IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

devenv: open ldap docker block now prepopulating data with correct member groups

Browse Source
This commit is contained in:
Torkel Ödegaard 2018-07-03 12:57:48 +02:00
parent 1586a42a71
commit 1f97df46c1
18 changed files with 163 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker/blocks/openldap/Dockerfile
View File

@ -8,7 +8,8 @@ ENV OPENLDAP_VERSION 2.4.40
RUN apt-get update && \ RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
slapd=${OPENLDAP_VERSION}* && \ slapd=${OPENLDAP_VERSION}* \
ldap-utils && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
@ -22,6 +23,7 @@ COPY modules/ /etc/ldap.dist/modules
COPY prepopulate/ /etc/ldap.dist/prepopulate COPY prepopulate/ /etc/ldap.dist/prepopulate
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
COPY prepopulate.sh /prepopulate.sh
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

15
docker/blocks/openldap/entrypoint.sh
View File

@ -76,21 +76,14 @@ EOF
IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS
for module in "${modules[@]}"; do for module in "${modules[@]}"; do
echo "Adding module ${module}"
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1 slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1
done done
fi fi
for file in `ls /etc/ldap/prepopulate/units/*.ldif`; do # This needs to run in background
slapadd -F /etc/ldap/slapd.d -l "$file" # Will prepopulate entries after ldap daemon has started
done ./prepopulate.sh &
for file in `ls /etc/ldap/prepopulate/groups/*.ldif`; do
slapadd -F /etc/ldap/slapd.d -l "$file"
done
for file in `ls /etc/ldap/prepopulate/users/*.ldif`; do
slapadd -F /etc/ldap/slapd.d -l "$file"
done
chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/ chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/
else else

24
docker/blocks/openldap/notes.md
View File

@ -22,3 +22,27 @@ enabled = true
config_file = conf/ldap.toml config_file = conf/ldap.toml
; allow_sign_up = true ; allow_sign_up = true
``` ```
Test groups & users
admins
ldap-admin
ldap-torkel
ldap-daniel
backend
ldap-carl
ldap-torkel
ldap-leo
frontend
ldap-torkel
ldap-tobias
ldap-daniel
editors
ldap-editors
no groups
ldap-viewer

14
docker/blocks/openldap/prepopulate.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
echo "Pre-populating ldap entries, first waiting for ldap to start"
sleep 3
adminUserDn="cn=admin,dc=grafana,dc=org"
adminPassword="grafana"
for file in `ls /etc/ldap/prepopulate/*.ldif`; do
ldapadd -x -D $adminUserDn -w $adminPassword -f "$file"
done

9
docker/blocks/openldap/prepopulate/1_units.ldif Normal file
View File

@ -0,0 +1,9 @@
dn: ou=groups,dc=grafana,dc=org
ou: Groups
objectclass: top
objectclass: organizationalUnit
dn: ou=users,dc=grafana,dc=org
ou: Users
objectclass: top
objectclass: organizationalUnit

80
docker/blocks/openldap/prepopulate/2_users.ldif Normal file
View File

@ -0,0 +1,80 @@
# ldap-admin
dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
mail: ldap-admin@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-admin
cn: ldap-admin
dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
mail: ldap-editor@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-editor
cn: ldap-editor
dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
mail: ldap-viewer@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-viewer
cn: ldap-viewer
dn: cn=ldap-carl,ou=users,dc=grafana,dc=org
mail: ldap-carl@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-carl
cn: ldap-carl
dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org
mail: ldap-daniel@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-daniel
cn: ldap-daniel
dn: cn=ldap-leo,ou=users,dc=grafana,dc=org
mail: ldap-leo@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-leo
cn: ldap-leo
dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org
mail: ldap-tobias@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-tobias
cn: ldap-tobias
dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org
mail: ldap-torkel@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-torkel
cn: ldap-torkel

25
docker/blocks/openldap/prepopulate/3_groups.ldif Normal file
View File

@ -0,0 +1,25 @@
dn: cn=admins,ou=groups,dc=grafana,dc=org
cn: admins
objectClass: groupOfNames
objectClass: top
member: cn=ldap-admin,ou=users,dc=grafana,dc=org
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
dn: cn=editors,ou=groups,dc=grafana,dc=org
cn: editors
objectClass: groupOfNames
member: cn=ldap-editor,ou=users,dc=grafana,dc=org
dn: cn=backend,ou=groups,dc=grafana,dc=org
cn: backend
objectClass: groupOfNames
member: cn=ldap-carl,ou=users,dc=grafana,dc=org
member: cn=ldap-leo,ou=users,dc=grafana,dc=org
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
dn: cn=frontend,ou=groups,dc=grafana,dc=org
cn: frontend
objectClass: groupOfNames
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
member: cn=ldap-daniel,ou=users,dc=grafana,dc=org
member: cn=ldap-leo,ou=users,dc=grafana,dc=org

5
docker/blocks/openldap/prepopulate/groups/admins.ldif
View File

@ -1,5 +0,0 @@
dn: cn=admins,ou=groups,dc=grafana,dc=org
cn: admins
objectClass: groupOfNames
objectClass: top
member: cn=ldap-admin,ou=users,dc=grafana,dc=org

5
docker/blocks/openldap/prepopulate/groups/backend.ldif
View File

@ -1,5 +0,0 @@
dn: cn=backend,ou=groups,dc=grafana,dc=org
cn: backend
objectClass: groupOfNames
objectClass: top
member: cn=ldap-editor,dc=grafana,dc=org

5
docker/blocks/openldap/prepopulate/groups/editor.ldif
View File

@ -1,5 +0,0 @@
dn: cn=editors,ou=groups,dc=grafana,dc=org
cn: editors
objectClass: groupOfNames
objectClass: top
member: cn=ldap-editor,ou=users,dc=grafana,dc=org

5
docker/blocks/openldap/prepopulate/groups/frontend.ldif
View File

@ -1,5 +0,0 @@
dn: cn=frontend,ou=groups,dc=grafana,dc=org
cn: frontend
objectClass: groupOfNames
objectClass: top
member: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org

3
docker/blocks/openldap/prepopulate/units/groups.ldif
View File

@ -1,3 +0,0 @@
dn: ou=groups,dc=grafana,dc=org
objectclass: top
objectclass: organizationalUnit

3
docker/blocks/openldap/prepopulate/units/users.ldif
View File

@ -1,3 +0,0 @@
dn: ou=users,dc=grafana,dc=org
objectclass: top
objectclass: organizationalUnit

11
docker/blocks/openldap/prepopulate/users/ldap-admin.ldif
View File

@ -1,11 +0,0 @@
dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
mail: ldap-admin@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-admin
cn: ldap-admin
memberOf: cn=admins,ou=groups,dc=grafana,dc=org
memberOf: cn=editors,ou=groups,dc=grafana,dc=org

10
docker/blocks/openldap/prepopulate/users/ldap-editor.ldif
View File

@ -1,10 +0,0 @@
dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
mail: ldap-editor@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-editor
cn: ldap-editor
memberOf: cn=editors,ou=groups,dc=grafana,dc=org

10
docker/blocks/openldap/prepopulate/users/ldap-frontend-1.ldif
View File

@ -1,10 +0,0 @@
dn: cn=ldap-frontend-1,ou=users,dc=grafana,dc=org
mail: ldap-frontend-1@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-frontend-1
cn: ldap-frontend-1
memberOf: cn=frontend,ou=groups,dc=grafana,dc=org

9
docker/blocks/openldap/prepopulate/users/ldap-viewer.ldif
View File

@ -1,9 +0,0 @@
dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
mail: ldap-viewer@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-viewer
cn: ldap-viewer

2
pkg/login/ext_user.go
View File

@ -21,6 +21,7 @@ func UpsertUser(cmd *m.UpsertUserCommand) error {
Email: extUser.Email, Email: extUser.Email,
Login: extUser.Login, Login: extUser.Login,
} }
err := bus.Dispatch(userQuery) err := bus.Dispatch(userQuery)
if err != m.ErrUserNotFound && err != nil { if err != m.ErrUserNotFound && err != nil {
return err return err
@ -90,6 +91,7 @@ func createUser(extUser *m.ExternalUserInfo) (*m.User, error) {
Name: extUser.Name, Name: extUser.Name,
SkipOrgSetup: len(extUser.OrgRoles) > 0, SkipOrgSetup: len(extUser.OrgRoles) > 0,
} }
if err := bus.Dispatch(cmd); err != nil { if err := bus.Dispatch(cmd); err != nil {
return nil, err return nil, err
} }