Add SVC

dfpc-coe · Oct 22, 2024 · d82ebc9 · d82ebc9
1 parent 868e931
commit d82ebc9
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/cloudformation/lib/api.js b/cloudformation/lib/api.js
@@ -44,6 +44,21 @@ export default {
             }
         },
 
+        LDAPSVCSecret: {
+            Type: 'AWS::SecretsManager::Secret',
+            Properties: {
+                Description: cf.join([cf.stackName, ' LDAP Master Password']),
+                GenerateSecretString: {
+                    SecretStringTemplate: '{"username": "admin"}',
+                    GenerateStringKey: 'password',
+                    ExcludePunctuation: true,
+                    PasswordLength: 32
+                },
+                Name: cf.join([cf.stackName, '/admin']),
+                KmsKeyId: cf.ref('KMS')
+            }
+        },
+
         ELB: {
             Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer',
             Properties: {

diff --git a/templates/05-orgUnit.ldif → templates/04-orgUnit.ldif b/templates/05-orgUnit.ldif → templates/04-orgUnit.ldif
diff --git a/templates/05-svcaccount.ldif b/templates/05-svcaccount.ldif
@@ -0,0 +1,6 @@
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="uid=ldapsvcaccount,dc=CUSTOM_ORG,dc=CUSTOM_TLD" read by * break
+olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD" write by anonymous auth by * none
+olcAccess: {2}to * by self read by dn.exact=cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD write by * none