Add missing slapd.sh script from LDAP docs, and convert it to using Docker

Signed-off-by: Martin Heide <martin.heide@faro.com>
2020-07-13 15:33:35 +00:00 · 2020-07-13 15:33:35 +00:00 · ce337661b9
commit ce337661b9
parent 62efe7bf07
4 changed files with 59 additions and 7 deletions
--- a/Documentation/connectors/ldap.md
+++ b/Documentation/connectors/ldap.md
@ -13,7 +13,7 @@ The connector executes two primary queries:
 The dex repo contains a basic LDAP setup using [OpenLDAP][openldap].
-First start the LDAP server using the example script. This will run the OpenLDAP daemon and seed it with an initial set of users.
+First start the LDAP server using the example script. This will run the OpenLDAP daemon in a Docker container, and seed it with an initial set of users.
 ```
 ./scripts/slapd.sh
--- a/examples/config-ldap.ldif
+++ b/examples/config-ldap.ldif
@ -1,8 +1,10 @@
-dn: dc=example,dc=org
+# Already included in default config of Docker image osixia/openldap:1.4.0.
-objectClass: dcObject
+#
-objectClass: organization
+# dn: dc=example,dc=org
-o: Example Company
+# objectClass: dcObject
-dc: example
+# objectClass: organization
 # o: Example Company
 # dc: example
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
--- a/examples/config-ldap.yaml
+++ b/examples/config-ldap.yaml
@ -11,7 +11,7 @@ connectors:
  name: OpenLDAP
  id: ldap
  config:
-    host: localhost:10389
+    host: localhost:389
    # No TLS for this setup.
    insecureNoSSL: true
--- a/scripts/slapd.sh
+++ b/scripts/slapd.sh
@ -0,0 +1,50 @@
 #!/bin/bash
 #
 # Start an OpenLDAP container and populate it with example entries.
 # https://github.com/dexidp/dex/blob/master/Documentation/connectors/ldap.md
 #
 # Usage:
 #   slapd.sh          Kill a possibly preexisting "ldap" container, start a new one, and populate the directory.
 #   slapd.sh --keep   Same, but keep the container if it is already running.
 #
 set -eu
 cd -- "$(dirname "$0")/.."
 keep_running=
 if [ $# -gt 0 ] && [ "$1" = "--keep" ]; then
    keep_running=1
 fi
 if [ -z "$keep_running" ] || [ "$(docker inspect --format="{{.State.Running}}" ldap 2> /dev/null)" != "true" ]; then
    echo "LDAP container not running, or running and --keep not specified."
    echo "Removing old LDAP container (if any)..."
    docker rm --force ldap || true
    echo "Starting LDAP container..."
    # Currently the most popular OpenLDAP image on Docker Hub. Comes with the latest version OpenLDAP 2.4.50.
    docker run -p 389:389 -p 636:636 -v $PWD:$PWD --name ldap --detach osixia/openldap:1.4.0
    tries=1
    max_tries=10
    echo "Waiting for LDAP container ($tries/$max_tries)..."
    # Wait until expected line "structuralObjectClass: organization" shows up.
    # Seems to work more reliably than waiting for exit code 0. That would be:
    #   while ! docker exec ldap slapcat -b "dc=example,dc=org" > /dev/null 2>&1; do
    while [[ ! "$(docker exec ldap slapcat -b "dc=example,dc=org" 2>/dev/null)" =~ organization ]]; do
        ((++tries))
        if [ "$tries" -gt "$max_tries" ]; then
            echo "ERROR: Timeout waiting for LDAP container."
            exit 1
        fi
        sleep 1
        echo "Waiting for LDAP container ($tries/$max_tries)..."
    done
 fi
 echo "Adding example entries to directory..."
 set -x
 docker exec ldap ldapadd \
    -x \
    -D "cn=admin,dc=example,dc=org" \
    -w admin \
    -H ldap://localhost:389/ \
    -f $PWD/examples/config-ldap.ldif