forked from mystiq/dex
Rework to use docker-compose
Signed-off-by: Martin Heide <martin.heide@faro.com>
This commit is contained in:
parent
b4d22bf1b2
commit
705cf8bb6a
5 changed files with 22 additions and 60 deletions
|
@ -13,16 +13,17 @@ The connector executes two primary queries:
|
||||||
|
|
||||||
The dex repo contains a basic LDAP setup using [OpenLDAP][openldap].
|
The dex repo contains a basic LDAP setup using [OpenLDAP][openldap].
|
||||||
|
|
||||||
First start the LDAP server using the example script. This will run the OpenLDAP daemon in a Docker container, and seed it with an initial set of users.
|
First start the LDAP server using docker-compose. This will run the OpenLDAP daemon in a Docker container, and seed it with an initial set of users.
|
||||||
|
|
||||||
```
|
```
|
||||||
./scripts/slapd.sh
|
cd examples/ldap
|
||||||
|
docker-compose up
|
||||||
```
|
```
|
||||||
|
|
||||||
This script sets the LDAP daemon to debug mode, and is expected to print several error messages which are normal. Once the server is up, run dex.
|
This container is expected to print several warning messages which are normal. Once the server is up, run dex in another terminal.
|
||||||
|
|
||||||
```
|
```
|
||||||
./bin/dex serve examples/config-ldap.yaml
|
./bin/dex serve examples/ldap/config-ldap.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Then run the OAuth client in another terminal.
|
Then run the OAuth client in another terminal.
|
||||||
|
|
17
examples/ldap/docker-compose.yaml
Normal file
17
examples/ldap/docker-compose.yaml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
ldap:
|
||||||
|
image: osixia/openldap:1.4.0
|
||||||
|
# Copying is required because the entrypoint modifies the *.ldif files.
|
||||||
|
# For verbose output, use:
|
||||||
|
#command: ["--copy-service", "--loglevel", "debug"]
|
||||||
|
command: ["--copy-service"]
|
||||||
|
volumes:
|
||||||
|
# https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif
|
||||||
|
# Option 1: Add additional seed file by mounting to /container/service/slapd/assets/config/bootstrap/ldif/custom/
|
||||||
|
# Option 2: Overwrite default seed file by mounting to /container/service/slapd/assets/config/bootstrap/ldif/
|
||||||
|
- ./config-ldap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/config-ldap.ldif
|
||||||
|
ports:
|
||||||
|
- 389:389
|
||||||
|
- 636:636
|
|
@ -1,56 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# Start an OpenLDAP container and populate it with example entries.
|
|
||||||
# https://github.com/dexidp/dex/blob/master/Documentation/connectors/ldap.md
|
|
||||||
#
|
|
||||||
# Usage:
|
|
||||||
# slapd.sh Kill a possibly preexisting "ldap" container, start a new one, and populate the directory.
|
|
||||||
# slapd.sh --keep Same, but keep the container if it is already running.
|
|
||||||
#
|
|
||||||
set -eu
|
|
||||||
cd -- "$(dirname "$0")/.."
|
|
||||||
|
|
||||||
run_cmd() {
|
|
||||||
echo ">" "$@" >&2
|
|
||||||
"$@"
|
|
||||||
}
|
|
||||||
|
|
||||||
keep_running=
|
|
||||||
if [ $# -gt 0 ] && [ "$1" = "--keep" ]; then
|
|
||||||
keep_running=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$keep_running" ] || [ "$(docker inspect --format="{{.State.Running}}" ldap 2> /dev/null)" != "true" ]; then
|
|
||||||
echo "LDAP container not running, or running and --keep not specified."
|
|
||||||
echo "Removing old LDAP container (if any)..."
|
|
||||||
run_cmd docker rm --force ldap || true
|
|
||||||
echo "Starting LDAP container..."
|
|
||||||
# Currently the most popular OpenLDAP image on Docker Hub. Comes with the latest version OpenLDAP 2.4.50.
|
|
||||||
run_cmd docker run -p 389:389 -p 636:636 -v $PWD:$PWD --name ldap --detach osixia/openldap:1.4.0
|
|
||||||
|
|
||||||
tries=1
|
|
||||||
max_tries=10
|
|
||||||
echo "Waiting for LDAP container ($tries/$max_tries)..."
|
|
||||||
# Wait until expected line "structuralObjectClass: organization" shows up.
|
|
||||||
# Seems to work more reliably than waiting for exit code 0. That would be:
|
|
||||||
# while ! docker exec ldap slapcat -b "dc=example,dc=org" > /dev/null 2>&1; do
|
|
||||||
while [[ ! "$(docker exec ldap slapcat -b "dc=example,dc=org" 2>/dev/null)" =~ organization ]]; do
|
|
||||||
((++tries))
|
|
||||||
if [ "$tries" -gt "$max_tries" ]; then
|
|
||||||
echo "ERROR: Timeout waiting for LDAP container."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sleep 1
|
|
||||||
echo "Waiting for LDAP container ($tries/$max_tries)..."
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Adding example entries to directory..."
|
|
||||||
run_cmd docker exec ldap ldapadd \
|
|
||||||
-x \
|
|
||||||
-D "cn=admin,dc=example,dc=org" \
|
|
||||||
-w admin \
|
|
||||||
-H ldap://localhost:389/ \
|
|
||||||
-f $PWD/examples/config-ldap.ldif
|
|
||||||
|
|
||||||
echo "OK."
|
|
Loading…
Reference in a new issue