created anonymous binding database + test

ViViDboarder · Jan 22, 2025 · daade33 · daade33
1 parent c554c8a
commit daade33
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 7 deletions.
diff --git a/Makefile b/Makefile
@@ -60,24 +60,24 @@ itest: itest-up itest-run itest-stop
 .PHONY: itest-up-anon
 itest-up-anon:
 	docker compose -f docker-compose.yml \
-		-f itest/docker-compose.itest.yml \
+		-f itest/docker-compose.itest-anon.yml \
 		build
 	docker compose -f docker-compose.yml \
-		-f itest/docker-compose.itest.yml \
+		-f itest/docker-compose.itest-anon.yml \
 		up -d vaultwarden ldap
 
 .PHONY: itest-run-anon
 itest-run-anon:
 	docker compose -f docker-compose.yml \
-		-f itest/docker-compose.itest.yml \
-		run ldap_sync
+		-f itest/docker-compose.itest-anon.yml \
+		run --rm ldap_sync
 
 .PHONY: itest-stop-anon
 itest-stop-anon:
 	docker compose stop
 
 .PHONY: itest-anon
-itest: itest-up-anon itest-run-anon itest-stop-anon
+itest-anon: itest-up-anon itest-run-anon itest-stop-anon
 
 # Run bootstrapped integration test using env for config
 .PHONY: itest-env

diff --git a/itest/config-anon.toml b/itest/config-anon.toml
@@ -0,0 +1,8 @@
+vaultwarden_url = "http://vaultwarden:80"
+vaultwarden_admin_token = "admin"
+ldap_host = "ldap"
+# ldap_bind_dn = "cn=readonly,dc=example,dc=org"
+# ldap_bind_password = "readonly"
+ldap_search_base_dn = "dc=example,dc=org"
+ldap_search_filter = "(&(objectClass=*)(uid=*))"
+ldap_sync_loop = false
diff --git a/itest/docker-compose.itest-anon-env.yml b/itest/docker-compose.itest-anon-env.yml
@@ -17,4 +17,5 @@ services:
   ldap:
     command: ["--copy-service"]
     volumes:
-      - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif
+      - ./itest/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
+      - ./itest/schema/anon.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/anon.ldif
diff --git a/itest/docker-compose.itest-anon.yml b/itest/docker-compose.itest-anon.yml
@@ -9,4 +9,5 @@ services:
   ldap:
     command: ["--copy-service"]
     volumes:
-      - ./itest/50-seed-user.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-seed-user.ldif
+      - ./itest/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
+      - ./itest/schema/anon.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/anon.ldif
diff --git a/itest/ldif/anon.ldif b/itest/ldif/anon.ldif
diff --git a/itest/schema/anon.ldif b/itest/schema/anon.ldif
@@ -0,0 +1,15 @@
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: to * 
+  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage 
+  by * break
+olcAccess: to attrs=userPassword,shadowLastChange
+  by self write
+  by dn="cn=admin,dc=example,dc=org" write
+  by anonymous auth
+  by * none
+olcAccess: to * 
+  by anonymous read
+  by dn="cn=admin,dc=example,dc=org" write
+  by * none