changes

SUSE · Oct 28, 2024 · deeeaf0 · deeeaf0
1 parent 1212142
commit deeeaf0
Showing 1 changed file with 64 additions and 44 deletions.
diff --git a/scripts/authentication/ds389.sh b/scripts/authentication/ds389.sh
@@ -1,21 +1,43 @@
 #!/bin/bash
+# This library contains some functions to use and setup 389
+# directory server ( https://www.port389.org/index.html )
+# which is an "enterprise-class Open Source LDAP server for Linux.". 
+# SPDX-License-Identifier: GPL-3.0-only or GPL-3.0-or-later
+# 
+# Copyright (C) 2024 Raul Mahiques
+#
+# This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+# For more details find a copy of the license here: 
+# https://www.gnu.org/licenses/gpl-3.0.txt
+#
+
+
 
 #######################################
 # DS389 - restrict permissions:
 #   - prevent normal users from reading the whole directory
-# Global vars:
-#   _ldap_uri
-#   _ldap_basedn
-#   _admin_user
-#   _admin_pwd
+# Arguments:
+#   1 - _ldap_uri
+#   2 - _ldap_basedn
+#   3 - _admin_user
+#   4 - _admin_pwd
 # Examples:
-#   ds389_restrict_permissions
+#   ds389_restrict_permissions "<_ldap_uri>" "<_ldap_basedn>" "<_admin_user>" "<_admin_pwd>"
 #######################################
 function ds389_restrict_permissions() {
-  local _ldap_uri=$1
-  local _ldap_basedn=$2
-  local _admin_user=$3
-  local _admin_pwd=$4
+  local _ldap_uri="$1"
+  local _ldap_basedn="$2"
+  local _admin_user="$3"
+  local _admin_pwd="$4"
   ldapmodify -D "${_admin_user}" -w "${_admin_pwd}" -x  -H "${_ldap_uri}" << EOL
 dn: ou=people,${_ldap_basedn}
 changetype: modify
@@ -31,21 +53,21 @@ EOL
 
 #######################################
 # DS389 - Grant user privileges to read the whole directory
-# Global vars:
-#   _ldap_uri
-#   _ldap_basedn
-#   _admin_user
-#   _admin_pwd
 # Arguments:
-#   1 - Username (Default: ldap_user)
+#   1 - _ldap_uri
+#   2 - _ldap_basedn
+#   3 - _admin_user
+#   4 - _admin_pwd
+#   5 - Username (Default: ldap_user)
 # Examples:
-#   ds389_user_private_read [<a_user>]
+#   ds389_user_private_read "ldap://ldap.mydemo.lab:389" "dc=mydemo,dc=lab" "cn=Directory Manager" "secret" "ldap_user"
 #######################################
 function ds389_ldap_user-user_private_read() {
-  local _ldap_uri=${_ldap_uri}
-  local _ldap_basedn=${_ldap_basedn}
-  local _admin_user=${_admin_user}
-  local _admin_pwd=${_admin_pwd}
+  local _ldap_uri="$1"
+  local _ldap_basedn="$2"
+  local _admin_user="$3"
+  local _admin_pwd="$4"
+  local username="$5"
   ldapmodify -D "${_admin_user}" -w "${_admin_pwd}" -x  -H "${_ldap_uri}" << EOL
 dn: cn=user_private_read,ou=permissions,${_ldap_basedn}
 changetype: modify
@@ -56,36 +78,37 @@ EOL
 
 #######################################
 # DS389 - Verify user has access
-# Global vars:
-#   _ldap_uri
-#   _ldap_basedn
 # Arguments:
 #   1 - ldap user DN
 #   2 - ldap user pwd
+#   3 - _ldap_uri
+#   4 - _ldap_basedn
 # Examples:
-#   ds389_ldap_user_access_check "uid=ldap_user,ou=people,dc=mydemo,dc=lab" "mypassword"
+#   ds389_ldap_user_access_check "cn=Directory Manager" "secret"  "uid=ldap_user,ou=people,dc=mydemo,dc=lab" "mypassword"
 #######################################
 function ds389_ldap_user_access_check() {
-  local _ldap_uri=${_ldap_uri}
-  local _ldap_basedn=${_ldap_basedn}
-  ldapsearch -x  -D "${1}" -w "${2}" -H "${_ldap_uri}"  -b "${_ldap_basedn}"
+  local _ldap_user_dn="${1}"
+  local _ldap_user_pwd="${2}"
+  local _ldap_uri="${3}"
+  local _ldap_basedn="${4}"
+  ldapsearch -x  -D "${_ldap_user_dn}" -w "${_ldap_user_pwd}" -H "${_ldap_uri}"  -b "${_ldap_basedn}"
 }
 
 #######################################
 # DS389 - Install 389 Directory server
-# Global vars:
-#   _ldap_uri
-#   _ldap_basedn
-#   _admin_user
-#   _admin_pwd
+# Arguments:
+#   1 - _ldap_uri
+#   2 - _ldap_basedn
+#   3 - _admin_user
+#   4 - _admin_pwd
 # Examples:
-#   ds389_install
+#   ds389_install "ldap://ldap.mydemo.lab:389" "dc=mydemo,dc=lab" "cn=Directory Manager" "secret"
 #######################################
 function ds389_install() {
-  local _ldap_uri=${_ldap_uri}
-  local _ldap_basedn=${_ldap_basedn}
-  local _admin_user=${_admin_user}
-  local _admin_pwd=${_admin_pwd}
+  local _ldap_uri="${1}"
+  local _ldap_basedn="${2}"
+  local _admin_user="${3}"
+  local _admin_pwd="${4}"
   # add the repo
   helm repo add suse-lab-setup https://opensource.suse.com/lab-setup
   helm repo update
@@ -97,19 +120,16 @@ function ds389_install() {
     helm upgrade --install ds389 suse-lab-setup/ds389
   fi
   sleep 60
-  ds389_restrict_permissions
+  ds389_restrict_permissions "${_ldap_uri}" "${_ldap_basedn}" "${_admin_user}" "${_admin_pwd}"
   ds389_ldap_user-user_private_read
 }
 
 #######################################
 # DS389 - Uninstall 389 Directory server
-# Arguments:
-#   1 - Namespace (Default: ds389)
-#   2 - App_name (Default: ds389)
 # Examples:
-#   ds389_uninstall [<ds389> <ds389>]
+#   ds389_uninstall
 #######################################
 function ds389_uninstall() {
-  kubectl -n ${1:-ds389} delete ServiceAccount/${2:-ds389}-sa Secret/dirsrv-tls-secret Secret/dirsrv-dm-password StatefulSet/${2:-ds389} Ingress/${2:-ds389} Service/${2:-ds389} service/${2:-ds389}-internal-svc  service/${2:-ds389}-external-svc Namespace/${1:-ds389}
+  helm uninstall ds389
   sleep 15 
 }