github-ldap 1.3.3 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +15 -2
- data/CHANGELOG.md +13 -0
- data/Gemfile +4 -0
- data/README.md +15 -1
- data/Rakefile +1 -1
- data/github-ldap.gemspec +2 -2
- data/lib/github/ldap.rb +55 -12
- data/lib/github/ldap/domain.rb +6 -2
- data/lib/github/ldap/filter.rb +15 -7
- data/lib/github/ldap/group.rb +1 -1
- data/lib/github/ldap/instrumentation.rb +28 -0
- data/lib/github/ldap/membership_validators.rb +18 -0
- data/lib/github/ldap/membership_validators/active_directory.rb +56 -0
- data/lib/github/ldap/membership_validators/base.rb +37 -0
- data/lib/github/ldap/membership_validators/classic.rb +34 -0
- data/lib/github/ldap/membership_validators/recursive.rb +93 -0
- data/lib/github/ldap/server.rb +2 -0
- data/script/changelog +29 -0
- data/script/cibuild-apacheds +7 -0
- data/script/cibuild-openldap +7 -0
- data/script/install-openldap +44 -0
- data/script/package +7 -0
- data/script/release +16 -0
- data/test/domain_test.rb +71 -89
- data/test/filter_test.rb +12 -1
- data/test/fixtures/common/seed.ldif +369 -0
- data/test/fixtures/openldap/memberof.ldif +33 -0
- data/test/fixtures/openldap/slapd.conf.ldif +67 -0
- data/test/fixtures/posixGroup.schema.ldif +34 -8
- data/test/group_test.rb +19 -25
- data/test/ldap_test.rb +28 -21
- data/test/membership_validators/active_directory_test.rb +68 -0
- data/test/membership_validators/classic_test.rb +51 -0
- data/test/membership_validators/recursive_test.rb +56 -0
- data/test/membership_validators_test.rb +46 -0
- data/test/posix_group_test.rb +25 -28
- data/test/support/vm/openldap/.gitignore +1 -0
- data/test/support/vm/openldap/README.md +32 -0
- data/test/support/vm/openldap/Vagrantfile +35 -0
- data/test/test_helper.rb +72 -10
- metadata +52 -27
- data/test/fixtures/github-with-looped-subgroups.ldif +0 -82
- data/test/fixtures/github-with-missing-entries.ldif +0 -85
- data/test/fixtures/github-with-posixGroups.ldif +0 -50
- data/test/fixtures/github-with-subgroups.ldif +0 -146
data/test/filter_test.rb
CHANGED
@@ -20,7 +20,8 @@ class FilterTest < Minitest::Test
|
|
20
20
|
@subject = Subject.new(@ldap)
|
21
21
|
@me = 'uid=calavera,dc=github,dc=com'
|
22
22
|
@uid = "calavera"
|
23
|
-
@entry = Entry.new(@me
|
23
|
+
@entry = Net::LDAP::Entry.new(@me)
|
24
|
+
@entry[:uid] = @uid
|
24
25
|
end
|
25
26
|
|
26
27
|
def test_member_present
|
@@ -32,6 +33,11 @@ class FilterTest < Minitest::Test
|
|
32
33
|
@subject.member_filter(@entry).to_s
|
33
34
|
end
|
34
35
|
|
36
|
+
def test_member_equal_with_string
|
37
|
+
assert_equal "(|(member=#{@me})(uniqueMember=#{@me}))",
|
38
|
+
@subject.member_filter(@entry.dn).to_s
|
39
|
+
end
|
40
|
+
|
35
41
|
def test_posix_member_without_uid
|
36
42
|
@entry.uid = nil
|
37
43
|
assert_nil @subject.posix_member_filter(@entry, @ldap.uid)
|
@@ -42,6 +48,11 @@ class FilterTest < Minitest::Test
|
|
42
48
|
@subject.posix_member_filter(@entry, @ldap.uid).to_s
|
43
49
|
end
|
44
50
|
|
51
|
+
def test_posix_member_equal_string
|
52
|
+
assert_equal "(memberUid=#{@uid})",
|
53
|
+
@subject.posix_member_filter(@uid).to_s
|
54
|
+
end
|
55
|
+
|
45
56
|
def test_groups_reduced
|
46
57
|
assert_equal "(|(cn=Enterprise)(cn=People))",
|
47
58
|
@subject.group_filter(%w(Enterprise People)).to_s
|
@@ -0,0 +1,369 @@
|
|
1
|
+
dn: ou=People,dc=github,dc=com
|
2
|
+
objectClass: top
|
3
|
+
objectClass: organizationalUnit
|
4
|
+
ou: People
|
5
|
+
|
6
|
+
dn: ou=Groups,dc=github,dc=com
|
7
|
+
objectClass: top
|
8
|
+
objectClass: organizationalUnit
|
9
|
+
ou: Groups
|
10
|
+
|
11
|
+
# Directory Superuser
|
12
|
+
dn: uid=admin,dc=github,dc=com
|
13
|
+
uid: admin
|
14
|
+
cn: system administrator
|
15
|
+
sn: administrator
|
16
|
+
objectClass: top
|
17
|
+
objectClass: person
|
18
|
+
objectClass: organizationalPerson
|
19
|
+
objectClass: inetOrgPerson
|
20
|
+
displayName: Directory Superuser
|
21
|
+
userPassword: passworD1
|
22
|
+
|
23
|
+
# Users 1-10
|
24
|
+
|
25
|
+
dn: uid=user1,ou=People,dc=github,dc=com
|
26
|
+
uid: user1
|
27
|
+
cn: user1
|
28
|
+
sn: user1
|
29
|
+
objectClass: top
|
30
|
+
objectClass: person
|
31
|
+
objectClass: organizationalPerson
|
32
|
+
objectClass: inetOrgPerson
|
33
|
+
userPassword: passworD1
|
34
|
+
mail: user1@github.com
|
35
|
+
|
36
|
+
dn: uid=user2,ou=People,dc=github,dc=com
|
37
|
+
uid: user2
|
38
|
+
cn: user2
|
39
|
+
sn: user2
|
40
|
+
objectClass: top
|
41
|
+
objectClass: person
|
42
|
+
objectClass: organizationalPerson
|
43
|
+
objectClass: inetOrgPerson
|
44
|
+
userPassword: passworD1
|
45
|
+
mail: user2@github.com
|
46
|
+
|
47
|
+
dn: uid=user3,ou=People,dc=github,dc=com
|
48
|
+
uid: user3
|
49
|
+
cn: user3
|
50
|
+
sn: user3
|
51
|
+
objectClass: top
|
52
|
+
objectClass: person
|
53
|
+
objectClass: organizationalPerson
|
54
|
+
objectClass: inetOrgPerson
|
55
|
+
userPassword: passworD1
|
56
|
+
mail: user3@github.com
|
57
|
+
|
58
|
+
dn: uid=user4,ou=People,dc=github,dc=com
|
59
|
+
uid: user4
|
60
|
+
cn: user4
|
61
|
+
sn: user4
|
62
|
+
objectClass: top
|
63
|
+
objectClass: person
|
64
|
+
objectClass: organizationalPerson
|
65
|
+
objectClass: inetOrgPerson
|
66
|
+
userPassword: passworD1
|
67
|
+
mail: user4@github.com
|
68
|
+
|
69
|
+
dn: uid=user5,ou=People,dc=github,dc=com
|
70
|
+
uid: user5
|
71
|
+
cn: user5
|
72
|
+
sn: user5
|
73
|
+
objectClass: top
|
74
|
+
objectClass: person
|
75
|
+
objectClass: organizationalPerson
|
76
|
+
objectClass: inetOrgPerson
|
77
|
+
userPassword: passworD1
|
78
|
+
mail: user5@github.com
|
79
|
+
|
80
|
+
dn: uid=user6,ou=People,dc=github,dc=com
|
81
|
+
uid: user6
|
82
|
+
cn: user6
|
83
|
+
sn: user6
|
84
|
+
objectClass: top
|
85
|
+
objectClass: person
|
86
|
+
objectClass: organizationalPerson
|
87
|
+
objectClass: inetOrgPerson
|
88
|
+
userPassword: passworD1
|
89
|
+
mail: user6@github.com
|
90
|
+
|
91
|
+
dn: uid=user7,ou=People,dc=github,dc=com
|
92
|
+
uid: user7
|
93
|
+
cn: user7
|
94
|
+
sn: user7
|
95
|
+
objectClass: top
|
96
|
+
objectClass: person
|
97
|
+
objectClass: organizationalPerson
|
98
|
+
objectClass: inetOrgPerson
|
99
|
+
userPassword: passworD1
|
100
|
+
mail: user7@github.com
|
101
|
+
|
102
|
+
dn: uid=user8,ou=People,dc=github,dc=com
|
103
|
+
uid: user8
|
104
|
+
cn: user8
|
105
|
+
sn: user8
|
106
|
+
objectClass: top
|
107
|
+
objectClass: person
|
108
|
+
objectClass: organizationalPerson
|
109
|
+
objectClass: inetOrgPerson
|
110
|
+
userPassword: passworD1
|
111
|
+
mail: user8@github.com
|
112
|
+
|
113
|
+
dn: uid=user9,ou=People,dc=github,dc=com
|
114
|
+
uid: user9
|
115
|
+
cn: user9
|
116
|
+
sn: user9
|
117
|
+
objectClass: top
|
118
|
+
objectClass: person
|
119
|
+
objectClass: organizationalPerson
|
120
|
+
objectClass: inetOrgPerson
|
121
|
+
userPassword: passworD1
|
122
|
+
mail: user9@github.com
|
123
|
+
|
124
|
+
dn: uid=user10,ou=People,dc=github,dc=com
|
125
|
+
uid: user10
|
126
|
+
cn: user10
|
127
|
+
sn: user10
|
128
|
+
objectClass: top
|
129
|
+
objectClass: person
|
130
|
+
objectClass: organizationalPerson
|
131
|
+
objectClass: inetOrgPerson
|
132
|
+
userPassword: passworD1
|
133
|
+
mail: user10@github.com
|
134
|
+
|
135
|
+
# Emailless User
|
136
|
+
|
137
|
+
dn: uid=emailless-user1,ou=People,dc=github,dc=com
|
138
|
+
uid: emailless-user1
|
139
|
+
cn: emailless-user1
|
140
|
+
sn: emailless-user1
|
141
|
+
objectClass: top
|
142
|
+
objectClass: person
|
143
|
+
objectClass: organizationalPerson
|
144
|
+
objectClass: inetOrgPerson
|
145
|
+
userPassword: passworD1
|
146
|
+
|
147
|
+
# Groupless User
|
148
|
+
|
149
|
+
dn: uid=groupless-user1,ou=People,dc=github,dc=com
|
150
|
+
uid: groupless-user1
|
151
|
+
cn: groupless-user1
|
152
|
+
sn: groupless-user1
|
153
|
+
objectClass: top
|
154
|
+
objectClass: person
|
155
|
+
objectClass: organizationalPerson
|
156
|
+
objectClass: inetOrgPerson
|
157
|
+
userPassword: passworD1
|
158
|
+
|
159
|
+
# Admin User
|
160
|
+
|
161
|
+
dn: uid=admin1,ou=People,dc=github,dc=com
|
162
|
+
uid: admin1
|
163
|
+
cn: admin1
|
164
|
+
sn: admin1
|
165
|
+
objectClass: top
|
166
|
+
objectClass: person
|
167
|
+
objectClass: organizationalPerson
|
168
|
+
objectClass: inetOrgPerson
|
169
|
+
userPassword: passworD1
|
170
|
+
mail: admin1@github.com
|
171
|
+
|
172
|
+
# Groups
|
173
|
+
|
174
|
+
dn: cn=ghe-users,ou=Groups,dc=github,dc=com
|
175
|
+
cn: ghe-users
|
176
|
+
objectClass: groupOfNames
|
177
|
+
member: uid=user1,ou=People,dc=github,dc=com
|
178
|
+
member: uid=emailless-user1,ou=People,dc=github,dc=com
|
179
|
+
|
180
|
+
dn: cn=all-users,ou=Groups,dc=github,dc=com
|
181
|
+
cn: all-users
|
182
|
+
objectClass: groupOfNames
|
183
|
+
member: cn=ghe-users,ou=Groups,dc=github,dc=com
|
184
|
+
member: uid=user1,ou=People,dc=github,dc=com
|
185
|
+
member: uid=user2,ou=People,dc=github,dc=com
|
186
|
+
member: uid=user3,ou=People,dc=github,dc=com
|
187
|
+
member: uid=user4,ou=People,dc=github,dc=com
|
188
|
+
member: uid=user5,ou=People,dc=github,dc=com
|
189
|
+
member: uid=user6,ou=People,dc=github,dc=com
|
190
|
+
member: uid=user7,ou=People,dc=github,dc=com
|
191
|
+
member: uid=user8,ou=People,dc=github,dc=com
|
192
|
+
member: uid=user9,ou=People,dc=github,dc=com
|
193
|
+
member: uid=user10,ou=People,dc=github,dc=com
|
194
|
+
member: uid=emailless-user1,ou=People,dc=github,dc=com
|
195
|
+
|
196
|
+
dn: cn=ghe-admins,ou=Groups,dc=github,dc=com
|
197
|
+
cn: ghe-admins
|
198
|
+
objectClass: groupOfNames
|
199
|
+
member: uid=admin1,ou=People,dc=github,dc=com
|
200
|
+
|
201
|
+
dn: cn=all-admins,ou=Groups,dc=github,dc=com
|
202
|
+
cn: all-admins
|
203
|
+
objectClass: groupOfNames
|
204
|
+
member: cn=ghe-admins,ou=Groups,dc=github,dc=com
|
205
|
+
member: uid=admin1,ou=People,dc=github,dc=com
|
206
|
+
|
207
|
+
dn: cn=n-member-group10,ou=Groups,dc=github,dc=com
|
208
|
+
cn: n-member-group10
|
209
|
+
objectClass: groupOfNames
|
210
|
+
member: uid=user1,ou=People,dc=github,dc=com
|
211
|
+
member: uid=user2,ou=People,dc=github,dc=com
|
212
|
+
member: uid=user3,ou=People,dc=github,dc=com
|
213
|
+
member: uid=user4,ou=People,dc=github,dc=com
|
214
|
+
member: uid=user5,ou=People,dc=github,dc=com
|
215
|
+
member: uid=user6,ou=People,dc=github,dc=com
|
216
|
+
member: uid=user7,ou=People,dc=github,dc=com
|
217
|
+
member: uid=user8,ou=People,dc=github,dc=com
|
218
|
+
member: uid=user9,ou=People,dc=github,dc=com
|
219
|
+
member: uid=user10,ou=People,dc=github,dc=com
|
220
|
+
|
221
|
+
dn: cn=nested-group1,ou=Groups,dc=github,dc=com
|
222
|
+
cn: nested-group1
|
223
|
+
objectClass: groupOfNames
|
224
|
+
member: uid=user1,ou=People,dc=github,dc=com
|
225
|
+
member: uid=user2,ou=People,dc=github,dc=com
|
226
|
+
member: uid=user3,ou=People,dc=github,dc=com
|
227
|
+
member: uid=user4,ou=People,dc=github,dc=com
|
228
|
+
member: uid=user5,ou=People,dc=github,dc=com
|
229
|
+
member: uid=user6,ou=People,dc=github,dc=com
|
230
|
+
member: uid=user7,ou=People,dc=github,dc=com
|
231
|
+
member: uid=user8,ou=People,dc=github,dc=com
|
232
|
+
member: uid=user9,ou=People,dc=github,dc=com
|
233
|
+
member: uid=user10,ou=People,dc=github,dc=com
|
234
|
+
|
235
|
+
dn: cn=nested-groups,ou=Groups,dc=github,dc=com
|
236
|
+
cn: nested-groups
|
237
|
+
objectClass: groupOfNames
|
238
|
+
member: cn=nested-group1,ou=Groups,dc=github,dc=com
|
239
|
+
|
240
|
+
dn: cn=n-member-nested-group1,ou=Groups,dc=github,dc=com
|
241
|
+
cn: n-member-nested-group1
|
242
|
+
objectClass: groupOfNames
|
243
|
+
member: cn=nested-group1,ou=Groups,dc=github,dc=com
|
244
|
+
|
245
|
+
dn: cn=deeply-nested-group0.0.0,ou=Groups,dc=github,dc=com
|
246
|
+
cn: deeply-nested-group0.0.0
|
247
|
+
objectClass: groupOfNames
|
248
|
+
member: uid=user1,ou=People,dc=github,dc=com
|
249
|
+
member: uid=user2,ou=People,dc=github,dc=com
|
250
|
+
member: uid=user3,ou=People,dc=github,dc=com
|
251
|
+
member: uid=user4,ou=People,dc=github,dc=com
|
252
|
+
member: uid=user5,ou=People,dc=github,dc=com
|
253
|
+
|
254
|
+
dn: cn=deeply-nested-group0.0.1,ou=Groups,dc=github,dc=com
|
255
|
+
cn: deeply-nested-group0.0.1
|
256
|
+
objectClass: groupOfNames
|
257
|
+
member: uid=user6,ou=People,dc=github,dc=com
|
258
|
+
member: uid=user7,ou=People,dc=github,dc=com
|
259
|
+
member: uid=user8,ou=People,dc=github,dc=com
|
260
|
+
member: uid=user9,ou=People,dc=github,dc=com
|
261
|
+
member: uid=user10,ou=People,dc=github,dc=com
|
262
|
+
|
263
|
+
dn: cn=deeply-nested-group0.0,ou=Groups,dc=github,dc=com
|
264
|
+
cn: deeply-nested-group0.0
|
265
|
+
objectClass: groupOfNames
|
266
|
+
member: cn=deeply-nested-group0.0.0,ou=Groups,dc=github,dc=com
|
267
|
+
member: cn=deeply-nested-group0.0.1,ou=Groups,dc=github,dc=com
|
268
|
+
|
269
|
+
dn: cn=deeply-nested-group0,ou=Groups,dc=github,dc=com
|
270
|
+
cn: deeply-nested-group0
|
271
|
+
objectClass: groupOfNames
|
272
|
+
member: cn=deeply-nested-group0.0,ou=Groups,dc=github,dc=com
|
273
|
+
|
274
|
+
dn: cn=deeply-nested-groups,ou=Groups,dc=github,dc=com
|
275
|
+
cn: deeply-nested-groups
|
276
|
+
objectClass: groupOfNames
|
277
|
+
member: cn=deeply-nested-group0,ou=Groups,dc=github,dc=com
|
278
|
+
|
279
|
+
dn: cn=n-depth-nested-group1,ou=Groups,dc=github,dc=com
|
280
|
+
cn: n-depth-nested-group1
|
281
|
+
objectClass: groupOfNames
|
282
|
+
member: cn=nested-group1,ou=Groups,dc=github,dc=com
|
283
|
+
|
284
|
+
dn: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
|
285
|
+
cn: n-depth-nested-group2
|
286
|
+
objectClass: groupOfNames
|
287
|
+
member: cn=n-depth-nested-group1,ou=Groups,dc=github,dc=com
|
288
|
+
|
289
|
+
dn: cn=n-depth-nested-group3,ou=Groups,dc=github,dc=com
|
290
|
+
cn: n-depth-nested-group3
|
291
|
+
objectClass: groupOfNames
|
292
|
+
member: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
|
293
|
+
|
294
|
+
dn: cn=n-depth-nested-group4,ou=Groups,dc=github,dc=com
|
295
|
+
cn: n-depth-nested-group4
|
296
|
+
objectClass: groupOfNames
|
297
|
+
member: cn=n-depth-nested-group3,ou=Groups,dc=github,dc=com
|
298
|
+
|
299
|
+
dn: cn=n-depth-nested-group5,ou=Groups,dc=github,dc=com
|
300
|
+
cn: n-depth-nested-group5
|
301
|
+
objectClass: groupOfNames
|
302
|
+
member: cn=n-depth-nested-group4,ou=Groups,dc=github,dc=com
|
303
|
+
|
304
|
+
dn: cn=n-depth-nested-group6,ou=Groups,dc=github,dc=com
|
305
|
+
cn: n-depth-nested-group6
|
306
|
+
objectClass: groupOfNames
|
307
|
+
member: cn=n-depth-nested-group5,ou=Groups,dc=github,dc=com
|
308
|
+
|
309
|
+
dn: cn=n-depth-nested-group7,ou=Groups,dc=github,dc=com
|
310
|
+
cn: n-depth-nested-group7
|
311
|
+
objectClass: groupOfNames
|
312
|
+
member: cn=n-depth-nested-group6,ou=Groups,dc=github,dc=com
|
313
|
+
|
314
|
+
dn: cn=n-depth-nested-group8,ou=Groups,dc=github,dc=com
|
315
|
+
cn: n-depth-nested-group8
|
316
|
+
objectClass: groupOfNames
|
317
|
+
member: cn=n-depth-nested-group7,ou=Groups,dc=github,dc=com
|
318
|
+
|
319
|
+
dn: cn=n-depth-nested-group9,ou=Groups,dc=github,dc=com
|
320
|
+
cn: n-depth-nested-group9
|
321
|
+
objectClass: groupOfNames
|
322
|
+
member: cn=n-depth-nested-group8,ou=Groups,dc=github,dc=com
|
323
|
+
|
324
|
+
dn: cn=head-group,ou=Groups,dc=github,dc=com
|
325
|
+
cn: head-group
|
326
|
+
objectClass: groupOfNames
|
327
|
+
member: cn=tail-group,ou=Groups,dc=github,dc=com
|
328
|
+
member: uid=user1,ou=People,dc=github,dc=com
|
329
|
+
member: uid=user2,ou=People,dc=github,dc=com
|
330
|
+
member: uid=user3,ou=People,dc=github,dc=com
|
331
|
+
member: uid=user4,ou=People,dc=github,dc=com
|
332
|
+
member: uid=user5,ou=People,dc=github,dc=com
|
333
|
+
|
334
|
+
dn: cn=tail-group,ou=Groups,dc=github,dc=com
|
335
|
+
cn: tail-group
|
336
|
+
objectClass: groupOfNames
|
337
|
+
member: cn=head-group,ou=Groups,dc=github,dc=com
|
338
|
+
member: uid=user6,ou=People,dc=github,dc=com
|
339
|
+
member: uid=user7,ou=People,dc=github,dc=com
|
340
|
+
member: uid=user8,ou=People,dc=github,dc=com
|
341
|
+
member: uid=user9,ou=People,dc=github,dc=com
|
342
|
+
member: uid=user10,ou=People,dc=github,dc=com
|
343
|
+
|
344
|
+
dn: cn=recursively-nested-groups,ou=Groups,dc=github,dc=com
|
345
|
+
cn: recursively-nested-groups
|
346
|
+
objectClass: groupOfNames
|
347
|
+
member: cn=head-group,ou=Groups,dc=github,dc=com
|
348
|
+
member: cn=tail-group,ou=Groups,dc=github,dc=com
|
349
|
+
|
350
|
+
# posixGroup
|
351
|
+
|
352
|
+
dn: cn=posix-group1,ou=Groups,dc=github,dc=com
|
353
|
+
cn: posix-group1
|
354
|
+
objectClass: posixGroup
|
355
|
+
gidNumber: 1001
|
356
|
+
memberUid: user1
|
357
|
+
memberUid: user2
|
358
|
+
memberUid: user3
|
359
|
+
memberUid: user4
|
360
|
+
memberUid: user5
|
361
|
+
|
362
|
+
# missing members
|
363
|
+
|
364
|
+
dn: cn=missing-users,ou=Groups,dc=github,dc=com
|
365
|
+
cn: missing-users
|
366
|
+
objectClass: groupOfNames
|
367
|
+
member: uid=user1,ou=People,dc=github,dc=com
|
368
|
+
member: uid=user2,ou=People,dc=github,dc=com
|
369
|
+
member: uid=nonexistent-user,ou=People,dc=github,dc=com
|
@@ -0,0 +1,33 @@
|
|
1
|
+
dn: cn=module,cn=config
|
2
|
+
cn: module
|
3
|
+
objectClass: olcModuleList
|
4
|
+
objectClass: top
|
5
|
+
olcModulePath: /usr/lib/ldap
|
6
|
+
olcModuleLoad: memberof.la
|
7
|
+
|
8
|
+
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
|
9
|
+
objectClass: olcConfig
|
10
|
+
objectClass: olcMemberOf
|
11
|
+
objectClass: olcOverlayConfig
|
12
|
+
objectClass: top
|
13
|
+
olcOverlay: memberof
|
14
|
+
olcMemberOfDangling: ignore
|
15
|
+
olcMemberOfRefInt: TRUE
|
16
|
+
olcMemberOfGroupOC: groupOfNames
|
17
|
+
olcMemberOfMemberAD: member
|
18
|
+
olcMemberOfMemberOfAD: memberOf
|
19
|
+
|
20
|
+
dn: cn=module,cn=config
|
21
|
+
cn: module
|
22
|
+
objectclass: olcModuleList
|
23
|
+
objectclass: top
|
24
|
+
olcmoduleload: refint.la
|
25
|
+
olcmodulepath: /usr/lib/ldap
|
26
|
+
|
27
|
+
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
|
28
|
+
objectClass: olcConfig
|
29
|
+
objectClass: olcOverlayConfig
|
30
|
+
objectClass: olcRefintConfig
|
31
|
+
objectClass: top
|
32
|
+
olcOverlay: {1}refint
|
33
|
+
olcRefintAttribute: memberof member manager owner
|
@@ -0,0 +1,67 @@
|
|
1
|
+
dn: cn=config
|
2
|
+
objectClass: olcGlobal
|
3
|
+
cn: config
|
4
|
+
olcPidFile: /var/run/slapd/slapd.pid
|
5
|
+
olcArgsFile: /var/run/slapd/slapd.args
|
6
|
+
olcLogLevel: none
|
7
|
+
olcToolThreads: 1
|
8
|
+
|
9
|
+
dn: olcDatabase={-1}frontend,cn=config
|
10
|
+
objectClass: olcDatabaseConfig
|
11
|
+
objectClass: olcFrontendConfig
|
12
|
+
olcDatabase: {-1}frontend
|
13
|
+
olcSizeLimit: 500
|
14
|
+
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
|
15
|
+
olcAccess: {1}to dn.exact="" by * read
|
16
|
+
olcAccess: {2}to dn.base="cn=Subschema" by * read
|
17
|
+
|
18
|
+
dn: olcDatabase=config,cn=config
|
19
|
+
objectClass: olcDatabaseConfig
|
20
|
+
olcDatabase: config
|
21
|
+
olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
|
22
|
+
|
23
|
+
dn: cn=schema,cn=config
|
24
|
+
objectClass: olcSchemaConfig
|
25
|
+
cn: schema
|
26
|
+
|
27
|
+
include: file:///etc/ldap/schema/core.ldif
|
28
|
+
include: file:///etc/ldap/schema/cosine.ldif
|
29
|
+
include: file:///etc/ldap/schema/nis.ldif
|
30
|
+
include: file:///etc/ldap/schema/inetorgperson.ldif
|
31
|
+
|
32
|
+
dn: cn=module{0},cn=config
|
33
|
+
objectClass: olcModuleList
|
34
|
+
cn: module{0}
|
35
|
+
olcModulePath: /usr/lib/ldap
|
36
|
+
olcModuleLoad: back_hdb
|
37
|
+
|
38
|
+
dn: olcBackend=hdb,cn=config
|
39
|
+
objectClass: olcBackendConfig
|
40
|
+
olcBackend: hdb
|
41
|
+
|
42
|
+
dn: olcDatabase=hdb,cn=config
|
43
|
+
objectClass: olcDatabaseConfig
|
44
|
+
objectClass: olcHdbConfig
|
45
|
+
olcDatabase: hdb
|
46
|
+
olcDbCheckpoint: 512 30
|
47
|
+
olcDbConfig: set_cachesize 1 0 0
|
48
|
+
olcDbConfig: set_lk_max_objects 1500
|
49
|
+
olcDbConfig: set_lk_max_locks 1500
|
50
|
+
olcDbConfig: set_lk_max_lockers 1500
|
51
|
+
olcLastMod: TRUE
|
52
|
+
olcSuffix: dc=github,dc=com
|
53
|
+
olcDbDirectory: /var/lib/ldap
|
54
|
+
olcRootDN: cn=admin,dc=github,dc=com
|
55
|
+
# admin's password: "passworD1"
|
56
|
+
olcRootPW: {SHA}LFSkM9eegU6j3PeGG7UuHrT/KZM=
|
57
|
+
olcDbIndex: objectClass eq
|
58
|
+
olcAccess: to attrs=userPassword,shadowLastChange
|
59
|
+
by self write
|
60
|
+
by anonymous auth
|
61
|
+
by dn="cn=admin,dc=github,dc=com" write
|
62
|
+
by * none
|
63
|
+
olcAccess: to dn.base="" by * read
|
64
|
+
olcAccess: to *
|
65
|
+
by self write
|
66
|
+
by dn="cn=admin,dc=github,dc=com" write
|
67
|
+
by * read
|