CI: Update test LDAP config to allow SASL binds

diff --git a/scripts/ci/ldap/slapd.conf b/scripts/ci/ldap/slapd.conf
index f179e35e58596bc00cbe43225078a3c9c6b40435..ba406a4cc02d2ef491f973056fc7b930a1c76916 100644 (file)
--- a/scripts/ci/ldap/slapd.conf
+++ b/scripts/ci/ldap/slapd.conf
@@ -27,6 +27,17 @@ database config
 rootdn "cn=admin,cn=config"
 rootpw secret
 
+# Options to allow DIGEST-MD5  SASL binds using passwords in the LDAP directory
+password-hash   {CLEARTEXT}
+
+authz-regexp
+  uid=admin,cn=[^,]*,cn=auth
+  cn=admin,dc=example,dc=com
+
+authz-regexp
+  uid=([^,]*),cn=[^,]*,cn=auth
+  uid=$1,ou=people,dc=example,dc=com
+
 #######################################################################
 # mdb database definitions can be added here, or added by ldapadd
 #######################################################################

diff --git a/scripts/ci/ldap/slapd2.conf b/scripts/ci/ldap/slapd2.conf
index a943de9afead520596b5e0a18b007415c4d392a6..14a90026419be6433f63ea10629a920076cf791c 100644 (file)
--- a/scripts/ci/ldap/slapd2.conf
+++ b/scripts/ci/ldap/slapd2.conf
@@ -26,6 +26,15 @@ database config
 rootdn "cn=admin,cn=config"
 rootpw secret
 
+# SASL mapping of users to DNs so we can do PLAIN / LOGIN over ldaps
+authz-regexp
+  uid=admin,cn=[^,]*,cn=auth
+  cn=admin,dc=example,dc=com
+
+authz-regexp
+  uid=([^,]*),cn=[^,]*,cn=auth
+  uid=$1,ou=people,dc=subdept,dc=example,dc=com
+
 #
 # Certificates for SSL/TLS connections
 # Note - these will not match the host name so clients need to use 

diff --git a/src/tests/salt-test-server/salt/ldap/base.ldif b/src/tests/salt-test-server/salt/ldap/base.ldif
index c943794189c6f56e41fa3c3ffeca8b133b4c39a4..6f43e2fd8bdcfbc041b26b52ae499e458122e53b 100644 (file)
--- a/src/tests/salt-test-server/salt/ldap/base.ldif
+++ b/src/tests/salt-test-server/salt/ldap/base.ldif
@@ -12,9 +12,8 @@ olcLastMod: TRUE
 olcDbCheckpoint: 512 30
 olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
 olcAccess: to attrs=shadowLastChange by self write by * read
-olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage
-olcAccess: to dn.base="" by * read
-olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
+olcAccess: to dn.base="" by dn="cn=admin,cn=config" manage by * read
+olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage by dn="cn=admin,dc=example,dc=com" write by * read
 
 dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
 objectClass: olcOverlayConfig

diff --git a/src/tests/salt-test-server/salt/ldap/base2.ldif b/src/tests/salt-test-server/salt/ldap/base2.ldif
index 4ee1632a6cda1bbe0a5762c7fea121cdb6af8e3b..f4228bbd6319f8398bb97a3f63ce6bf43bdfbfa3 100644 (file)
--- a/src/tests/salt-test-server/salt/ldap/base2.ldif
+++ b/src/tests/salt-test-server/salt/ldap/base2.ldif
@@ -11,10 +11,9 @@ olcDbIndex: objectClass eq
 olcLastMod: TRUE
 olcDbCheckpoint: 512 30
 olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
-olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage
 olcAccess: to attrs=shadowLastChange by self write by * read
-olcAccess: to dn.base="" by * read
-olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
+olcAccess: to dn.base="" by dn="cn=admin,cn=config" manage by * read
+olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=admin,cn=config" manage by dn="cn=admin,dc=example,dc=com" write by * read
 
 # Create top-level object in domain
 dn: dc=example,dc=com