Update open ldap for macos (#53819)

* Add new OpenLDAP Docker block for macOS * Add preconfigured users, groups and modules * Add README
2025-02-25 18:55:37 -06:00 · 2022-08-18 12:31:19 +02:00 · 2022-08-18 12:31:19 +02:00 · 52904151f1
commit 52904151f1
parent 4ff4aaab23
6 changed files with 264 additions and 0 deletions
--- a/devenv/docker/blocks/openldap-mac/README.md
+++ b/devenv/docker/blocks/openldap-mac/README.md
@ -0,0 +1,56 @@
 # OpenLDAP for MacOS Docker Block
 This Docker block is an updated version from [OpenLDAP](../openldap/) block. This Docker block uses `osixia/openldap` image. The original Docker block was based of `debian:jessie` which is not available for Apple's ARM chip. 
 ## Deployment
 First build and deploy the `openldap` container.
 ```bash
 make devenv sources=openldap-mac
 ```
 ### Exposed ports
 The container will expose port `389` and `636`.
 ### Background services
 The `osixia/openldap` container will update the database with any `*.ldif` file changes inside `./prepopulate` and the `./modules` folder. Remember to rebuild the `devenv` to apply any changes.
 ## Grafana configuration changes
 The following changes are needed at Grafana's configuration file.
 ```ini
 [auth.ldap]
 enabled = true
 config_file = conf/ldap_dev.toml
 ```
 The configuration between Grafana and the OpenLDAP container is configured at [./conf/ldap.toml](../../../../conf/ldap.toml).
 ## Available users and groups
 - admins
  - ldap-admin
  - ldap-torkel
 - backend
  - ldap-carl
  - ldap-torkel
  - ldap-leo
 - frontend
  - ldap-torkel
  - ldap-tobias
  - ldap-daniel
 - editors
  - ldap-editors
 - no groups
  - ldap-viewer
 ## Groups & Users (POSIX)
 - admins
  - ldap-posix-admin
 - no groups
  - ldap-posix
--- a/devenv/docker/blocks/openldap-mac/docker-compose.yaml
+++ b/devenv/docker/blocks/openldap-mac/docker-compose.yaml
@ -0,0 +1,15 @@
  openldap-mac:
    container_name: ldap
    image: osixia/openldap
    environment:
      LDAP_ORGANISATION: grafana
      LDAP_DOMAIN: grafana.org
      LDAP_ADMIN_PASSWORD: grafana
      LDAP_SEED_INTERNAL_LDIF_PATH: /tmp/smt/
    ports:
      - 389:389
      - 636:636
    restart: unless-stopped
    volumes:
      - ./docker/blocks/openldap-mac/prepopulate/:/tmp/smt/
      - ./docker/blocks/openldap-mac/modules/:/tmp/smt/
--- a/devenv/docker/blocks/openldap-mac/modules/memberof.ldif
+++ b/devenv/docker/blocks/openldap-mac/modules/memberof.ldif
@ -0,0 +1,33 @@
 dn: cn=module,cn=config
 cn: module
 objectClass: olcModuleList
 objectClass: top
 olcModulePath: /usr/lib/ldap
 olcModuleLoad: memberof.la
 dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcMemberOf
 objectClass: olcOverlayConfig
 objectClass: top
 olcOverlay: memberof
 olcMemberOfDangling: ignore
 olcMemberOfRefInt: TRUE
 olcMemberOfGroupOC: groupOfNames
 olcMemberOfMemberAD: member
 olcMemberOfMemberOfAD: memberOf
 dn: cn=module,cn=config
 cn: module
 objectClass: olcModuleList
 objectClass: top
 olcModulePath: /usr/lib/ldap
 olcModuleLoad: refint.la
 dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
 objectClass: olcConfig
 objectClass: olcOverlayConfig
 objectClass: olcRefintConfig
 objectClass: top
 olcOverlay: {1}refint
 olcRefintAttribute: memberof member manager owner
--- a/devenv/docker/blocks/openldap-mac/prepopulate/1_units.ldif
+++ b/devenv/docker/blocks/openldap-mac/prepopulate/1_units.ldif
@ -0,0 +1,9 @@
 dn: ou=groups,dc=grafana,dc=org
 ou: Groups
 objectclass: top
 objectclass: organizationalUnit
 dn: ou=users,dc=grafana,dc=org
 ou: Users
 objectclass: top
 objectclass: organizationalUnit
--- a/devenv/docker/blocks/openldap-mac/prepopulate/2_users.ldif
+++ b/devenv/docker/blocks/openldap-mac/prepopulate/2_users.ldif
@ -0,0 +1,108 @@
 # ldap-admin
 dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
 mail: ldap-admin@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-admin
 cn: ldap-admin
 dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
 mail: ldap-editor@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-editor
 cn: ldap-editor
 dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
 mail: ldap-viewer@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-viewer
 cn: ldap-viewer
 dn: cn=ldap-carl,ou=users,dc=grafana,dc=org
 mail: ldap-carl@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-carl
 cn: ldap-carl
 dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org
 mail: ldap-daniel@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-daniel
 cn: ldap-daniel
 dn: cn=ldap-leo,ou=users,dc=grafana,dc=org
 mail: ldap-leo@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-leo
 cn: ldap-leo
 dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org
 mail: ldap-tobias@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-tobias
 cn: ldap-tobias
 dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org
 mail: ldap-torkel@grafana.com
 userPassword: grafana
 objectClass: person
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 sn: ldap-torkel
 cn: ldap-torkel
 # admin for posix group (without support for memberOf attribute)
 dn: uid=ldap-posix-admin,ou=users,dc=grafana,dc=org
 mail: ldap-posix-admin@grafana.com
 userPassword: grafana
 objectclass: top
 objectclass: posixAccount
 objectclass: inetOrgPerson
 homedirectory: /home/ldap-posix-admin
 sn: ldap-posix-admin
 cn: ldap-posix-admin
 uid: ldap-posix-admin
 uidnumber: 1
 gidnumber: 1
 # user for posix group (without support for memberOf attribute)
 dn: uid=ldap-posix,ou=users,dc=grafana,dc=org
 mail: ldap-posix@grafana.com
 userPassword: grafana
 objectclass: top
 objectclass: posixAccount
 objectclass: inetOrgPerson
 homedirectory: /home/ldap-posix
 sn: ldap-posix
 cn: ldap-posix
 uid: ldap-posix
 uidnumber: 2
 gidnumber: 2
--- a/devenv/docker/blocks/openldap-mac/prepopulate/3_groups.ldif
+++ b/devenv/docker/blocks/openldap-mac/prepopulate/3_groups.ldif
@ -0,0 +1,43 @@
 dn: cn=admins,ou=groups,dc=grafana,dc=org
 cn: admins
 objectClass: groupOfNames
 objectClass: top
 member: cn=ldap-admin,ou=users,dc=grafana,dc=org
 member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
 dn: cn=editors,ou=groups,dc=grafana,dc=org
 cn: editors
 objectClass: groupOfNames
 member: cn=ldap-editor,ou=users,dc=grafana,dc=org
 dn: cn=backend,ou=groups,dc=grafana,dc=org
 cn: backend
 objectClass: groupOfNames
 member: cn=ldap-carl,ou=users,dc=grafana,dc=org
 member: cn=ldap-leo,ou=users,dc=grafana,dc=org
 member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
 dn: cn=frontend,ou=groups,dc=grafana,dc=org
 cn: frontend
 objectClass: groupOfNames
 member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
 member: cn=ldap-daniel,ou=users,dc=grafana,dc=org
 member: cn=ldap-leo,ou=users,dc=grafana,dc=org
 # -- POSIX --
 # posix admin group (without support for memberOf attribute)
 dn: cn=posix-admins,ou=groups,dc=grafana,dc=org
 cn: admins
 objectClass: top
 objectClass: posixGroup
 gidNumber: 1
 memberUid: ldap-posix-admin
 # posix group (without support for memberOf attribute)
 dn: cn=posix,ou=groups,dc=grafana,dc=org
 cn: viewers
 objectClass: top
 objectClass: posixGroup
 gidNumber: 2
 memberUid: ldap-posix