Merge pull request #1 from Fekide/testing

Updating and organizing

Dockerfile

@@ -1,12 +1,16 @@
-FROM osixia/openldap:1.1.9
-LABEL maintainer="[email protected]" \
-      version="1.1.9-1.3-1"
+FROM osixia/openldap:1.2.4
+MAINTAINER Feki.de e.V. "[email protected]"
+LABEL version="1.2.4-1.3-1"
 
-ENV FUSIONDIRECTORY_VERSION=1.3-1
+ADD bootstrap /var/fusiondirectory/bootstrap
+ADD certs /container/service/slapd/assets/certs
+ADD environment /container/environment/01-custom
 
-RUN apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys D744D55EACDA69FF \
- && (echo "deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-stretch stretch main"; \
-     echo "deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main") \
+ARG FUSIONDIRECTORY_VERSION=1.3-1
+
+RUN apt-key adv --keyserver keys.gnupg.net --receive-keys D744D55EACDA69FF \
+ && (echo "deb https://repos.fusiondirectory.org/fusiondirectory-current/debian-stretch stretch main"; \
+     echo "deb https://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main") \
     > /etc/apt/sources.list.d/fusiondirectory-stretch.list \
  && apt-get update \
  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \

bootstrap/ldif/add.ldif

@@ -0,0 +1,127 @@
+dn: uid=fd-admin,{{ LDAP_BASE_DN }}
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+cn: System Administrator
+sn: Administrator
+givenName: System
+uid: fd-admin
+userPassword: {{ FD_ADMIN_PASSWORD }}
+
+dn: ou=aclroles,{{ LDAP_BASE_DN }}
+objectClass: organizationalUnit
+ou: aclroles
+
+dn: cn=admin,ou=aclroles,{{ LDAP_BASE_DN }}
+objectClass: top
+objectClass: gosaRole
+cn: admin
+description: Gives all rights on all objects
+gosaAclTemplate: 0:all;cmdrw
+
+dn: cn=manager,ou=aclroles,{{ LDAP_BASE_DN }}
+cn: manager
+description: Give all rights on users in the given branch
+objectClass: top
+objectClass: gosaRole
+gosaAclTemplate: 0:user/password;cmdrw,user/user;cmdrw,user/posixAccount;cmdrw
+
+dn: cn=editowninfos,ou=aclroles,{{ LDAP_BASE_DN }}
+cn: editowninfos
+description: Allow users to edit their own information (main tab and posix use
+  only on base)
+objectClass: top
+objectClass: gosaRole
+gosaAclTemplate: 0:user/posixAccount;srw,user/user;srw
+
+dn: ou=fusiondirectory,{{ LDAP_BASE_DN }}
+objectClass: organizationalUnit
+ou: fusiondirectory
+
+dn: ou=tokens,ou=fusiondirectory,{{ LDAP_BASE_DN }}
+objectClass: organizationalUnit
+ou: tokens
+
+dn: ou=locks,ou=fusiondirectory,{{ LDAP_BASE_DN }}
+objectClass: organizationalUnit
+ou: locks
+
+dn: ou=snapshots,{{ LDAP_BASE_DN }}
+objectClass: organizationalUnit
+ou: snapshots
+
+dn: cn=config,ou=fusiondirectory,{{ LDAP_BASE_DN }}
+fdTheme: default
+fdTimezone: America/New_York
+fusionConfigMd5: 7fd38d273a2f2e14c749467f4c38a650
+fdSchemaCheck: TRUE
+fdPasswordDefaultHash: ssha
+fdListSummary: TRUE
+fdModificationDetectionAttribute: entryCSN
+fdLogging: TRUE
+fdLdapSizeLimit: 200
+fdLoginAttribute: uid
+fdWarnSSL: TRUE
+fdSessionLifeTime: 1800
+fdEnableSnapshots: TRUE
+fdSnapshotBase: ou=snapshots,{{ LDAP_BASE_DN }}
+fdSslKeyPath: /etc/ssl/private/fd.key
+fdSslCertPath: /etc/ssl/certs/fd.cert
+fdSslCaCertPath: /etc/ssl/certs/ca.cert
+fdCasServerCaCertPath: /etc/ssl/certs/ca.cert
+fdCasHost: localhost
+fdCasPort: 443
+fdCasContext: /cas
+fdAccountPrimaryAttribute: uid
+fdCnPattern: %givenName% %sn%
+fdStrictNamingRules: TRUE
+fdMinId: 100
+fdUidNumberBase: 1100
+fdGidNumberBase: 1100
+fdUserRDN: ou=people
+fdGroupRDN: ou=groups
+fdAclRoleRDN: ou=aclroles
+fdIdAllocationMethod: traditional
+fdDebugLevel: 0
+fdShells: /bin/ash
+fdShells: /bin/bash
+fdShells: /bin/csh
+fdShells: /bin/sh
+fdShells: /bin/ksh
+fdShells: /bin/tcsh
+fdShells: /bin/dash
+fdShells: /bin/zsh
+fdShells: /sbin/nologin
+fdShells: /bin/false
+fdForcePasswordDefaultHash: FALSE
+fdHandleExpiredAccounts: FALSE
+fdForceSSL: FALSE
+fdHttpAuthActivated: FALSE
+fdCasActivated: FALSE
+fdRestrictRoleMembers: FALSE
+fdDisplayErrors: FALSE
+fdLdapStats: FALSE
+fdDisplayHookOutput: FALSE
+fdAclTabOnObjects: FALSE
+cn: config
+fdOGroupRDN: ou=groups
+fdForceSaslPasswordAsk: FALSE
+fdDashboardNumberOfDigit: 3
+fdDashboardPrefix: PC
+fdDashboardExpiredAccountsDays: 15
+objectClass: fusionDirectoryConf
+objectClass: fusionDirectoryPluginsConf
+objectClass: fdDashboardPluginConf
+objectClass: fdPasswordRecoveryConf
+fdPasswordRecoveryActivated: FALSE
+fdPasswordRecoveryEmail: [email protected]
+fdPasswordRecoveryValidity: 10
+fdPasswordRecoverySalt: SomethingSecretAndVeryLong
+fdPasswordRecoveryUseAlternate: FALSE
+fdPasswordRecoveryMailSubject: [FusionDirectory] Password recovery link
+fdPasswordRecoveryMailBody:: SGVsbG8sCgpIZXJlIGFyZSB5b3VyIGluZm9ybWF0aW9ucyA6I
+ AogLSBMb2dpbiA6ICVzCiAtIExpbmsgOiAlcwoKVGhpcyBsaW5rIGlzIG9ubHkgdmFsaWQgZm9yID
+ EwIG1pbnV0ZXMu
+fdPasswordRecoveryMail2Subject: [FusionDirectory] Password recovery successful
+fdPasswordRecoveryMail2Body:: SGVsbG8sCgpZb3VyIHBhc3N3b3JkIGhhcyBiZWVuIGNoYW5n
+ ZWQuCllvdXIgbG9naW4gaXMgc3RpbGwgJXMu

bootstrap/ldif/modify.ldif

@@ -0,0 +1,7 @@
+dn: {{ LDAP_BASE_DN }}
+changetype: modify
+objectClass: gosaDepartment
+changetype: modify
+objectClass: gosaAcl
+changetype: modify
+gosaAclEntry: 0:subtree:{{ CN_ADMIN_BS64 }}:{{ UID_FD_ADMIN_BS64 }}

certs/ca.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAlmgAwIBAgIUCfQ+m0pgZ/BjYAJvxrn/bdGNZokwCgYIKoZIzj0EAwMw
+gZYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxBMUEgQ2FyIFdhc2gxJDAiBgNVBAsT
+G0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgRGVwLjEUMBIGA1UEBxMLQWxidXF1ZXJx
+dWUxEzARBgNVBAgTCk5ldyBNZXhpY28xHzAdBgNVBAMTFmRvY2tlci1saWdodC1i
+YXNlaW1hZ2UwHhcNMTUxMjIzMTM1MzAwWhcNMjAxMjIxMTM1MzAwWjCBljELMAkG
+A1UEBhMCVVMxFTATBgNVBAoTDEExQSBDYXIgV2FzaDEkMCIGA1UECxMbSW5mb3Jt
+YXRpb24gVGVjaG5vbG9neSBEZXAuMRQwEgYDVQQHEwtBbGJ1cXVlcnF1ZTETMBEG
+A1UECBMKTmV3IE1leGljbzEfMB0GA1UEAxMWZG9ja2VyLWxpZ2h0LWJhc2VpbWFn
+ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMZf/12pupAgl8Sm+j8GmjNeNbSFAZWW
+oTmIvf2Mu4LWPHy4bTldkQgHUbBpT3xWz8f0lB/ru7596CHsGoL2A28hxuclq5hb
+Ux1yrIt3bJIY3TuiX25HGTe6kGCJPB1aLaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIG
+A1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFE+l6XolXDAYnGLTl4W6ULKHrm74
+MB8GA1UdIwQYMBaAFE+l6XolXDAYnGLTl4W6ULKHrm74MAoGCCqGSM49BAMDA2gA
+MGUCMQCXLZj8okyxW6UTL7hribUUbu63PbjuwIXnwi420DdNsvA9A7fcQEXScWFL
+XAGC8rkCMGcqwXZPSRfwuI9r+R11gTrP92hnaVxs9sjRikctpkQpOyNlIXFPopFK
+8FdfWPypvA==
+-----END CERTIFICATE-----

certs/cert.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAnegAwIBAgIIXM3vfP16npQwCgYIKoZIzj0EAwMwgZYxCzAJBgNVBAYT
+AlVTMRUwEwYDVQQKEwxBMUEgQ2FyIFdhc2gxJDAiBgNVBAsTG0luZm9ybWF0aW9u
+IFRlY2hub2xvZ3kgRGVwLjEUMBIGA1UEBxMLQWxidXF1ZXJxdWUxEzARBgNVBAgT
+Ck5ldyBNZXhpY28xHzAdBgNVBAMTFmRvY2tlci1saWdodC1iYXNlaW1hZ2UwHhcN
+MTYwMTEwMDk1OTAwWhcNMTcwMTA5MDk1OTAwWjCBjDELMAkGA1UEBhMCVVMxFTAT
+BgNVBAoTDEExQSBDYXIgV2FzaDEkMCIGA1UECxMbSW5mb3JtYXRpb24gVGVjaG5v
+bG9neSBEZXAuMRQwEgYDVQQHEwtBbGJ1cXVlcnF1ZTETMBEGA1UECBMKTmV3IE1l
+eGljbzEVMBMGA1UEAxMMZTNkMTNlZmQ5YjMxMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAElkKdHmSbyRwpEGkaMW4Hq9XHpEWLnet7mkqpigQMCMNhuUKLThKYWOm8ZLK3
+Yo21jeb/dXF2LiXgd/Jjaenas3KXkb/FMJESQVTvZ3dwcQwOgyEpCTbjs2GSbiK7
+1JuNo4GZMIGWMA4GA1UdDwEB/wQEAwIAoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtXICfw5YqIkZi83qxOpB
+P5UaHXcwHwYDVR0jBBgwFoAUT6XpeiVcMBicYtOXhbpQsoeubvgwFwYDVR0RBBAw
+DoIMZTNkMTNlZmQ5YjMxMAoGCCqGSM49BAMDA2gAMGUCMQC20jjmVWusnspeGSOr
+Yk+pWNdbTKzNLaU8mR3X2gCs07xrws6cFJBdx/lx8KxE05YCMEaD5kdea/HkaBzy
+5xJZJAuIMpj56AR3J4od9aa3x74NDpgOObRDc4Y7ErAWqjsf3A==
+-----END CERTIFICATE-----

certs/cert.key

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAXhGbcS1lHXUJ6cvJZHlm/nHmjJ+wzj+REhgIlQUhf+mDELlwgJEJo
+Hnag8Ow0xMygBwYFK4EEACKhZANiAASWQp0eZJvJHCkQaRoxbger1cekRYud63ua
+SqmKBAwIw2G5QotOEphY6bxksrdijbWN5v91cXYuJeB38mNp6dqzcpeRv8UwkRJB
+VO9nd3BxDA6DISkJNuOzYZJuIrvUm40=
+-----END EC PRIVATE KEY-----

certs/dhparam.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7adhygsX/CvbcQBlSEKBmm0D0+hVfIttcftyFTuDPNok4yDJUBUF
+zzc7X/i3PUMzANhShBrngBaXbOhVk3QcjMC623TPhFmILx0r236+aQEUGnlwN73M
+RUFM6EblYgH4+E4nv+JLwzHdO72+qMAd92rtzVMiaDlCWghH6wdAFoasTsT6Posc
+F5T8WCkzFAZeVhNGRKPP6k3l2BjvRJzkwYMMJrxaIYznMEK6H5CYIqZcpeAB3d2B
+NaZXLxFCemLrSS16UHrH1modEe8yjrOaE5+ZesGAA9onsNRZkAJp0x/pRaO/+rHn
+Q5QVCQCzxY16UsLzH0q/P80xPMU7BMoocwIBAg==
+-----END DH PARAMETERS-----

environment/fd.startup.yaml

@@ -0,0 +1,11 @@
+# This is the default image startup configuration file
+# this file define environment variables used during the container **first start** in **startup files**.
+
+# This file is deleted right after startup files are processed for the first time,
+# after that all these values will not be available in the container environment.
+# This helps to keep your container configuration secret.
+# more information : https://github.com/osixia/docker-light-baseimage
+
+# FusionDirectory environment variables
+FD_ADMIN_USERNAME: fd-admin
+FD_ADMIN_PASSWORD: password

environment/fd.yml

@@ -0,0 +1,9 @@
+# This is the default image configuration file
+# These values will persists in container environment.
+
+# All environment variables used after the container first start
+# must be defined here.
+# more information : https://github.com/osixia/docker-light-baseimage
+
+# General container configuration
+# see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.