From 7bb5200cc2277a0567c412dd788a4a69d86c907a Mon Sep 17 00:00:00 2001 From: Misi Date: Tue, 13 Dec 2022 18:20:37 +0100 Subject: [PATCH] Devenv: OpenLDAP-Mac improvements (#60229) * Use groupOfUniqueNames and uniqueMember * Update README.md --- .../docker/blocks/auth/openldap-mac/README.md | 4 +-- .../auth/openldap-mac/docker-compose.yaml | 1 - .../auth/openldap-mac/modules/memberof.ldif | 33 ------------------- .../openldap-mac/prepopulate/3_groups.ldif | 26 +++++++-------- 4 files changed, 15 insertions(+), 49 deletions(-) delete mode 100644 devenv/docker/blocks/auth/openldap-mac/modules/memberof.ldif diff --git a/devenv/docker/blocks/auth/openldap-mac/README.md b/devenv/docker/blocks/auth/openldap-mac/README.md index 19369a0d8e1..62abed345e6 100644 --- a/devenv/docker/blocks/auth/openldap-mac/README.md +++ b/devenv/docker/blocks/auth/openldap-mac/README.md @@ -25,10 +25,10 @@ The following changes are needed at Grafana's configuration file. ```ini [auth.ldap] enabled = true -config_file = conf/ldap_dev.toml +config_file = conf/ldap.toml ``` -The configuration between Grafana and the OpenLDAP container is configured at [./conf/ldap.toml](../../../../conf/ldap.toml). +The default configuration between Grafana and the OpenLDAP container is configured at [../../../../../conf/ldap.toml](../../../../../conf/ldap.toml). ## Available users and groups diff --git a/devenv/docker/blocks/auth/openldap-mac/docker-compose.yaml b/devenv/docker/blocks/auth/openldap-mac/docker-compose.yaml index e913bf2d69c..3412532fd64 100644 --- a/devenv/docker/blocks/auth/openldap-mac/docker-compose.yaml +++ b/devenv/docker/blocks/auth/openldap-mac/docker-compose.yaml @@ -12,4 +12,3 @@ restart: unless-stopped volumes: - ./docker/blocks/auth/openldap-mac/prepopulate/:/tmp/smt/ - - ./docker/blocks/auth/openldap-mac/modules/:/tmp/smt/ diff --git a/devenv/docker/blocks/auth/openldap-mac/modules/memberof.ldif b/devenv/docker/blocks/auth/openldap-mac/modules/memberof.ldif deleted file mode 100644 index fd9cce957c3..00000000000 --- a/devenv/docker/blocks/auth/openldap-mac/modules/memberof.ldif +++ /dev/null @@ -1,33 +0,0 @@ -dn: cn=module,cn=config -cn: module -objectClass: olcModuleList -objectClass: top -olcModulePath: /usr/lib/ldap -olcModuleLoad: memberof.la - -dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config -objectClass: olcConfig -objectClass: olcMemberOf -objectClass: olcOverlayConfig -objectClass: top -olcOverlay: memberof -olcMemberOfDangling: ignore -olcMemberOfRefInt: TRUE -olcMemberOfGroupOC: groupOfNames -olcMemberOfMemberAD: member -olcMemberOfMemberOfAD: memberOf - -dn: cn=module,cn=config -cn: module -objectClass: olcModuleList -objectClass: top -olcModulePath: /usr/lib/ldap -olcModuleLoad: refint.la - -dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config -objectClass: olcConfig -objectClass: olcOverlayConfig -objectClass: olcRefintConfig -objectClass: top -olcOverlay: {1}refint -olcRefintAttribute: memberof member manager owner diff --git a/devenv/docker/blocks/auth/openldap-mac/prepopulate/3_groups.ldif b/devenv/docker/blocks/auth/openldap-mac/prepopulate/3_groups.ldif index 90fcca3f133..cfd3428863e 100644 --- a/devenv/docker/blocks/auth/openldap-mac/prepopulate/3_groups.ldif +++ b/devenv/docker/blocks/auth/openldap-mac/prepopulate/3_groups.ldif @@ -1,28 +1,28 @@ dn: cn=admins,ou=groups,dc=grafana,dc=org cn: admins -objectClass: groupOfNames +objectClass: groupOfUniqueNames objectClass: top -member: cn=ldap-admin,ou=users,dc=grafana,dc=org -member: cn=ldap-torkel,ou=users,dc=grafana,dc=org +uniqueMember: cn=ldap-admin,ou=users,dc=grafana,dc=org +uniqueMember: cn=ldap-torkel,ou=users,dc=grafana,dc=org dn: cn=editors,ou=groups,dc=grafana,dc=org cn: editors -objectClass: groupOfNames -member: cn=ldap-editor,ou=users,dc=grafana,dc=org +objectClass: groupOfUniqueNames +uniqueMember: cn=ldap-editor,ou=users,dc=grafana,dc=org dn: cn=backend,ou=groups,dc=grafana,dc=org cn: backend -objectClass: groupOfNames -member: cn=ldap-carl,ou=users,dc=grafana,dc=org -member: cn=ldap-leo,ou=users,dc=grafana,dc=org -member: cn=ldap-torkel,ou=users,dc=grafana,dc=org +objectClass: groupOfUniqueNames +uniqueMember: cn=ldap-carl,ou=users,dc=grafana,dc=org +uniqueMember: cn=ldap-leo,ou=users,dc=grafana,dc=org +uniqueMember: cn=ldap-torkel,ou=users,dc=grafana,dc=org dn: cn=frontend,ou=groups,dc=grafana,dc=org cn: frontend -objectClass: groupOfNames -member: cn=ldap-torkel,ou=users,dc=grafana,dc=org -member: cn=ldap-daniel,ou=users,dc=grafana,dc=org -member: cn=ldap-leo,ou=users,dc=grafana,dc=org +objectClass: groupOfUniqueNames +uniqueMember: cn=ldap-torkel,ou=users,dc=grafana,dc=org +uniqueMember: cn=ldap-daniel,ou=users,dc=grafana,dc=org +uniqueMember: cn=ldap-leo,ou=users,dc=grafana,dc=org # -- POSIX --