feat(openldap): add openldap setup script

ldap_service/data/bootstrap.ldif

@@ -0,0 +1,54 @@
+dn: cn=developer,dc=example,dc=org
+changetype: add
+objectclass: inetOrgPerson
+cn: developer
+givenname: developer
+sn: Developer
+displayname: Developer User
+mail: developer@gmail.com
+uid: developer
+userpassword: developer_pass
+
+dn: cn=maintainer,dc=example,dc=org
+changetype: add
+objectclass: inetOrgPerson
+cn: maintainer
+givenname: maintainer
+sn: Maintainer
+displayname: Maintainer User
+mail: maintainer@gmail.com
+uid: maintainer
+userpassword: maintainer_pass
+
+dn: cn=admin_gh,dc=example,dc=org
+changetype: add
+objectclass: inetOrgPerson
+cn: admin_gh
+givenname: admin_gh
+sn: AdminGithub
+displayname: Admin Github User
+mail: admin_gh@gmail.com
+userpassword: admin_gh_pass
+
+dn: ou=Groups,dc=example,dc=org
+changetype: add
+objectclass: organizationalUnit
+ou: Groups
+
+dn: ou=Users,dc=example,dc=org
+changetype: add
+objectclass: organizationalUnit
+ou: Users
+
+dn: cn=Admins,ou=Groups,dc=example,dc=org
+changetype: add
+cn: Admins
+objectclass: groupOfUniqueNames
+uniqueMember: cn=admin_gh,dc=example,dc=org
+
+dn: cn=Maintainers,ou=Groups,dc=example,dc=org
+changetype: add
+cn: Maintainers
+objectclass: groupOfUniqueNames
+uniqueMember: cn=maintainer,dc=example,dc=org
+uniqueMember: cn=developer,dc=example,dc=org

ldap_service/data/certs/cfssl.json

@@ -0,0 +1,8 @@
+{
+  "signing": {
+    "default": {
+      "expiry": "87600h",
+      "usages": ["signing", "key encipherment", "server auth"]
+    }
+  }
+}

ldap_service/data/certs/ldap-ca-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOnBF74dtgfFSwUZlY3WPHjLyedZ3YI5H5jrEu33FeX0oAoGCCqGSM49
+AwEHoUQDQgAEc7tkckI5XrRSf+QeUhk4xnSJdabwgpPVY9vg+DdpFocK7i99ubI+
+p5rBX9xrKGKlcEmM/Yufh32b1drdHmQFaQ==
+-----END EC PRIVATE KEY-----

ldap_service/data/certs/ldap-ca.csr

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBPTCB5AIBADBIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcT
+DVNhbiBGcmFuY2lzY28xFDASBgNVBAMTC2V4YW1wbGUubmV0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEc7tkckI5XrRSf+QeUhk4xnSJdabwgpPVY9vg+DdpFocK
+7i99ubI+p5rBX9xrKGKlcEmM/Yufh32b1drdHmQFaaA6MDgGCSqGSIb3DQEJDjEr
+MCkwJwYDVR0RBCAwHoILZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxlLm5ldDAKBggq
+hkjOPQQDAgNIADBFAiEA8F+6ILOqzCzCuPB+sgUALDeud27CEu9nIM16cG710ioC
+IBPdKdWivdCVG+YO/+mYb/g3Hbk5vByB9xj1bVQtt7KE
+-----END CERTIFICATE REQUEST-----

ldap_service/data/certs/ldap-ca.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB0zCCAXqgAwIBAgIUGzxUvE3E82RNYhT+eG2Hscq7ma4wCgYIKoZIzj0EAwIw
+SDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp
+c2NvMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0yMjA4MTEyMjM4MDBaFw0yNzA4
+MTAyMjM4MDBaMEgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMN
+U2FuIEZyYW5jaXNjbzEUMBIGA1UEAxMLZXhhbXBsZS5uZXQwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAARzu2RyQjletFJ/5B5SGTjGdIl1pvCCk9Vj2+D4N2kWhwru
+L325sj6nmsFf3GsoYqVwSYz9i5+HfZvV2t0eZAVpo0IwQDAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOBglz2vX3F2/QSfPb8CE6WgX
+xowwCgYIKoZIzj0EAwIDRwAwRAIgTPJwMJ/C1AWyduH1VHateYtwSsSiG4CFof/m
+e7Te0SACIDo8NbjqCxX5q7xNREx/KrWAGblLlk00Ywsqc+qZejC0
+-----END CERTIFICATE-----

ldap_service/data/certs/server-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIxGYodBnPD2v4PlKVfTZYkPl2kf9ckdT63NRVI8pJt8oAoGCCqGSM49
+AwEHoUQDQgAEj0t/ND963wlU/FFeiwI7cSBqkOX4puNwOz/npMwVwYLuVOrY/L+s
+hjPrZ32WW3lAu3NKsG7bkbDzzw76ppbY1w==
+-----END EC PRIVATE KEY-----

ldap_service/data/certs/server.csr

@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBADCBpwIBADAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEj0t/ND963wlU
+/FFeiwI7cSBqkOX4puNwOz/npMwVwYLuVOrY/L+shjPrZ32WW3lAu3NKsG7bkbDz
+zw76ppbY16BFMEMGCSqGSIb3DQEJDjE2MDQwMgYDVR0RBCswKYIQbGRhcC5leGFt
+cGxlLm9yZ4IJbG9jYWxob3N0hwSsHwAKhwR/AAABMAoGCCqGSM49BAMCA0gAMEUC
+IQCMPYIchbVmp1bmvT77sucgUf4fe7CGSdOVWkL3rxkTjAIgIhHivuP62hOyG43O
+xWi/83L01C7MiOOsQMu6x3NEYQI=
+-----END CERTIFICATE REQUEST-----

ldap_service/data/certs/server.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+DCCAZ6gAwIBAgIUTj+0B76Ev+XH/iW7lPdo28KM884wCgYIKoZIzj0EAwIw
+SDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp
+c2NvMRQwEgYDVQQDEwtleGFtcGxlLm5ldDAeFw0yMjA4MTEyMjM4MDBaFw0zMjA4
+MDgyMjM4MDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASPS380P3rfCVT8
+UV6LAjtxIGqQ5fim43A7P+ekzBXBgu5U6tj8v6yGM+tnfZZbeUC7c0qwbtuRsPPP
+DvqmltjXo4GtMIGqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSefdqGwGdpVarg54WkJioV315BOzAf
+BgNVHSMEGDAWgBQ4GCXPa9fcXb9BJ89vwITpaBfGjDA1BgNVHREBAf8EKzApghBs
+ZGFwLmV4YW1wbGUub3Jngglsb2NhbGhvc3SHBKwfAAqHBH8AAAEwCgYIKoZIzj0E
+AwIDSAAwRQIgIyv9Rifo3PThZm43YJ2nEIeOVANoUHaS1eD34YfLO64CIQDOvpMk
+WtM/tAn7ufxdRcN51ev6maK6yQMiu4Hj6Fk4gg==
+-----END CERTIFICATE-----

ldap_service/docker-compose.yml

@@ -0,0 +1,47 @@
+version: '3.7'
+
+services:
+  ldap_server:
+    image: osixia/openldap:1.5.0
+    container_name: ldap_server
+    environment:
+      LDAP_ADMIN_PASSWORD: admin_pass
+      LDAP_BASE_DN: dc=example,dc=org
+      LDAP_DOMAIN: example.org
+      LDAP_ORGANISATION: "Example Inc."
+      LDAP_TLS_CRT_FILENAME: server.pem
+      LDAP_TLS_KEY_FILENAME: server-key.pem
+      LDAP_TLS_CA_CRT_FILENAME: ldap-ca.pem
+      LDAP_TLS_VERIFY_CLIENT: try
+    hostname: ldap.example.org
+    command: --copy-service
+    networks:
+      default:
+        ipv4_address: 172.31.0.10
+    ports:
+      - 389:389
+      - 636:636
+    volumes:
+      - ./data/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif
+      - ./data/certs:/container/service/slapd/assets/certs 
+
+  ldap_server_admin:
+    image: osixia/phpldapadmin:0.7.2
+    container_name: ldap_server_admin
+    ports:
+      - 8090:80
+    networks:
+      default:
+        ipv4_address: 172.31.0.2
+    environment:
+      PHPLDAPADMIN_LDAP_HOSTS: ldap_server
+      PHPLDAPADMIN_HTTPS: 'false'
+
+networks:
+  default:
+    external: false
+    name: openldap-network
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.31.0.1/16"

ldap_service/ldap-run.sh

@@ -0,0 +1,117 @@
+#!/bin/bash
+
+set -eu
+
+source ../utils/common.sh
+
+DOCKER_COMPOSE_FILE=./docker-compose.yml
+BOOTSTRAP_FILE=./data/bootstrap.ldif
+CA_CERT_FILE=./data/certs/ldap-ca.pem
+CERT_FILE=./data/certs/server.pem
+KEY_FILE=./data/certs/server-key.pem
+
+print_highlight "Start setup ldap service..."
+
+docker-compose -v | grep 'docker-compose version' &> /dev/null
+if [ $? != 0 ]; then
+    print_error "docker-compose not detected"
+    exit;
+fi
+
+print_highlight "docker-compose detected" &> /dev/null
+
+set +e
+docker container ls -a | grep 'portainer_ldap' &> /dev/null
+if [ $? == 0 ]; then
+    docker stop portainer_ldap
+    docker rm portainer_ldap
+    print_highlight "removing existing container portainer_ldap"
+fi
+
+docker volume ls | grep 'portainer_ldap_data'
+if [ $? == 0 ]; then
+    docker volume rm portainer_ldap_data
+    print_highlight "removing existing volume portainer_ldap_data"
+fi
+
+docker container ls -a | grep 'ldap_server' &> /dev/null
+if [ $? == 0 ]; then
+    docker stop ldap_server
+    docker rm ldap_server
+    print_highlight "removing existing container ldap_server"
+fi
+
+docker container ls -a | grep 'ldap_server_admin' &> /dev/null
+if [ $? == 0 ]; then
+    docker stop ldap_server_admin
+    docker rm ldap_server_admin
+    print_highlight "removing existing container ldap_server_admin"
+fi
+
+docker network ls | grep 'openldap-network' &> /dev/null
+if [ $? == 0 ]; then
+    docker network rm openldap-network
+    print_highlight "removing existing container openldap-network"
+fi
+set -e
+
+if [[ ! -e "${DOCKER_COMPOSE_FILE}" ]]; then
+    print_error "${DOCKER_COMPOSE_FILE} not found"
+    exit;
+fi
+
+if [[ ! -e "${BOOTSTRAP_FILE}" ]]; then
+    print_error "${BOOTSTRAP_FILE} not found"
+    exit;
+fi
+
+if [[ ! -e "${CA_CERT_FILE}" ]]; then
+    print_error "${CA_CERT_FILE } not found"
+    exit;
+fi
+
+if [[ ! -e "${CERT_FILE}" ]]; then
+    print_error "${CERT_FILE} not found"
+    exit;
+fi
+
+if [[ ! -e "${KEY_FILE}" ]]; then
+    print_error "${KEY_FILE } not found"
+    exit;
+fi
+
+ 
+docker-compose up -d 
+
+print_highlight "Open LDAP service run up successfully."
+
+print_highlight "Login DN(username): cn=admin,dc=example,dc=org"
+print_highlight "Password: admin_pass"
+
+sleep 5
+
+xdg-open http://localhost:8090
+
+sleep 5
+
+input "Input your testing docker image(portainerci/portainer-ee:prxxx): " TEST_IMAGE
+
+docker volume create portainer_ldap_data
+
+docker run -d \
+-p 8000:8000 \
+-p 9000:9000 \
+-p 9443:9443 \
+--network openldap-network \
+--name portainer_ldap \
+--restart=always \
+-v /var/run/docker.sock:/var/run/docker.sock \
+-v /portainer_ldap_data:/data \
+${TEST_IMAGE}
+
+print_highlight "Portainer run up successfully."
+
+sleep 10
+
+xdg-open http://localhost:9000
+