From 65b8c6fd10c401a03f8f52d5b54ac9232f72e633 Mon Sep 17 00:00:00 2001 From: Shaun See Tow Date: Thu, 21 Nov 2024 15:17:57 +0800 Subject: [PATCH] created anonymous binding database + test --- Makefile | 10 +++++----- itest/config-anon.toml | 8 ++++++++ itest/docker-compose.itest-anon-env.yml | 3 ++- itest/docker-compose.itest-anon.yml | 3 ++- itest/ldif/anon.ldif | 0 itest/schema/anon.ldif | 15 +++++++++++++++ 6 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 itest/config-anon.toml create mode 100644 itest/ldif/anon.ldif create mode 100644 itest/schema/anon.ldif diff --git a/Makefile b/Makefile index d6f8d26..3e5873e 100644 --- a/Makefile +++ b/Makefile @@ -60,24 +60,24 @@ itest: itest-up itest-run itest-stop .PHONY: itest-up-anon itest-up-anon: docker compose -f docker-compose.yml \ - -f itest/docker-compose.itest.yml \ + -f itest/docker-compose.itest-anon.yml \ build docker compose -f docker-compose.yml \ - -f itest/docker-compose.itest.yml \ + -f itest/docker-compose.itest-anon.yml \ up -d vaultwarden ldap .PHONY: itest-run-anon itest-run-anon: docker compose -f docker-compose.yml \ - -f itest/docker-compose.itest.yml \ - run ldap_sync + -f itest/docker-compose.itest-anon.yml \ + run --rm ldap_sync .PHONY: itest-stop-anon itest-stop-anon: docker compose stop .PHONY: itest-anon -itest: itest-up-anon itest-run-anon itest-stop-anon +itest-anon: itest-up-anon itest-run-anon itest-stop-anon # Run bootstrapped integration test using env for config .PHONY: itest-env diff --git a/itest/config-anon.toml b/itest/config-anon.toml new file mode 100644 index 0000000..b17f459 --- /dev/null +++ b/itest/config-anon.toml @@ -0,0 +1,8 @@ +vaultwarden_url = "http://vaultwarden:80" +vaultwarden_admin_token = "admin" +ldap_host = "ldap" +# ldap_bind_dn = "cn=readonly,dc=example,dc=org" +# ldap_bind_password = "readonly" +ldap_search_base_dn = "dc=example,dc=org" +ldap_search_filter = "(&(objectClass=*)(uid=*))" +ldap_sync_loop = false diff --git a/itest/docker-compose.itest-anon-env.yml b/itest/docker-compose.itest-anon-env.yml index b9f216a..25cb8fa 100644 --- a/itest/docker-compose.itest-anon-env.yml +++ b/itest/docker-compose.itest-anon-env.yml @@ -17,4 +17,5 @@ services: ldap: command: ["--copy-service"] volumes: - - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif + - ./itest/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom + - ./itest/schema/anon.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/anon.ldif diff --git a/itest/docker-compose.itest-anon.yml b/itest/docker-compose.itest-anon.yml index a7ef9de..a3e0cd9 100644 --- a/itest/docker-compose.itest-anon.yml +++ b/itest/docker-compose.itest-anon.yml @@ -9,4 +9,5 @@ services: ldap: command: ["--copy-service"] volumes: - - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif + - ./itest/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom + - ./itest/schema/anon.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/anon.ldif diff --git a/itest/ldif/anon.ldif b/itest/ldif/anon.ldif new file mode 100644 index 0000000..e69de29 diff --git a/itest/schema/anon.ldif b/itest/schema/anon.ldif new file mode 100644 index 0000000..fb01829 --- /dev/null +++ b/itest/schema/anon.ldif @@ -0,0 +1,15 @@ +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcAccess +olcAccess: to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break +olcAccess: to attrs=userPassword,shadowLastChange + by self write + by dn="cn=admin,dc=example,dc=org" write + by anonymous auth + by * none +olcAccess: to * + by anonymous read + by dn="cn=admin,dc=example,dc=org" write + by * none