Use samba ad container for ldap
This commit is contained in:
parent
463200cfb3
commit
33ffc14e6b
|
@ -45,15 +45,6 @@ jobs:
|
|||
runs-on: ${{ matrix.os }}
|
||||
timeout-minutes: 40
|
||||
|
||||
services:
|
||||
ldap:
|
||||
image: ${{ matrix.target.version }}
|
||||
ports: [ "10389:10389" ]
|
||||
options: >-
|
||||
--health-cmd "${{ matrix.target.health_cmd }}"
|
||||
--health-interval 10s
|
||||
--health-timeout 10s
|
||||
--health-retries 5
|
||||
strategy:
|
||||
fail-fast: true
|
||||
matrix:
|
||||
|
@ -61,13 +52,11 @@ jobs:
|
|||
- '3.2'
|
||||
os:
|
||||
- ubuntu-latest
|
||||
target:
|
||||
- { version: "dwimberger/ldap-ad-it:latest", health_cmd: 'apk update; apk add openldap-clients; ldapsearch -x -H ldap://localhost:10389 -D uid=admin,ou=system -w secret -b dc=wimpi,dc=net' }
|
||||
|
||||
env:
|
||||
RAILS_ENV: test
|
||||
|
||||
name: ${{ matrix.target.version }} - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
|
||||
name: LDAP Acceptance - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
|
||||
steps:
|
||||
- name: Install system dependencies
|
||||
run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz
|
||||
|
@ -75,6 +64,12 @@ jobs:
|
|||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Run samba/ldap docker container
|
||||
working-directory: 'test/ldap'
|
||||
run: |
|
||||
docker compose build
|
||||
docker compose up --wait -d
|
||||
|
||||
- name: Setup Ruby
|
||||
env:
|
||||
BUNDLE_WITHOUT: "coverage development pcap"
|
||||
|
@ -85,19 +80,11 @@ jobs:
|
|||
ruby-version: '${{ matrix.ruby }}'
|
||||
bundler-cache: true
|
||||
|
||||
- name: Extract runtime version
|
||||
run: |
|
||||
echo "RUNTIME_VERSION=$(echo $DOCKER_IMAGE | awk -F: '{ print $2 }')" >> $GITHUB_ENV
|
||||
echo "DOCKER_IMAGE_FILENAME=$(echo $DOCKER_IMAGE | tr -d '/:')" >> $GITHUB_ENV
|
||||
env:
|
||||
DOCKER_IMAGE: ${{ matrix.target.version }}
|
||||
OS: ${{ matrix.os }}
|
||||
|
||||
- name: acceptance
|
||||
env:
|
||||
SPEC_HELPER_LOAD_METASPLOIT: false
|
||||
SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
|
||||
RUNTIME_VERSION: ${{ env.RUNTIME_VERSION }}
|
||||
RUNTIME_VERSION: latest
|
||||
# Unix run command:
|
||||
# SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
|
||||
# Windows cmd command:
|
||||
|
@ -113,7 +100,7 @@ jobs:
|
|||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
# Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
|
||||
name: ${{ env.DOCKER_IMAGE_FILENAME }}-${{ matrix.os }}
|
||||
name: ldap-acceptance-${{ matrix.os }}
|
||||
path: tmp/allure-raw-data
|
||||
|
||||
# Generate a final report from the previous test results
|
||||
|
|
|
@ -14,10 +14,10 @@ RSpec.describe 'LDAP modules' do
|
|||
datastore: {
|
||||
global: {},
|
||||
module: {
|
||||
username: ENV.fetch('LDAP_USERNAME', 'uid=admin,ou=system'),
|
||||
password: ENV.fetch('LDAP_PASSWORD', 'secret'),
|
||||
username: ENV.fetch('LDAP_USERNAME', "'DEV-AD\\Administrator'"),
|
||||
password: ENV.fetch('LDAP_PASSWORD', 'admin123!'),
|
||||
rhost: ENV.fetch('LDAP_RHOST', '127.0.0.1'),
|
||||
rport: ENV.fetch('LDAP_RPORT', '10389'),
|
||||
rport: ENV.fetch('LDAP_RPORT', '389'),
|
||||
ssl: ENV.fetch('LDAP_SSL', 'false')
|
||||
}
|
||||
}
|
||||
|
@ -54,7 +54,7 @@ RSpec.describe 'LDAP modules' do
|
|||
all: {
|
||||
required: [
|
||||
/Discovered base DN/,
|
||||
/Query returned 1 result/
|
||||
/Query returned 4 results/
|
||||
]
|
||||
}
|
||||
}
|
||||
|
@ -68,8 +68,10 @@ RSpec.describe 'LDAP modules' do
|
|||
all: {
|
||||
required: [
|
||||
/Discovering base DN\(s\) automatically/,
|
||||
/Storing LDAP data for base DN='dc=wimpi,dc=net' in loot/,
|
||||
/5 entries, 1 creds found in 'dc=wimpi,dc=net'/
|
||||
/Dumping data for root DSE/,
|
||||
/Searching base DN='DC=ldap,DC=example,DC=com'/,
|
||||
/Storing LDAP data for base DN='DC=ldap,DC=example,DC=com' in loot/,
|
||||
/266 entries, 0 creds found in 'DC=ldap,DC=example,DC=com'./
|
||||
]
|
||||
}
|
||||
}
|
||||
|
@ -79,11 +81,12 @@ RSpec.describe 'LDAP modules' do
|
|||
platforms: %i[linux osx windows],
|
||||
targets: [:rhost],
|
||||
skipped: false,
|
||||
datastore: { TARGET_USER: 'test' },
|
||||
datastore: { TARGET_USER: 'administrator' },
|
||||
lines: {
|
||||
all: {
|
||||
required: [
|
||||
/Discovering base DN automatically/,
|
||||
/Discovered base DN: DC=ldap,DC=example,DC=com/,
|
||||
/The msDS-KeyCredentialLink field is empty./
|
||||
]
|
||||
}
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
FROM ubuntu:20.04
|
||||
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install samba krb5-config winbind smbclient
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install iproute2
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install openssl
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install vim
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install ldap-utils
|
||||
|
||||
RUN rm /etc/krb5.conf
|
||||
RUN mkdir -p /opt/ad-scripts
|
||||
|
||||
WORKDIR /opt/ad-scripts
|
||||
|
||||
CMD chmod +x *.sh && ./samba-ad-setup.sh && ./samba-ad-run.sh
|
|
@ -0,0 +1,25 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
ldap:
|
||||
tty: true
|
||||
network_mode: bridge
|
||||
hostname: ldap.example.com
|
||||
ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
environment:
|
||||
SMB_ADMIN_PASSWORD: admin123!
|
||||
volumes:
|
||||
- ./:/opt/ad-scripts
|
||||
healthcheck:
|
||||
test: ldapsearch -x -H ldap://localhost:389 -b '' -D DEV-AD\\Administrator -w admin123! -s base
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 5s
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
|
@ -0,0 +1,33 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
[ -f /var/lib/samba/.setup ] || {
|
||||
>&2 echo "[ERROR] Samba is not setup yet, which should happen automatically. Look for errors!"
|
||||
exit 127
|
||||
}
|
||||
|
||||
cat << EOF > /var/lib/samba/private/smb.conf
|
||||
# Global parameters
|
||||
[global]
|
||||
dns forwarder = 192.168.65.7
|
||||
#server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
|
||||
server services = ldap
|
||||
|
||||
netbios name = LDAP
|
||||
realm = LDAP.EXAMPLE.COM
|
||||
server role = active directory domain controller
|
||||
workgroup = DEV-AD
|
||||
idmap_ldb:use rfc2307 = yes
|
||||
ldap server require strong auth = no
|
||||
allow dns updates = disabled
|
||||
[sysvol]
|
||||
path = /var/lib/samba/sysvol
|
||||
read only = No
|
||||
|
||||
[netlogon]
|
||||
path = /var/lib/samba/sysvol/ldap.example.com/scripts
|
||||
read only = No
|
||||
EOF
|
||||
|
||||
samba -i -s /var/lib/samba/private/smb.conf
|
|
@ -0,0 +1,31 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
info () {
|
||||
echo "[INFO] $@"
|
||||
}
|
||||
|
||||
info "Running setup"
|
||||
|
||||
# Check if samba is setup
|
||||
[ -f /var/lib/samba/.setup ] && info "Already setup..." && exit 0
|
||||
|
||||
info "Provisioning domain controller..."
|
||||
|
||||
info "Given admin password: ${SMB_ADMIN_PASSWORD}"
|
||||
|
||||
rm /etc/samba/smb.conf
|
||||
|
||||
samba-tool domain provision\
|
||||
--server-role=dc\
|
||||
--use-rfc2307\
|
||||
--dns-backend=SAMBA_INTERNAL\
|
||||
--realm=`hostname`\
|
||||
--domain=DEV-AD\
|
||||
--adminpass=${SMB_ADMIN_PASSWORD}\
|
||||
--option='server services = ldap'
|
||||
|
||||
mv /etc/samba/smb.conf /var/lib/samba/private/smb.conf
|
||||
|
||||
touch /var/lib/samba/.setup
|
Loading…
Reference in New Issue