From 22f43c6f1c687a1bb279e538229fd9d7e864dfa9 Mon Sep 17 00:00:00 2001
From: Luca Rullo <luca@audio-lab.org>
Date: Wed, 14 Dec 2022 21:57:05 +0100
Subject: [PATCH] Add: PHP Ldap ADMIN && Basic LDIF

---
 .gitigonore                |  1 +
 Dockerfile                 | 39 ++++++++++++++++++++++++++++++++++++--
 docker-compose.yml         | 25 +++++++++++++++++++++++-
 entrypoint.sh              |  7 +++++++
 env.sample                 |  2 ++
 phpldapadmin/Dockerfile    | 29 ++++++++++++++++++++++++++++
 phpldapadmin/entrypoint.sh |  7 +++++++
 schema/nextcloud.ldif      | 16 ++++++++++++++++
 slapd.sh                   | 15 +++++++--------
 9 files changed, 130 insertions(+), 11 deletions(-)
 create mode 100644 .gitigonore
 create mode 100755 entrypoint.sh
 create mode 100644 phpldapadmin/Dockerfile
 create mode 100755 phpldapadmin/entrypoint.sh
 create mode 100644 schema/nextcloud.ldif

diff --git a/.gitigonore b/.gitigonore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/.gitigonore
@@ -0,0 +1 @@
+.env
diff --git a/Dockerfile b/Dockerfile
index 19ea029..c9698f3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,19 +3,54 @@ FROM debian:stable-slim
 ARG LDAP_ADMIN_PASSWORD
 ARG LDAP_DOMAIN
 ARG LDAP_ORGANISATION
+ARG LDAP_USER
+ARG LDAP_GROUP
 
 ENV LDAP_ADMIN_PASSWORD $LDAP_ADMIN_PASSWORD
 ENV LDAP_ORGANISATION $LDAP_ORGANISATION
 ENV LDAP_DOMAIN $LDAP_DOMAIN
+ENV LDAP_USER $LDAP_USER
+ENV LDAP_GROUP $LDAP_GROUP
 
 RUN apt-get update -y && apt dist-upgrade -y
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
 
-EXPOSE 389
+RUN usermod -u ${LDAP_USER} openldap && \
+    groupmod -g ${LDAP_GROUP} openldap
 
 ADD slapd.sh /opt/slapd
+RUN /opt/slapd
+
+RUN slapcat -n 0 \
+    |sed 's/cn: config/cn: config\nolcPasswordHash: {CRYPT}\nolcPasswordCryptSaltFormat: $6$%.16s/' \
+    |sed 's/cn: module{0}/cn: module{0}\nolcModuleLoad: {0}lastbind/' > /tmp/config.ldif && \
+    rm -rf /etc/ldap/slapd.d/* && \
+    slapadd -n 0 -F /etc/ldap/slapd.d/ -l /tmp/config.ldif && \
+    rm /tmp/config.ldif
+
+RUN echo "dn: olcOverlay={0}lastbind, olcDatabase={1}mdb,cn=config\nobjectClass: olcLastBindConfig\nolcOverlay: {0}lastbind" \
+    | slapadd -n 0
+
+
+COPY ./schema/*.ldif ./schema/*.schema /etc/ldap/schema/
+
+RUN slapadd -l /etc/ldap/schema/nextcloud.ldif
+
+RUN chmod -R o+rw /etc/ldap/slapd.d/ && \
+    chmod -R o+rwx /etc/ldap/slapd.d/cn=config/ && \
+    chmod -R o+rwx /etc/ldap/slapd.d/cn=config/cn=schema/ && \
+    chmod -R o+rw /var/run/slapd/
 
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-CMD /opt/slapd
+ADD entrypoint.sh /entrypoint.sh
+
+#VOLUME ["/var/lib/ldap"]
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+EXPOSE 389
+
+CMD ["/usr/sbin/slapd","-h", "ldap:///","-d","4"]
+
diff --git a/docker-compose.yml b/docker-compose.yml
index c0eb379..cf4e8dd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,24 @@
 version: "2.4"
 
 services:
+  admin:
+    image: registry.audio-lab.org/ldapphpadmin
+    restart: always
+    links:
+      - ldap
+    ports:
+      - ${LDAP_ADMIN_PORT}:80
+    build:
+      context: phpldapadmin
+      dockerfile: Dockerfile
+      args:
+        - LDAP_BASE=${LDAP_BASE}
   ldap:
+    user: ${USER_GROUP}
+    image: registry.audio-lab.org/ldap
+    restart: always
+    ports:
+      - ${LDAP_PORT}:389
     build: 
       context: .
       dockerfile: Dockerfile
@@ -9,4 +26,10 @@ services:
         - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
         - LDAP_ORGANISATION=${LDAP_ORGANISATION}
         - LDAP_DOMAIN=${LDAP_DOMAIN}
-    
+        - LDAP_USER=${LDAP_USER}
+        - LDAP_GROUP=${LDAP_GROUP}
+    environment:
+      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
+      - LDAP_ORGANISATION=${LDAP_ORGANISATION}
+      - LDAP_DOMAIN=${LDAP_DOMAIN}
+
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..4e4e364
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -x
+
+RUN slapadd -n 0 -l /etc/ldap/schema/domain.ldif
+
+exec $@
diff --git a/env.sample b/env.sample
index fb5aae0..869600a 100644
--- a/env.sample
+++ b/env.sample
@@ -1,3 +1,5 @@
 LDAP_ADMIN_PASSWORD=admin
 LDAP_ORGANISATION=organisation
 LDAP_DOMAIN=domain
+LDAP_PORT=389
+USER_GROUP=1000:1000
diff --git a/phpldapadmin/Dockerfile b/phpldapadmin/Dockerfile
new file mode 100644
index 0000000..b108164
--- /dev/null
+++ b/phpldapadmin/Dockerfile
@@ -0,0 +1,29 @@
+FROM debian:stable-slim
+
+ARG LDAP_BASE
+
+ENV LDAP_BASE $LDAP_BASE
+
+RUN apt-get update -y && apt dist-upgrade -y
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y wget
+
+RUN wget http://ftp.de.debian.org/debian/pool/main/p/phpldapadmin/phpldapadmin_1.2.6.3-0.2_all.deb && \
+	apt install -y ./phpldapadmin_1.2.6.3-0.2_all.deb && \
+	rm *.deb
+
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ADD entrypoint.sh /entrypoint.sh
+
+RUN sed -i "s/^.*setValue('server','host'.*/\$servers->setValue('server','host','ldap');/" /usr/share/phpldapadmin/config/config.php && \
+    sed -i "s/^.*setValue('server','base'.*/\$servers->setValue('server','base',array('${LDAP_BASE}'));/" /usr/share/phpldapadmin/config/config.php && \
+    sed -i "s/^.*setValue('login','bind_id'.*/\$servers->setValue('login','bind_id','cn=admin,${LDAP_BASE}');/" /usr/share/phpldapadmin/config/config.php
+	
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+EXPOSE 80
+
+CMD ["apachectl","-D","FOREGROUND"]
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/phpldapadmin/entrypoint.sh b/phpldapadmin/entrypoint.sh
new file mode 100755
index 0000000..26d18e8
--- /dev/null
+++ b/phpldapadmin/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -xe
+
+echo "Running Apache"
+
+exec $@
diff --git a/schema/nextcloud.ldif b/schema/nextcloud.ldif
new file mode 100644
index 0000000..9cbeeb1
--- /dev/null
+++ b/schema/nextcloud.ldif
@@ -0,0 +1,16 @@
+dn: ou=users,dc=labiaga,dc=ikastola
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: ou=groups,dc=labiaga,dc=ikastola
+objectClass: organizationalUnit
+objectClass: top
+ou: groups
+
+dn: cn=irakasleak,ou=groups,dc=labiaga,dc=ikastola
+objectClass: posixGroup
+cn: irakasleak
+gidNumber: 10000
+memberUid: irakasleak
+
diff --git a/slapd.sh b/slapd.sh
index a61ab15..4bb93f2 100755
--- a/slapd.sh
+++ b/slapd.sh
@@ -2,17 +2,13 @@
 
 set -eu
 
-status () {
-  echo "---> ${@}" >&2
-}
-
 set -x
 : LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
 : LDAP_DOMAIN=${LDAP_DOMAIN}
 : LDAP_ORGANISATION=${LDAP_ORGANISATION}
 
 if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
-  status "configuring slapd for first run"
+  echo "configuring slapd for first run"
 
   cat <<EOF | debconf-set-selections
 slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PASSWORD}
@@ -34,9 +30,12 @@ EOF
 
   touch /var/lib/ldap/docker_bootstrapped
 else
-  status "found already-configured slapd"
+  echo "found already-configured slapd"
 fi
 
-status "starting slapd"
+echo "starting slapd"
 set -x
-exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d 0
+
+
+
+exec $@