From bf6352ecd8b50c0a0dad23c5e0e82804b202d202 Mon Sep 17 00:00:00 2001
From: Guillaume Thouvenin <gthouvenin@mirantis.com>
Date: Thu, 23 Jun 2016 16:13:09 +0200
Subject: [PATCH] Add the LDAP configuration for the CI

This patch adds the configuration of the LDAP server
that will be used by the CI for testing the support
of LDAP in StackLight plugins.

Change-Id: I83adf3028c998e19b0635605aa02d7b823cfd22b
---
 fixtures/ldap/Readme.md        |  22 ++++++
 fixtures/ldap/install_slapd.sh | 122 +++++++++++++++++++++++++++++++++
 2 files changed, 144 insertions(+)
 create mode 100644 fixtures/ldap/Readme.md
 create mode 100755 fixtures/ldap/install_slapd.sh

diff --git a/fixtures/ldap/Readme.md b/fixtures/ldap/Readme.md
new file mode 100644
index 0000000..60e6fb4
--- /dev/null
+++ b/fixtures/ldap/Readme.md
@@ -0,0 +1,22 @@
+# Installation of the LDAP server
+
+## On the node where the plugin is running
+
+To install the server just run the script **install_ldap.sh** as root. It will
+perform the following actions:
+
+- installs the *slapd* (a LDAP daemon) and configure the DN to "dc=stacklight,dc=ci"
+  - It creates the admin user: *cn=admin,dc=stacklight,dc=ci*
+- creates groups and users needed for the CI tests.
+  - two groups are created under the Organization Unit *groups*
+    - *plugin_admins* that is the admins group
+    - *plugin_viewers* that is the viewers group
+  - two users that are:
+    - *uadmin* user that will belong to admins group
+    - *uviewer* user that will belong to viewers group
+
+To check that every is fine you can do the following search that should show
+all inputs listed above.
+```
+ldapsearch -x -b "dc=stacklight,dc=ci" -D "cn=admin,dc=stacklight,dc=ci" -W
+```
diff --git a/fixtures/ldap/install_slapd.sh b/fixtures/ldap/install_slapd.sh
new file mode 100755
index 0000000..8df6dd7
--- /dev/null
+++ b/fixtures/ldap/install_slapd.sh
@@ -0,0 +1,122 @@
+#!/bin/bash
+set -e
+
+# ############################################################################
+# Install the standalone LDAP server (slapd)
+#
+if [ "$(id -u)" -ne 0 ]
+then echo "Please run as root"
+    exit 1
+fi
+
+DOMAIN="stacklight.ci"
+BASE_DN="dc=stacklight,dc=ci"
+BIND_DN="cn=admin,${BASE_DN}"
+BIND_PASSWORD="admin"
+
+# The distinguished name of objects that will be created in LDAP
+UID_UADMIN="uid=uadmin,${BASE_DN}"
+UID_UVIEWER="uid=uviewer,${BASE_DN}"
+OU_GROUPS="ou=groups,${BASE_DN}"
+CN_ADMINS="cn=plugin_admins,${OU_GROUPS}"
+CN_VIEWERS="cn=plugin_viewers,${OU_GROUPS}"
+
+debconf-set-selections << EOF
+slapd slapd/password1 password ${BIND_PASSWORD}
+slapd slapd/password1 seen true
+slapd slapd/password2 password ${BIND_PASSWORD}
+slapd slapd/password2 seen true
+slapd slapd/domain string ${DOMAIN}
+slapd slapd/domain seen true
+EOF
+
+DEBIAN_FRONTEND=noninteractive apt-get install -y -o Dpkg::Options::=--force-confnew --no-install-recommends slapd ldap-utils
+
+# ############################################################################
+# Configure the LDAP database
+#
+ldapadd -x -D ${BIND_DN} -w ${BIND_PASSWORD} << EOF
+# Creation of the user "uadmin" that will belong to admins group
+dn: ${UID_UADMIN}
+cn: uadmin
+gecos: uadmin
+gidnumber: 500
+homedirectory: /home/uadmin
+loginshell: /bin/bash
+objectclass: top
+objectclass: account
+objectclass: posixAccount
+objectclass: shadowAccount
+shadowlastchange: 0
+shadowmax: 0
+shadowwarning: 0
+uid: uadmin
+uidnumber: 16860
+userpassword: uadmin
+
+# Creation of the user "uviewer" that will belong to viewers group
+dn: ${UID_UVIEWER}
+cn: uviewer
+gecos: uviewer
+gidnumber: 500
+homedirectory: /home/uviewer
+loginshell: /bin/bash
+objectclass: top
+objectclass: account
+objectclass: posixAccount
+objectclass: shadowAccount
+shadowlastchange: 0
+shadowmax: 0
+shadowwarning: 0
+uid: uviewer
+uidnumber: 16861
+userpassword: uviewer
+
+# Creation of the Organization Unit "groups"
+dn: ${OU_GROUPS}
+objectclass: organizationalUnit
+objectclass: top
+ou: groups
+
+# Creation of the admins groups
+dn: ${CN_ADMINS}
+cn: plugin_admins
+gidnumber: 501
+memberuid: uadmin
+objectclass: posixGroup
+objectclass: top
+
+# Creation of the viewers groups
+dn: ${CN_VIEWERS}
+cn: plugin_viewers
+gidnumber: 503
+memberuid: uviewer
+objectclass: posixGroup
+objectclass: top
+EOF
+
+# ############################################################################
+# Validate the installation
+
+function check_ldap_value {
+    if grep "$1" "${TMPFILE}" &>/dev/null; then
+        echo "  [SUCCESS] $1 found in LDAP"
+    else
+        echo "  [FAILURE] $1 not found in LDAP"
+    fi
+}
+
+TMPFILE=$(mktemp -t ldapsearch-output.XXXXX)
+ldapsearch -x -b ${BASE_DN} -D ${BIND_DN} -w ${BIND_PASSWORD} > "${TMPFILE}"
+
+set +e
+echo "Installation and configuration of LDAP server are done."
+echo "Starting the validation of the LDAP schema."
+check_ldap_value $UID_UADMIN
+check_ldap_value $UID_UVIEWER
+check_ldap_value $OU_GROUPS
+check_ldap_value $CN_ADMINS
+check_ldap_value $CN_VIEWERS
+echo "Validation completed. You should only see SUCCESS reported."
+
+rm -f "${TMPFILE}"