diff --git a/README.md b/README.md index bbe904f..ab5bd65 100644 --- a/README.md +++ b/README.md @@ -54,3 +54,22 @@ Further help about a specific command can be obtained via something like: npx deploy info --help ``` +### Example Local Testing + +1. Build the Docker Image + +```sh +docker compose up --build +``` + +2. Populate the database with users + +```sh +ldapmodify -D 'cn=admin,dc=cotak,dc=gov' -H ldap://localhost:3389 -w admin -f +``` + +3. Ensure the service account can list users + +``` +ldapsearch -v -x -D 'uid=ldapsvcaccount,dc=cotak,dc=gov' -b 'dc=cotak,dc=gov' -H ldap://localhost:3389 -w service +``` diff --git a/docker-compose.yml b/docker-compose.yml index 43901f3..13c0dbf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,9 +1,9 @@ services: openldap: build: ./ - volumes: - - /var/lib/ldap - - /etc/ldap/slapd.d - - /etc/letsencrypt:/container/service/slapd/assets/certs/ + environment: + - LDAP_DOMAIN=cotak.gov + - LDAP_ADMIN_PASSWORD=admin + - LDAP_SVC_PASSWORD=service ports: - - "389:389" + - "3389:389" diff --git a/templates/05-svc-service.ldif b/templates/05-svc-service.ldif index 388827b..29b7c36 100644 --- a/templates/05-svc-service.ldif +++ b/templates/05-svc-service.ldif @@ -16,4 +16,3 @@ replace: olcAccess olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="uid=ldapsvcaccount,dc=CUSTOM_ORG,dc=CUSTOM_TLD" read by * break olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD" write by anonymous auth by * none olcAccess: {2}to * by self read by dn.exact=cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD write by * none -