OpenLDAP: open source docker ldap (#115)

* add openldap Docker setup
* update to cws-opensource-ldap and cws-certs
* test ldap server from inside Docker container
* clean up readme files
* re-title certs readme

README.md

@@ -76,8 +76,12 @@ Open new Shell terminal designated for running ElasticSearch.
 docker-compose up
 ```
 
+#### _Updating Presets and Default Settings_
 
-
+Preset configuration variables like `default_smtp_hostname` and `default_cws_ldap_url` can be found in files:
+- `/install/installerPresets.properties`
+- `/install/example-cws-configuration.properties`
+- `utils.sh`
 -----
 ## Building CWS
 

cws-certs/README.md

@@ -0,0 +1,10 @@
+## Generate Self-signed Certs
+
+_Running this script will result in the replacement of existing keystore and truststore in `install/` by new certs_
+
+#### Execute script with command:
+
+```
+./generate-certs.sh
+```
+

cws-opensource-ldap/Dockerfile

@@ -0,0 +1,19 @@
+# Based on the public GIT repository by rackerlabs
+# Reference: https://github.com/rackerlabs/dockerstack/tree/master/keystone/openldap
+FROM  ubuntu:latest
+
+RUN apt-get update
+RUN apt-get install -q -y vim ldapvi
+RUN echo 'slapd/root_password password password' | debconf-set-selections
+RUN echo 'slapd/root_password_again password password' | debconf-set-selections
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
+RUN rm -rf /var/lib/apt/lists/*
+
+ADD access.ldif user.ldif /
+
+RUN service slapd start ;\
+ldapadd -Y EXTERNAL -H ldapi:/// -f access.ldif &&\
+ldapadd -x -D cn=admin,dc=example,dc=com -w password -c -f user.ldif
+
+EXPOSE 389
+CMD slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d -d stats

cws-opensource-ldap/README.md

@@ -0,0 +1,51 @@
+# Deploy OpenLDAP Server
+
+### LDAP Server Configuration
+
+- The open source LDAP server, with default user configuration, can be activated using Docker.
+    - LDIF files _user.ldif_ and _access.ldif_ contain the default DN(distinguished name), UserId, and ldap user details.
+      - `dn: cn=cwsuser,ou=Users,dc=example,dc=com`
+      - `uid: cwsuser`
+      - You can configure the user directory data by editing the `user.ldif` file. You can find more LDAP and LDIF instructions, [here](https://docs.oracle.com/cd/A87860_01/doc/network.817/a86101/syntax.htm). 
+
+### Start OpenLDAP Container
+- While inside this folder run command:
+
+```
+docker-compose up -d
+```
+
+#### *Test LDAP Server*
+Once `openldap_container` is up, run a ldapsearch command to verify user configuration.
+- Enter Docker container:
+```
+docker exec -it openldap_container bash
+```
+- Run ldapsearch command: 
+```
+ldapsearch -x -LLL -H ldap://localhost:389 -b dc=example,dc=com -D "cn=<cn>,ou=Users,dc=example,dc=com" -w <userpassword> uid=<uid>
+```
+
+#### CWS LDAP Authorization Plugin
+
+- The LDAP plugin property settings below match the default configuration for the openldap server.
+
+```
+    <property name="serverUrl"                   value="__CWS_LDAP_URL__" />
+    <property name="acceptUntrustedCertificates" value="false" />
+    <property name="baseDn"                      value="dc=example,dc=com" />
+    <property name="userSearchBase"              value="ou=Users" />
+    <property name="userSearchFilter"            value="(objectclass=inetOrgPerson)" />
+    <property name="userIdAttribute"             value="uid" />
+    <property name="userFirstnameAttribute"      value="givenName" />
+    <property name="userLastnameAttribute"       value="sn" />
+    <property name="userEmailAttribute"          value="mail" />
+    <property name="userPasswordAttribute"       value="userpassword" />
+    <property name="groupSearchBase"             value="ou=Users" />
+    <property name="groupSearchFilter"           value="(|(cn=your.first.group)(cn=your.other.group))" />
+    <property name="groupIdAttribute"            value="cn" />
+    <property name="groupNameAttribute"          value="cn" />
+    <property name="groupMemberAttribute"        value="uniqueMember" />
+```
+
+_Based on the public GIT repository by rackerlabs, reference: https://github.com/rackerlabs/dockerstack/tree/master/keystone/openldap_

cws-opensource-ldap/access.ldif

@@ -0,0 +1,15 @@
+version: 1
+changeType: add
+dn: olcDatabase={2}mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDatabase: {2}mdb
+olcDbDirectory: /var/lib/ldap
+olcSuffix: dc=example,dc=com
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none
+olcAccess: {1}to dn.base="" by * read
+olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read
+olcLastMod: TRUE
+olcRootDN: cn=admin,dc=example,dc=com
+olcRootPW: password
+olcDbIndex: objectClass eq

cws-opensource-ldap/docker-compose.yml

@@ -0,0 +1,8 @@
+version: "3.2"
+services:
+  openldap:
+    build: .
+    image: openldap
+    container_name: openldap_container
+    ports:
+      - "389:389"

cws-opensource-ldap/user.ldif

@@ -0,0 +1,18 @@
+dn: dc=example,dc=com
+dc: example
+objectClass: dcObject
+objectClass: organizationalUnit
+ou: example
+
+dn: ou=Users,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Users
+
+dn: cn=cwsuser,ou=Users,dc=example,dc=com
+objectclass: inetOrgPerson
+cn: cwsuser
+givenName: cws
+sn: user
+uid: cwsuser
+userpassword: ldapcwspassword
+mail: [email protected]