b/ldap_service/data/certs/ldap-ca-key.pem new file mode 100644 index 0000000..894e8b6 --- /dev/null +++ b/ldap_service/data/certs/ldap-ca-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIOnBF74dtgfFSwUZlY3WPHjLyedZ3YI5H5jrEu33FeX0oAoGCCqGSM49 +AwEHoUQDQgAEc7tkckI5XrRSf+QeUhk4xnSJdabwgpPVY9vg+DdpFocK7i99ubI+ +p5rBX9xrKGKlcEmM/Yufh32b1drdHmQFaQ== +-----END EC PRIVATE KEY----- diff --git a/ldap_service/data/certs/ldap-ca.csr b/ldap_service/data/certs/ldap-ca.csr new file mode 100644 index 0000000..5308a97 --- /dev/null +++ b/ldap_service/data/certs/ldap-ca.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBPTCB5AIBADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcT +DVNhbiBGcmFuY2lzY28xFDASBgNVBAMTC2V4YW1wbGUubmV0MFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEc7tkckI5XrRSf+QeUhk4xnSJdabwgpPVY9vg+DdpFocK +7i99ubI+p5rBX9xrKGKlcEmM/Yufh32b1drdHmQFaaA6MDgGCSqGSIb3DQEJDjEr +MCkwJwYDVR0RBCAwHoILZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxlLm5ldDAKBggq +hkjOPQQDAgNIADBFAiEA8F+6ILOqzCzCuPB+sgUALDeud27CEu9nIM16cG710ioC +IBPdKdWivdCVG+YO/+mYb/g3Hbk5vByB9xj1bVQtt7KE +-----END CERTIFICATE REQUEST----- diff --git a/ldap_service/data/certs/ldap-ca.pem b/ldap_service/data/certs/ldap-ca.pem new file mode 100644 index 0000000..99b0a7b --- /dev/null +++ b/ldap_service/data/certs/ldap-ca.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0zCCAXqgAwIBAgIUGzxUvE3E82RNYhT+eG2Hscq7ma4wCgYIKoZIzj0EAwIw +SDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0yMjA4MTEyMjM4MDBaFw0yNzA4 +MTAyMjM4MDBaMEgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMN +U2FuIEZyYW5jaXNjbzEUMBIGA1UEAxMLZXhhbXBsZS5uZXQwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAARzu2RyQjletFJ/5B5SGTjGdIl1pvCCk9Vj2+D4N2kWhwru +L325sj6nmsFf3GsoYqVwSYz9i5+HfZvV2t0eZAVpo0IwQDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOBglz2vX3F2/QSfPb8CE6WgX +xowwCgYIKoZIzj0EAwIDRwAwRAIgTPJwMJ/C1AWyduH1VHateYtwSsSiG4CFof/m +e7Te0SACIDo8NbjqCxX5q7xNREx/KrWAGblLlk00Ywsqc+qZejC0 +-----END CERTIFICATE----- diff --git a/ldap_service/data/certs/server-key.pem b/ldap_service/data/certs/server-key.pem new file mode 100644 index 0000000..102e256 --- /dev/null +++ b/ldap_service/data/certs/server-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIIxGYodBnPD2v4PlKVfTZYkPl2kf9ckdT63NRVI8pJt8oAoGCCqGSM49 +AwEHoUQDQgAEj0t/ND963wlU/FFeiwI7cSBqkOX4puNwOz/npMwVwYLuVOrY/L+s +hjPrZ32WW3lAu3NKsG7bkbDzzw76ppbY1w== +-----END EC PRIVATE KEY----- diff --git a/ldap_service/data/certs/server.csr b/ldap_service/data/certs/server.csr new file mode 100644 index 0000000..9e909e9 --- /dev/null +++ b/ldap_service/data/certs/server.csr @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBADCBpwIBADAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEj0t/ND963wlU +/FFeiwI7cSBqkOX4puNwOz/npMwVwYLuVOrY/L+shjPrZ32WW3lAu3NKsG7bkbDz +zw76ppbY16BFMEMGCSqGSIb3DQEJDjE2MDQwMgYDVR0RBCswKYIQbGRhcC5leGFt +cGxlLm9yZ4IJbG9jYWxob3N0hwSsHwAKhwR/AAABMAoGCCqGSM49BAMCA0gAMEUC +IQCMPYIchbVmp1bmvT77sucgUf4fe7CGSdOVWkL3rxkTjAIgIhHivuP62hOyG43O +xWi/83L01C7MiOOsQMu6x3NEYQI= +-----END CERTIFICATE REQUEST----- diff --git a/ldap_service/data/certs/server.pem b/ldap_service/data/certs/server.pem new file mode 100644 index 0000000..3b5ae74 --- /dev/null +++ b/ldap_service/data/certs/server.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB+DCCAZ6gAwIBAgIUTj+0B76Ev+XH/iW7lPdo28KM884wCgYIKoZIzj0EAwIw +SDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0yMjA4MTEyMjM4MDBaFw0zMjA4 +MDgyMjM4MDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASPS380P3rfCVT8 +UV6LAjtxIGqQ5fim43A7P+ekzBXBgu5U6tj8v6yGM+tnfZZbeUC7c0qwbtuRsPPP +DvqmltjXo4GtMIGqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD +ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSefdqGwGdpVarg54WkJioV315BOzAf +BgNVHSMEGDAWgBQ4GCXPa9fcXb9BJ89vwITpaBfGjDA1BgNVHREBAf8EKzApghBs +ZGFwLmV4YW1wbGUub3Jngglsb2NhbGhvc3SHBKwfAAqHBH8AAAEwCgYIKoZIzj0E +AwIDSAAwRQIgIyv9Rifo3PThZm43YJ2nEIeOVANoUHaS1eD34YfLO64CIQDOvpMk +WtM/tAn7ufxdRcN51ev6maK6yQMiu4Hj6Fk4gg== +-----END CERTIFICATE----- diff --git a/ldap_service/docker-compose.yml b/ldap_service/docker-compose.yml new file mode 100644 index 0000000..a19a680 --- /dev/null +++ b/ldap_service/docker-compose.yml @@ -0,0 +1,47 @@ +version: '3.7' + +services: + ldap_server: + image: osixia/openldap:1.5.0 + container_name: ldap_server + environment: + LDAP_ADMIN_PASSWORD: admin_pass + LDAP_BASE_DN: dc=example,dc=org + LDAP_DOMAIN: example.org + LDAP_ORGANISATION: "Example Inc." + LDAP_TLS_CRT_FILENAME: server.pem + LDAP_TLS_KEY_FILENAME: server-key.pem + LDAP_TLS_CA_CRT_FILENAME: ldap-ca.pem + LDAP_TLS_VERIFY_CLIENT: try + hostname: ldap.example.org + command: --copy-service + networks: + default: + ipv4_address: 172.31.0.10 + ports: + - 389:389 + - 636:636 + volumes: + - ./data/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif + - ./data/certs:/container/service/slapd/assets/certs + + ldap_server_admin: + image: osixia/phpldapadmin:0.7.2 + container_name: ldap_server_admin + ports: + - 8090:80 + networks: + default: + ipv4_address: 172.31.0.2 + environment: + PHPLDAPADMIN_LDAP_HOSTS: ldap_server + PHPLDAPADMIN_HTTPS: 'false' + +networks: + default: + external: false + name: openldap-network + ipam: + driver: default + config: + - subnet: "172.31.0.1/16" diff --git a/ldap_service/ldap-run.sh b/ldap_service/ldap-run.sh new file mode 100755 index 0000000..5fddf18 --- /dev/null +++ b/ldap_service/ldap-run.sh @@ -0,0 +1,117 @@ +#!/bin/bash + +set -eu + +source ../utils/common.sh + +DOCKER_COMPOSE_FILE=./docker-compose.yml +BOOTSTRAP_FILE=./data/bootstrap.ldif +CA_CERT_FILE=./data/certs/ldap-ca.pem +CERT_FILE=./data/certs/server.pem +KEY_FILE=./data/certs/server-key.pem + +print_highlight "Start setup ldap service..." + +docker-compose -v | grep 'docker-compose version' &> /dev/null +if [ $? != 0 ]; then + print_error "docker-compose not detected" + exit; +fi + +print_highlight "docker-compose detected" &> /dev/null + +set +e +docker container ls -a | grep 'portainer_ldap' &> /dev/null +if [ $? == 0 ]; then + docker stop portainer_ldap + docker rm portainer_ldap + print_highlight "removing existing container portainer_ldap" +fi + +docker volume ls | grep 'portainer_ldap_data' +if [ $? == 0 ]; then + docker volume rm portainer_ldap_data + print_highlight "removing existing volume portainer_ldap_data" +fi + +docker container ls -a | grep 'ldap_server' &> /dev/null +if [ $? == 0 ]; then + docker stop ldap_server + docker rm ldap_server + print_highlight "removing existing container ldap_server" +fi + +docker container ls -a | grep 'ldap_server_admin' &> /dev/null +if [ $? == 0 ]; then + docker stop ldap_server_admin + docker rm ldap_server_admin + print_highlight "removing existing container ldap_server_admin" +fi + +docker network ls | grep 'openldap-network' &> /dev/null +if [ $? == 0 ]; then + docker network rm openldap-network + print_highlight "removing existing container openldap-network" +fi +set -e + +if [[ ! -e "${DOCKER_COMPOSE_FILE}" ]]; then + print_error "${DOCKER_COMPOSE_FILE} not found" + exit; +fi + +if [[ ! -e "${BOOTSTRAP_FILE}" ]]; then + print_error "${BOOTSTRAP_FILE} not found" + exit; +fi + +if [[ ! -e "${CA_CERT_FILE}" ]]; then + print_error "${CA_CERT_FILE } not found" + exit; +fi + +if [[ ! -e "${CERT_FILE}" ]]; then + print_error "${CERT_FILE} not found" + exit; +fi + +if [[ ! -e "${KEY_FILE}" ]]; then + print_error "${KEY_FILE } not found" + exit; +fi + + +docker-compose up -d + +print_highlight "Open LDAP service run up successfully." + +print_highlight "Login DN(username): cn=admin,dc=example,dc=org" +print_highlight "Password: admin_pass" + +sleep 5 + +xdg-open http://localhost:8090 + +sleep 5 + +input "Input your testing docker image(portainerci/portainer-ee:prxxx): " TEST_IMAGE + +docker volume create portainer_ldap_data + +docker run -d \ +-p 8000:8000 \ +-p 9000:9000 \ +-p 9443:9443 \ +--network openldap-network \ +--name portainer_ldap \ +--restart=always \ +-v /var/run/docker.sock:/var/run/docker.sock \ +-v /portainer_ldap_data:/data \ +${TEST_IMAGE} + +print_highlight "Portainer run up successfully." + +sleep 10 + +xdg-open http://localhost:9000 +