Skip to content

N
nexpie-grafana-theme
Commit 1f97df46 by Torkel Ödegaard
Options

devenv: open ldap docker block now prepopulating data with correct member groups

parent 1586a42a
Showing with 158 additions and 75 deletions
docker/blocks/openldap/Dockerfile
...@@ -8,7 +8,8 @@ ENV OPENLDAP_VERSION 2.4.40 ...@@ -8,7 +8,8 @@ ENV OPENLDAP_VERSION 2.4.40
RUN apt-get update && \ RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
slapd=${OPENLDAP_VERSION}* && \ slapd=${OPENLDAP_VERSION}* \
ldap-utils && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
...@@ -22,6 +23,7 @@ COPY modules/ /etc/ldap.dist/modules ...@@ -22,6 +23,7 @@ COPY modules/ /etc/ldap.dist/modules
COPY prepopulate/ /etc/ldap.dist/prepopulate COPY prepopulate/ /etc/ldap.dist/prepopulate
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
COPY prepopulate.sh /prepopulate.sh
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]
......
docker/blocks/openldap/entrypoint.sh
...@@ -76,21 +76,14 @@ EOF ...@@ -76,21 +76,14 @@ EOF
IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS
for module in "${modules[@]}"; do for module in "${modules[@]}"; do
echo "Adding module ${module}"
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1 slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1
done done
fi fi
for file in `ls /etc/ldap/prepopulate/units/*.ldif`; do # This needs to run in background
slapadd -F /etc/ldap/slapd.d -l "$file" # Will prepopulate entries after ldap daemon has started
done ./prepopulate.sh &
for file in `ls /etc/ldap/prepopulate/groups/*.ldif`; do
slapadd -F /etc/ldap/slapd.d -l "$file"
done
for file in `ls /etc/ldap/prepopulate/users/*.ldif`; do
slapadd -F /etc/ldap/slapd.d -l "$file"
done
chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/ chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/
else else
......
docker/blocks/openldap/notes.md
...@@ -22,3 +22,27 @@ enabled = true ...@@ -22,3 +22,27 @@ enabled = true
config_file = conf/ldap.toml config_file = conf/ldap.toml
; allow_sign_up = true ; allow_sign_up = true
``` ```
Test groups & users
admins
ldap-admin
ldap-torkel
ldap-daniel
backend
ldap-carl
ldap-torkel
ldap-leo
frontend
ldap-torkel
ldap-tobias
ldap-daniel
editors
ldap-editors
no groups
ldap-viewer
docker/blocks/openldap/prepopulate.sh 0 → 100755
#!/bin/bash
echo "Pre-populating ldap entries, first waiting for ldap to start"
sleep 3
adminUserDn="cn=admin,dc=grafana,dc=org"
adminPassword="grafana"
for file in `ls /etc/ldap/prepopulate/*.ldif`; do
ldapadd -x -D $adminUserDn -w $adminPassword -f "$file"
done
docker/blocks/openldap/prepopulate/units/groups.ldif docker/blocks/openldap/prepopulate/1_units.ldif
dn: ou=groups,dc=grafana,dc=org dn: ou=groups,dc=grafana,dc=org
ou: Groups
objectclass: top
objectclass: organizationalUnit
dn: ou=users,dc=grafana,dc=org
ou: Users
objectclass: top objectclass: top
objectclass: organizationalUnit objectclass: organizationalUnit
docker/blocks/openldap/prepopulate/2_users.ldif 0 → 100644
# ldap-admin
dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
mail: ldap-admin@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-admin
cn: ldap-admin
dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
mail: ldap-editor@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-editor
cn: ldap-editor
dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
mail: ldap-viewer@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-viewer
cn: ldap-viewer
dn: cn=ldap-carl,ou=users,dc=grafana,dc=org
mail: ldap-carl@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-carl
cn: ldap-carl
dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org
mail: ldap-daniel@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-daniel
cn: ldap-daniel
dn: cn=ldap-leo,ou=users,dc=grafana,dc=org
mail: ldap-leo@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-leo
cn: ldap-leo
dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org
mail: ldap-tobias@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-tobias
cn: ldap-tobias
dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org
mail: ldap-torkel@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-torkel
cn: ldap-torkel
docker/blocks/openldap/prepopulate/3_groups.ldif 0 → 100644
dn: cn=admins,ou=groups,dc=grafana,dc=org
cn: admins
objectClass: groupOfNames
objectClass: top
member: cn=ldap-admin,ou=users,dc=grafana,dc=org
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
dn: cn=editors,ou=groups,dc=grafana,dc=org
cn: editors
objectClass: groupOfNames
member: cn=ldap-editor,ou=users,dc=grafana,dc=org
dn: cn=backend,ou=groups,dc=grafana,dc=org
cn: backend
objectClass: groupOfNames
member: cn=ldap-carl,ou=users,dc=grafana,dc=org
member: cn=ldap-leo,ou=users,dc=grafana,dc=org
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
dn: cn=frontend,ou=groups,dc=grafana,dc=org
cn: frontend
objectClass: groupOfNames
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
member: cn=ldap-daniel,ou=users,dc=grafana,dc=org
member: cn=ldap-leo,ou=users,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/groups/admins.ldif deleted 100644 → 0
dn: cn=admins,ou=groups,dc=grafana,dc=org
cn: admins
objectClass: groupOfNames
objectClass: top
member: cn=ldap-admin,ou=users,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/groups/backend.ldif deleted 100644 → 0
dn: cn=backend,ou=groups,dc=grafana,dc=org
cn: backend
objectClass: groupOfNames
objectClass: top
member: cn=ldap-editor,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/groups/editor.ldif deleted 100644 → 0
dn: cn=editors,ou=groups,dc=grafana,dc=org
cn: editors
objectClass: groupOfNames
objectClass: top
member: cn=ldap-editor,ou=users,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/groups/frontend.ldif deleted 100644 → 0
dn: cn=frontend,ou=groups,dc=grafana,dc=org
cn: frontend
objectClass: groupOfNames
objectClass: top
member: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/units/users.ldif deleted 100644 → 0
dn: ou=users,dc=grafana,dc=org
objectclass: top
objectclass: organizationalUnit
docker/blocks/openldap/prepopulate/users/ldap-admin.ldif deleted 100644 → 0
dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
mail: ldap-admin@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-admin
cn: ldap-admin
memberOf: cn=admins,ou=groups,dc=grafana,dc=org
memberOf: cn=editors,ou=groups,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/users/ldap-editor.ldif deleted 100644 → 0
dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
mail: ldap-editor@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-editor
cn: ldap-editor
memberOf: cn=editors,ou=groups,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/users/ldap-frontend-1.ldif deleted 100644 → 0
dn: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org
mail: ldap-frontend-1@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-frontend-1
cn: ldap-frontend-1
memberOf: cn=frontend,ou=groups,dc=grafana,dc=org
docker/blocks/openldap/prepopulate/users/ldap-viewer.ldif deleted 100644 → 0
dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
mail: ldap-viewer@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-viewer
cn: ldap-viewer
pkg/login/ext_user.go
...@@ -21,6 +21,7 @@ func UpsertUser(cmd *m.UpsertUserCommand) error { ...@@ -21,6 +21,7 @@ func UpsertUser(cmd *m.UpsertUserCommand) error {
Email: extUser.Email, Email: extUser.Email,
Login: extUser.Login, Login: extUser.Login,
} }
err := bus.Dispatch(userQuery) err := bus.Dispatch(userQuery)
if err != m.ErrUserNotFound && err != nil { if err != m.ErrUserNotFound && err != nil {
return err return err
...@@ -90,6 +91,7 @@ func createUser(extUser *m.ExternalUserInfo) (*m.User, error) { ...@@ -90,6 +91,7 @@ func createUser(extUser *m.ExternalUserInfo) (*m.User, error) {
Name: extUser.Name, Name: extUser.Name,
SkipOrgSetup: len(extUser.OrgRoles) > 0, SkipOrgSetup: len(extUser.OrgRoles) > 0,
} }
if err := bus.Dispatch(cmd); err != nil { if err := bus.Dispatch(cmd); err != nil {
return nil, err return nil, err
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment