diff --git a/docker/blocks/openldap/Dockerfile b/docker/blocks/openldap/Dockerfile index c9b928ad56a..76172e133a4 100644 --- a/docker/blocks/openldap/Dockerfile +++ b/docker/blocks/openldap/Dockerfile @@ -8,7 +8,8 @@ ENV OPENLDAP_VERSION 2.4.40 RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ - slapd=${OPENLDAP_VERSION}* && \ + slapd=${OPENLDAP_VERSION}* \ + ldap-utils && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* @@ -22,6 +23,7 @@ COPY modules/ /etc/ldap.dist/modules COPY prepopulate/ /etc/ldap.dist/prepopulate COPY entrypoint.sh /entrypoint.sh +COPY prepopulate.sh /prepopulate.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker/blocks/openldap/entrypoint.sh b/docker/blocks/openldap/entrypoint.sh index 2f383355907..d202ed14b31 100755 --- a/docker/blocks/openldap/entrypoint.sh +++ b/docker/blocks/openldap/entrypoint.sh @@ -76,21 +76,14 @@ EOF IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS for module in "${modules[@]}"; do - slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1 + echo "Adding module ${module}" + slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1 done fi - for file in `ls /etc/ldap/prepopulate/units/*.ldif`; do - slapadd -F /etc/ldap/slapd.d -l "$file" - done - - for file in `ls /etc/ldap/prepopulate/groups/*.ldif`; do - slapadd -F /etc/ldap/slapd.d -l "$file" - done - - for file in `ls /etc/ldap/prepopulate/users/*.ldif`; do - slapadd -F /etc/ldap/slapd.d -l "$file" - done + # This needs to run in background + # Will prepopulate entries after ldap daemon has started + ./prepopulate.sh & chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/ else diff --git a/docker/blocks/openldap/notes.md b/docker/blocks/openldap/notes.md index 483266f0d88..8de23d5ccf2 100644 --- a/docker/blocks/openldap/notes.md +++ b/docker/blocks/openldap/notes.md @@ -1,6 +1,6 @@ # Notes on OpenLdap Docker Block -Any ldif files added to the prepopulate subdirectory will be automatically imported into the OpenLdap database. +Any ldif files added to the prepopulate subdirectory will be automatically imported into the OpenLdap database. The ldif files add three users, `ldapviewer`, `ldapeditor` and `ldapadmin`. Two groups, `admins` and `users`, are added that correspond with the group mappings in the default conf/ldap.toml. `ldapadmin` is a member of `admins` and `ldapeditor` is a member of `users`. @@ -22,3 +22,27 @@ enabled = true config_file = conf/ldap.toml ; allow_sign_up = true ``` + +Test groups & users + +admins + ldap-admin + ldap-torkel + ldap-daniel +backend + ldap-carl + ldap-torkel + ldap-leo +frontend + ldap-torkel + ldap-tobias + ldap-daniel +editors + ldap-editors + + +no groups + ldap-viewer + + + diff --git a/docker/blocks/openldap/prepopulate.sh b/docker/blocks/openldap/prepopulate.sh new file mode 100755 index 00000000000..aa11f8aba4f --- /dev/null +++ b/docker/blocks/openldap/prepopulate.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +echo "Pre-populating ldap entries, first waiting for ldap to start" + +sleep 3 + +adminUserDn="cn=admin,dc=grafana,dc=org" +adminPassword="grafana" + +for file in `ls /etc/ldap/prepopulate/*.ldif`; do + ldapadd -x -D $adminUserDn -w $adminPassword -f "$file" +done + + diff --git a/docker/blocks/openldap/prepopulate/1_units.ldif b/docker/blocks/openldap/prepopulate/1_units.ldif new file mode 100644 index 00000000000..22e06303688 --- /dev/null +++ b/docker/blocks/openldap/prepopulate/1_units.ldif @@ -0,0 +1,9 @@ +dn: ou=groups,dc=grafana,dc=org +ou: Groups +objectclass: top +objectclass: organizationalUnit + +dn: ou=users,dc=grafana,dc=org +ou: Users +objectclass: top +objectclass: organizationalUnit diff --git a/docker/blocks/openldap/prepopulate/2_users.ldif b/docker/blocks/openldap/prepopulate/2_users.ldif new file mode 100644 index 00000000000..52e74b1e4b1 --- /dev/null +++ b/docker/blocks/openldap/prepopulate/2_users.ldif @@ -0,0 +1,80 @@ +# ldap-admin +dn: cn=ldap-admin,ou=users,dc=grafana,dc=org +mail: ldap-admin@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-admin +cn: ldap-admin + +dn: cn=ldap-editor,ou=users,dc=grafana,dc=org +mail: ldap-editor@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-editor +cn: ldap-editor + +dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org +mail: ldap-viewer@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-viewer +cn: ldap-viewer + +dn: cn=ldap-carl,ou=users,dc=grafana,dc=org +mail: ldap-carl@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-carl +cn: ldap-carl + +dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org +mail: ldap-daniel@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-daniel +cn: ldap-daniel + +dn: cn=ldap-leo,ou=users,dc=grafana,dc=org +mail: ldap-leo@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-leo +cn: ldap-leo + +dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org +mail: ldap-tobias@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-tobias +cn: ldap-tobias + +dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org +mail: ldap-torkel@grafana.com +userPassword: grafana +objectClass: person +objectClass: top +objectClass: inetOrgPerson +objectClass: organizationalPerson +sn: ldap-torkel +cn: ldap-torkel diff --git a/docker/blocks/openldap/prepopulate/3_groups.ldif b/docker/blocks/openldap/prepopulate/3_groups.ldif new file mode 100644 index 00000000000..8638a089cc8 --- /dev/null +++ b/docker/blocks/openldap/prepopulate/3_groups.ldif @@ -0,0 +1,25 @@ +dn: cn=admins,ou=groups,dc=grafana,dc=org +cn: admins +objectClass: groupOfNames +objectClass: top +member: cn=ldap-admin,ou=users,dc=grafana,dc=org +member: cn=ldap-torkel,ou=users,dc=grafana,dc=org + +dn: cn=editors,ou=groups,dc=grafana,dc=org +cn: editors +objectClass: groupOfNames +member: cn=ldap-editor,ou=users,dc=grafana,dc=org + +dn: cn=backend,ou=groups,dc=grafana,dc=org +cn: backend +objectClass: groupOfNames +member: cn=ldap-carl,ou=users,dc=grafana,dc=org +member: cn=ldap-leo,ou=users,dc=grafana,dc=org +member: cn=ldap-torkel,ou=users,dc=grafana,dc=org + +dn: cn=frontend,ou=groups,dc=grafana,dc=org +cn: frontend +objectClass: groupOfNames +member: cn=ldap-torkel,ou=users,dc=grafana,dc=org +member: cn=ldap-daniel,ou=users,dc=grafana,dc=org +member: cn=ldap-leo,ou=users,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/groups/admins.ldif b/docker/blocks/openldap/prepopulate/groups/admins.ldif deleted file mode 100644 index 50d3a0ea4a8..00000000000 --- a/docker/blocks/openldap/prepopulate/groups/admins.ldif +++ /dev/null @@ -1,5 +0,0 @@ -dn: cn=admins,ou=groups,dc=grafana,dc=org -cn: admins -objectClass: groupOfNames -objectClass: top -member: cn=ldap-admin,ou=users,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/groups/backend.ldif b/docker/blocks/openldap/prepopulate/groups/backend.ldif deleted file mode 100644 index 09a661adea0..00000000000 --- a/docker/blocks/openldap/prepopulate/groups/backend.ldif +++ /dev/null @@ -1,5 +0,0 @@ -dn: cn=backend,ou=groups,dc=grafana,dc=org -cn: backend -objectClass: groupOfNames -objectClass: top -member: cn=ldap-editor,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/groups/editor.ldif b/docker/blocks/openldap/prepopulate/groups/editor.ldif deleted file mode 100644 index 331ecc94141..00000000000 --- a/docker/blocks/openldap/prepopulate/groups/editor.ldif +++ /dev/null @@ -1,5 +0,0 @@ -dn: cn=editors,ou=groups,dc=grafana,dc=org -cn: editors -objectClass: groupOfNames -objectClass: top -member: cn=ldap-editor,ou=users,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/groups/frontend.ldif b/docker/blocks/openldap/prepopulate/groups/frontend.ldif deleted file mode 100644 index c410b96c7ad..00000000000 --- a/docker/blocks/openldap/prepopulate/groups/frontend.ldif +++ /dev/null @@ -1,5 +0,0 @@ -dn: cn=frontend,ou=groups,dc=grafana,dc=org -cn: frontend -objectClass: groupOfNames -objectClass: top -member: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/units/groups.ldif b/docker/blocks/openldap/prepopulate/units/groups.ldif deleted file mode 100644 index 64e21ad744f..00000000000 --- a/docker/blocks/openldap/prepopulate/units/groups.ldif +++ /dev/null @@ -1,3 +0,0 @@ -dn: ou=groups,dc=grafana,dc=org -objectclass: top -objectclass: organizationalUnit diff --git a/docker/blocks/openldap/prepopulate/units/users.ldif b/docker/blocks/openldap/prepopulate/units/users.ldif deleted file mode 100644 index 76fc50dd299..00000000000 --- a/docker/blocks/openldap/prepopulate/units/users.ldif +++ /dev/null @@ -1,3 +0,0 @@ -dn: ou=users,dc=grafana,dc=org -objectclass: top -objectclass: organizationalUnit diff --git a/docker/blocks/openldap/prepopulate/users/ldap-admin.ldif b/docker/blocks/openldap/prepopulate/users/ldap-admin.ldif deleted file mode 100644 index 1704a15c3db..00000000000 --- a/docker/blocks/openldap/prepopulate/users/ldap-admin.ldif +++ /dev/null @@ -1,11 +0,0 @@ -dn: cn=ldap-admin,ou=users,dc=grafana,dc=org -mail: ldap-admin@grafana.com -userPassword: grafana -objectClass: person -objectClass: top -objectClass: inetOrgPerson -objectClass: organizationalPerson -sn: ldap-admin -cn: ldap-admin -memberOf: cn=admins,ou=groups,dc=grafana,dc=org -memberOf: cn=editors,ou=groups,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/users/ldap-editor.ldif b/docker/blocks/openldap/prepopulate/users/ldap-editor.ldif deleted file mode 100644 index d0de99f8c16..00000000000 --- a/docker/blocks/openldap/prepopulate/users/ldap-editor.ldif +++ /dev/null @@ -1,10 +0,0 @@ -dn: cn=ldap-editor,ou=users,dc=grafana,dc=org -mail: ldap-editor@grafana.com -userPassword: grafana -objectClass: person -objectClass: top -objectClass: inetOrgPerson -objectClass: organizationalPerson -sn: ldap-editor -cn: ldap-editor -memberOf: cn=editors,ou=groups,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/users/ldap-frontend-1.ldif b/docker/blocks/openldap/prepopulate/users/ldap-frontend-1.ldif deleted file mode 100644 index f5ebe0b41c4..00000000000 --- a/docker/blocks/openldap/prepopulate/users/ldap-frontend-1.ldif +++ /dev/null @@ -1,10 +0,0 @@ -dn: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org -mail: ldap-frontend-1@grafana.com -userPassword: grafana -objectClass: person -objectClass: top -objectClass: inetOrgPerson -objectClass: organizationalPerson -sn: ldap-frontend-1 -cn: ldap-frontend-1 -memberOf: cn=frontend,ou=groups,dc=grafana,dc=org diff --git a/docker/blocks/openldap/prepopulate/users/ldap-viewer.ldif b/docker/blocks/openldap/prepopulate/users/ldap-viewer.ldif deleted file mode 100644 index 07066355a13..00000000000 --- a/docker/blocks/openldap/prepopulate/users/ldap-viewer.ldif +++ /dev/null @@ -1,9 +0,0 @@ -dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org -mail: ldap-viewer@grafana.com -userPassword: grafana -objectClass: person -objectClass: top -objectClass: inetOrgPerson -objectClass: organizationalPerson -sn: ldap-viewer -cn: ldap-viewer diff --git a/pkg/login/ext_user.go b/pkg/login/ext_user.go index d2f1aa1ff52..d6eaf9a975e 100644 --- a/pkg/login/ext_user.go +++ b/pkg/login/ext_user.go @@ -21,6 +21,7 @@ func UpsertUser(cmd *m.UpsertUserCommand) error { Email: extUser.Email, Login: extUser.Login, } + err := bus.Dispatch(userQuery) if err != m.ErrUserNotFound && err != nil { return err @@ -90,6 +91,7 @@ func createUser(extUser *m.ExternalUserInfo) (*m.User, error) { Name: extUser.Name, SkipOrgSetup: len(extUser.OrgRoles) > 0, } + if err := bus.Dispatch(cmd); err != nil { return nil, err }