devenv: open ldap docker block now prepopulating data with correct member groups

1f97df46 · Torkel Ödegaard · 1586a42a · 1f97df46 · 1f97df46 · 1f97df46
Commit 1f97df46 authored Jul 03, 2018 by Torkel Ödegaard
17 changed files
--- a/docker/blocks/openldap/Dockerfile
+++ b/docker/blocks/openldap/Dockerfile
@@ -8,7 +8,8 @@ ENV OPENLDAP_VERSION 2.4.40

 RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
-        slapd=${OPENLDAP_VERSION}* && \
+        slapd=${OPENLDAP_VERSION}* \
+        ldap-utils && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

@@ -22,6 +23,7 @@ COPY modules/ /etc/ldap.dist/modules
 COPY prepopulate/ /etc/ldap.dist/prepopulate

 COPY entrypoint.sh /entrypoint.sh
+COPY prepopulate.sh /prepopulate.sh

 ENTRYPOINT ["/entrypoint.sh"]


--- a/docker/blocks/openldap/entrypoint.sh
+++ b/docker/blocks/openldap/entrypoint.sh
@@ -76,21 +76,14 @@ EOF
        IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS

        for module in "${modules[@]}"; do
-             slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1
+          echo "Adding module ${module}"
+          slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1
        done
    fi

-    for file in `ls /etc/ldap/prepopulate/units/*.ldif`; do
-        slapadd -F /etc/ldap/slapd.d -l "$file"
-    done
-
-    for file in `ls /etc/ldap/prepopulate/groups/*.ldif`; do
-        slapadd -F /etc/ldap/slapd.d -l "$file"
-    done
-
-    for file in `ls /etc/ldap/prepopulate/users/*.ldif`; do
-        slapadd -F /etc/ldap/slapd.d -l "$file"
-    done
+    # This needs to run in background
+    # Will prepopulate entries after ldap daemon has started
+    ./prepopulate.sh &

    chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/
 else

--- a/docker/blocks/openldap/notes.md
+++ b/docker/blocks/openldap/notes.md
 # Notes on OpenLdap Docker Block

-Any ldif files added to the prepopulate subdirectory will be automatically imported into the OpenLdap database. 
+Any ldif files added to the prepopulate subdirectory will be automatically imported into the OpenLdap database.

 The ldif files add three users, `ldapviewer`, `ldapeditor` and `ldapadmin`. Two groups, `admins` and `users`, are added that correspond with the group mappings in the default conf/ldap.toml. `ldapadmin` is a member of `admins` and `ldapeditor` is a member of `users`.

@@ -22,3 +22,27 @@ enabled = true
 config_file = conf/ldap.toml
 ; allow_sign_up = true
 ```
+
+Test groups & users
+
+admins
+  ldap-admin
+  ldap-torkel
+  ldap-daniel
+backend
+  ldap-carl
+  ldap-torkel
+  ldap-leo
+frontend
+  ldap-torkel
+  ldap-tobias
+  ldap-daniel
+editors
+  ldap-editors
+
+
+no groups
+  ldap-viewer
+
+
+
--- a/docker/blocks/openldap/prepopulate.sh
+++ b/docker/blocks/openldap/prepopulate.sh
+#!/bin/bash
+
+echo "Pre-populating ldap entries, first waiting for ldap to start"
+
+sleep 3
+
+adminUserDn="cn=admin,dc=grafana,dc=org"
+adminPassword="grafana"
+
+for file in `ls /etc/ldap/prepopulate/*.ldif`; do
+  ldapadd -x -D $adminUserDn -w $adminPassword -f "$file"
+done
+
+
--- a/docker/blocks/openldap/prepopulate/units/groups.ldif
+++ b/docker/blocks/openldap/prepopulate/units/groups.ldif
 dn: ou=groups,dc=grafana,dc=org
+ou: Groups
+objectclass: top
+objectclass: organizationalUnit
+
+dn: ou=users,dc=grafana,dc=org
+ou: Users
 objectclass: top
 objectclass: organizationalUnit
--- a/docker/blocks/openldap/prepopulate/2_users.ldif
+++ b/docker/blocks/openldap/prepopulate/2_users.ldif
+# ldap-admin
+dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
+mail: ldap-admin@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-admin
+cn: ldap-admin
+
+dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
+mail: ldap-editor@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-editor
+cn: ldap-editor
+
+dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
+mail: ldap-viewer@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-viewer
+cn: ldap-viewer
+
+dn: cn=ldap-carl,ou=users,dc=grafana,dc=org
+mail: ldap-carl@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-carl
+cn: ldap-carl
+
+dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org
+mail: ldap-daniel@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-daniel
+cn: ldap-daniel
+
+dn: cn=ldap-leo,ou=users,dc=grafana,dc=org
+mail: ldap-leo@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-leo
+cn: ldap-leo
+
+dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org
+mail: ldap-tobias@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-tobias
+cn: ldap-tobias
+
+dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org
+mail: ldap-torkel@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-torkel
+cn: ldap-torkel
--- a/docker/blocks/openldap/prepopulate/3_groups.ldif
+++ b/docker/blocks/openldap/prepopulate/3_groups.ldif
+dn: cn=admins,ou=groups,dc=grafana,dc=org
+cn: admins
+objectClass: groupOfNames
+objectClass: top
+member: cn=ldap-admin,ou=users,dc=grafana,dc=org
+member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
+
+dn: cn=editors,ou=groups,dc=grafana,dc=org
+cn: editors
+objectClass: groupOfNames
+member: cn=ldap-editor,ou=users,dc=grafana,dc=org
+
+dn: cn=backend,ou=groups,dc=grafana,dc=org
+cn: backend
+objectClass: groupOfNames
+member: cn=ldap-carl,ou=users,dc=grafana,dc=org
+member: cn=ldap-leo,ou=users,dc=grafana,dc=org
+member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
+
+dn: cn=frontend,ou=groups,dc=grafana,dc=org
+cn: frontend
+objectClass: groupOfNames
+member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
+member: cn=ldap-daniel,ou=users,dc=grafana,dc=org
+member: cn=ldap-leo,ou=users,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/groups/admins.ldif
+++ b/docker/blocks/openldap/prepopulate/groups/admins.ldif
-dn: cn=admins,ou=groups,dc=grafana,dc=org
-cn: admins
-objectClass: groupOfNames
-objectClass: top
-member: cn=ldap-admin,ou=users,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/groups/backend.ldif
+++ b/docker/blocks/openldap/prepopulate/groups/backend.ldif
-dn: cn=backend,ou=groups,dc=grafana,dc=org
-cn: backend
-objectClass: groupOfNames
-objectClass: top
-member: cn=ldap-editor,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/groups/editor.ldif
+++ b/docker/blocks/openldap/prepopulate/groups/editor.ldif
-dn: cn=editors,ou=groups,dc=grafana,dc=org
-cn: editors
-objectClass: groupOfNames
-objectClass: top
-member: cn=ldap-editor,ou=users,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/groups/frontend.ldif
+++ b/docker/blocks/openldap/prepopulate/groups/frontend.ldif
-dn: cn=frontend,ou=groups,dc=grafana,dc=org
-cn: frontend
-objectClass: groupOfNames
-objectClass: top
-member: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/units/users.ldif
+++ b/docker/blocks/openldap/prepopulate/units/users.ldif
-dn: ou=users,dc=grafana,dc=org
-objectclass: top
-objectclass: organizationalUnit
--- a/docker/blocks/openldap/prepopulate/users/ldap-admin.ldif
+++ b/docker/blocks/openldap/prepopulate/users/ldap-admin.ldif
-dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
-mail: ldap-admin@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-admin
-cn: ldap-admin
-memberOf: cn=admins,ou=groups,dc=grafana,dc=org
-memberOf: cn=editors,ou=groups,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/users/ldap-editor.ldif
+++ b/docker/blocks/openldap/prepopulate/users/ldap-editor.ldif
-dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
-mail: ldap-editor@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-editor
-cn: ldap-editor
-memberOf: cn=editors,ou=groups,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/users/ldap-frontend-1.ldif
+++ b/docker/blocks/openldap/prepopulate/users/ldap-frontend-1.ldif
-dn: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org
-mail: ldap-frontend-1@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-frontend-1
-cn: ldap-frontend-1
-memberOf: cn=frontend,ou=groups,dc=grafana,dc=org
--- a/docker/blocks/openldap/prepopulate/users/ldap-viewer.ldif
+++ b/docker/blocks/openldap/prepopulate/users/ldap-viewer.ldif
-dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
-mail: ldap-viewer@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-viewer
-cn: ldap-viewer
--- a/pkg/login/ext_user.go
+++ b/pkg/login/ext_user.go
@@ -21,6 +21,7 @@ func UpsertUser(cmd *m.UpsertUserCommand) error {
 		Email:      extUser.Email,
 		Login:      extUser.Login,
 	}
+
 	err := bus.Dispatch(userQuery)
 	if err != m.ErrUserNotFound && err != nil {
 		return err
@@ -90,6 +91,7 @@ func createUser(extUser *m.ExternalUserInfo) (*m.User, error) {
 		Name:         extUser.Name,
 		SkipOrgSetup: len(extUser.OrgRoles) > 0,
 	}
+
 	if err := bus.Dispatch(cmd); err != nil {
 		return nil, err
 	}