From 4642f2639174ce1e01baaf273e589b832c0aa61b Mon Sep 17 00:00:00 2001 From: fpotier Date: Wed, 29 May 2024 13:50:09 +0200 Subject: [PATCH] Add LDAP container --- services/backend/services/ldap/.compose.yaml | 1 + services/backend/services/ldap/README.md | 17 +++++++++++++++++ services/backend/services/ldap/compose.yaml | 13 +++++++++++++ services/backend/services/ldap/config/.env | 4 ++++ .../ldap/config/ldifs/01-bootstrap.ldif | 11 +++++++++++ .../services/ldap/config/ldifs/02-users.ldif | 12 ++++++++++++ 6 files changed, 58 insertions(+) create mode 100644 services/backend/services/ldap/.compose.yaml create mode 100644 services/backend/services/ldap/README.md create mode 100644 services/backend/services/ldap/compose.yaml create mode 100644 services/backend/services/ldap/config/.env create mode 100644 services/backend/services/ldap/config/ldifs/01-bootstrap.ldif create mode 100644 services/backend/services/ldap/config/ldifs/02-users.ldif diff --git a/services/backend/services/ldap/.compose.yaml b/services/backend/services/ldap/.compose.yaml new file mode 100644 index 00000000..1d826e5c --- /dev/null +++ b/services/backend/services/ldap/.compose.yaml @@ -0,0 +1 @@ +## empty file used when override configs are not enabled diff --git a/services/backend/services/ldap/README.md b/services/backend/services/ldap/README.md new file mode 100644 index 00000000..e6579517 --- /dev/null +++ b/services/backend/services/ldap/README.md @@ -0,0 +1,17 @@ +# LDAP (OpenLDAP) + +LDAP (Lightweight Directory Access Protocol) is a protocol used to access and manage directory information such as user credentials. +SciCat can use LDAP as third-party authentication provider. + +## Configuration options + +The OpenLDAP configuration is set by the [.env file](./config/.env). + +For an extensive list of available options see [here](https://hub.docker.com/r/bitnami/openldap). + +## Default configuration +The default configuration [.env file](./config/.env) creates the `dc=facility` domain with the following user: + +| Username | Password | +| --------- | -------- | +| ldap-user | password | diff --git a/services/backend/services/ldap/compose.yaml b/services/backend/services/ldap/compose.yaml new file mode 100644 index 00000000..2e617840 --- /dev/null +++ b/services/backend/services/ldap/compose.yaml @@ -0,0 +1,13 @@ +services: + ldap: + image: bitnami/openldap:2.6 + volumes: + - ./config/ldifs:/ldifs:ro + env_file: + - ./config/.env + healthcheck: + test: ldapwhoami -H ldap://ldap:389 -D 'cn=admin,dc=facility' -w 'admin' + start_period: 5s + interval: 10s + timeout: 10s + retries: 5 diff --git a/services/backend/services/ldap/config/.env b/services/backend/services/ldap/config/.env new file mode 100644 index 00000000..85b5fce1 --- /dev/null +++ b/services/backend/services/ldap/config/.env @@ -0,0 +1,4 @@ +LDAP_ADMIN_USERNAME=admin +LDAP_ADMIN_PASSWORD=admin +LDAP_PORT_NUMBER=389 +LDAP_ROOT=dc=facility diff --git a/services/backend/services/ldap/config/ldifs/01-bootstrap.ldif b/services/backend/services/ldap/config/ldifs/01-bootstrap.ldif new file mode 100644 index 00000000..c728ee63 --- /dev/null +++ b/services/backend/services/ldap/config/ldifs/01-bootstrap.ldif @@ -0,0 +1,11 @@ +dn: dc=facility +objectClass: top +objectClass: dcObject +objectClass: organization +o: My Organization +dc: facility + +dn: ou=users,dc=facility +objectClass: top +objectClass: organizationalUnit +ou: users diff --git a/services/backend/services/ldap/config/ldifs/02-users.ldif b/services/backend/services/ldap/config/ldifs/02-users.ldif new file mode 100644 index 00000000..050ec8f1 --- /dev/null +++ b/services/backend/services/ldap/config/ldifs/02-users.ldif @@ -0,0 +1,12 @@ +dn: uid=ldap-user,ou=users,dc=facility +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: ldap-user +cn: LDAP user +displayName: ldap-user +sn: LDAP +givenName: User +mail: ldap-user@facility.com +userPassword: password