From: Matthew Newton Date: Wed, 12 Oct 2022 23:03:50 +0000 (+0100) Subject: CI: fixups to use 389ds in Docker container X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff23c10c916d1ce4e5c246a71e3c7bc9dad585b5;p=thirdparty%2Ffreeradius-server.git CI: fixups to use 389ds in Docker container --- diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 05d0dae38db..bffea20f667 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -170,8 +170,8 @@ jobs: ldap_test_server: 127.0.0.1 ldap_test_server_port: 3890 ldaps_test_server_port: 6360 - ldap389_test_server: 127.0.0.1 - ldap389_test_server_port: 3892 + ldap389_test_server: threeds + ldap389_test_server_port: 3389 active_directory_test_server: 127.0.0.1 rest_test_server: 127.0.0.1 rest_test_port: 8080 diff --git a/scripts/ci/389ds-setup.sh b/scripts/ci/389ds-setup.sh index fb1543cff0b..ac6be39923e 100755 --- a/scripts/ci/389ds-setup.sh +++ b/scripts/ci/389ds-setup.sh @@ -1,30 +1,42 @@ #!/bin/sh -# Build template config file -cat < /tmp/instance.inf -[general] -config_version = 2 - -[slapd] -root_dn = cn=manager -root_password = secret123 -port = 3892 -secure_port = 6362 -self_sign_cert = True - -[backend-userroot] -suffix = dc=example,dc=com -sample_entries = yes -require_index = yes -EOF - -# Initialise ds instance from config -sudo dscreate from-file /tmp/instance.inf +ROOTDN="cn=Directory Manager" + +set + +if [ "x$USE_DOCKER" = "xtrue" ]; then + dsconf -D "${ROOTDN}" -w "secret123" "${PERSISTENT_SEARCH_TEST_SERVER}" backend create --suffix 'dc=example,dc=com' --be-name localhost + dsidm -D "${ROOTDN}" -w "secret123" "${PERSISTENT_SEARCH_TEST_SERVER}" -b 'dc=example,dc=com' initialise + +else + + # Build template config file + cat <<-EOF > /tmp/instance.inf + [general] + config_version = 2 + + [slapd] + root_dn = ${ROOTDN} + root_password = secret123 + port = 3892 + secure_port = 6362 + self_sign_cert = True + + [backend-userroot] + suffix = dc=example,dc=com + sample_entries = yes + require_index = yes + EOF + + # Initialise ds instance from config + sudo dscreate from-file /tmp/instance.inf + +fi # Load base entries count=0 while [ $count -lt 10 ] ; do - if ldapadd -x -H ldap://127.0.0.1:3892/ -D "cn=manager" -w "secret123" -f src/tests/salt-test-server/salt/ldap/base3.ldif ; then + if ldapadd -x -H "${PERSISTENT_SEARCH_TEST_SERVER}" -D "${ROOTDN}" -w "secret123" -f src/tests/salt-test-server/salt/ldap/base3.ldif ; then break 2 else count=$((count+1)) @@ -36,3 +48,38 @@ if [ $? -ne 0 ]; then echo "Error configuring server" exit 1 fi + + +# +# Some random commands that are used setting up 389ds... +# +# Get config +# dsconf -D 'cn=Directory Manager' -w secret123 ldap://threeds:3389/ config get +# +# List databases: +# dsconf -D 'cn=Directory Manager' -w secret123 ldap://threeds:3389/ backend suffix list +# dc=example,dc=com (localhost) +# +# Create some basic data in the directory: +# dsidm -D 'cn=Directory Manager' -w secret123 ldap://threeds:3389/ -b 'dc=example,dc=com' initialise +# +# Add a new user: +# dsidm -D 'cn=Directory Manager' -w secret123 ldap://threeds:3389/ -b 'dc=example,dc=com' user create --uid manager --cn manager --displayName manager --uidNumber 1999 --gidNumber 1999 --homeDirectory /home/manager +# +# Set user password: +# dsidm -D 'cn=Directory Manager' -w secret123 ldap://threeds:3389/ -b 'dc=example,dc=com' account reset_password uid=manager,ou=people,dc=example,dc=com secret123 +# +# +# Give permissions for user to edit anything: +# cat < permissions.ldif +# dn: dc=example,dc=com +# changetype: modify +# add: aci +# aci: (targetattr="*")(target="ldap:///dc=example,dc=com")(version 3.0; acl "allow whatever"; allow (all)(userdn="ldap:///uid=manager,ou=people,dc=example,dc=com");) +# EOF +# +# ldapmodify -D 'cn=Directory Manager' -w secret123 -H "ldap://threeds:3389/" -x -f permissions.ldif +# +# List ACLs: +# ldapsearch -D 'cn=Directory Manager' -w secret123 -H "ldap://threeds:3389/" -x -b 'dc=example,dc=com' '(aci=*)' aci +# diff --git a/src/tests/ldap_sync/persistent_search/01_add.ldif b/src/tests/ldap_sync/persistent_search/01_add.ldif index 57f5e05e742..c6633091b10 100644 --- a/src/tests/ldap_sync/persistent_search/01_add.ldif +++ b/src/tests/ldap_sync/persistent_search/01_add.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: uid=fred,ou=people,dc=example,dc=com changeType: add diff --git a/src/tests/ldap_sync/persistent_search/02_mod.ldif b/src/tests/ldap_sync/persistent_search/02_mod.ldif index 1937ddcab90..86c528fe326 100644 --- a/src/tests/ldap_sync/persistent_search/02_mod.ldif +++ b/src/tests/ldap_sync/persistent_search/02_mod.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: uid=fred,ou=people,dc=example,dc=com changeType: modify diff --git a/src/tests/ldap_sync/persistent_search/03_mod.ldif b/src/tests/ldap_sync/persistent_search/03_mod.ldif index 23acc27f622..1a2f17e61ab 100644 --- a/src/tests/ldap_sync/persistent_search/03_mod.ldif +++ b/src/tests/ldap_sync/persistent_search/03_mod.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: uid=fred,ou=people,dc=example,dc=com changeType: modrdn diff --git a/src/tests/ldap_sync/persistent_search/04_del.ldif b/src/tests/ldap_sync/persistent_search/04_del.ldif index dce215888a7..161e807e32e 100644 --- a/src/tests/ldap_sync/persistent_search/04_del.ldif +++ b/src/tests/ldap_sync/persistent_search/04_del.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: uid=frederic,ou=people,dc=example,dc=com changetype: delete diff --git a/src/tests/ldap_sync/persistent_search/05_add.ldif b/src/tests/ldap_sync/persistent_search/05_add.ldif index 1cb62f3739e..b06d34ffc86 100644 --- a/src/tests/ldap_sync/persistent_search/05_add.ldif +++ b/src/tests/ldap_sync/persistent_search/05_add.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: cn=bosses,ou=groups,dc=example,dc=com changeType: add diff --git a/src/tests/ldap_sync/persistent_search/06_mod.ldif b/src/tests/ldap_sync/persistent_search/06_mod.ldif index bd84f66c9ae..13b4ecb0309 100644 --- a/src/tests/ldap_sync/persistent_search/06_mod.ldif +++ b/src/tests/ldap_sync/persistent_search/06_mod.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: cn=foo,ou=groups,dc=example,dc=com changetype: modify diff --git a/src/tests/ldap_sync/persistent_search/07_mod.ldif b/src/tests/ldap_sync/persistent_search/07_mod.ldif index 96164babf7a..72aba4e9a72 100644 --- a/src/tests/ldap_sync/persistent_search/07_mod.ldif +++ b/src/tests/ldap_sync/persistent_search/07_mod.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: cn=foo,ou=groups,dc=example,dc=com changetype: modify diff --git a/src/tests/ldap_sync/persistent_search/08_del.ldif b/src/tests/ldap_sync/persistent_search/08_del.ldif index ddf67e26ded..6261e09f67b 100644 --- a/src/tests/ldap_sync/persistent_search/08_del.ldif +++ b/src/tests/ldap_sync/persistent_search/08_del.ldif @@ -1,5 +1,5 @@ # -# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=manager" -w "secret123" +# ARGV: -x -H ${PERSISTENT_SEARCH_TEST_SERVER} -D "cn=Directory Manager" -w "secret123" # dn: cn=bosses,ou=groups,dc=example,dc=com changetype: delete diff --git a/src/tests/ldap_sync/persistent_search/config/radiusd.conf b/src/tests/ldap_sync/persistent_search/config/radiusd.conf index 65026b5223c..7c91938c572 100644 --- a/src/tests/ldap_sync/persistent_search/config/radiusd.conf +++ b/src/tests/ldap_sync/persistent_search/config/radiusd.conf @@ -112,7 +112,7 @@ server test { ldap { server = $ENV{PERSISTENT_SEARCH_TEST_SERVER} - identity = 'cn=manager' + identity = 'cn=Directory Manager' password = 'secret123' options {