Skip to content

lorenzo-filomena/schema

 
 

Repository files navigation

WEEE Open LDAP schema

Some LDAP schema files that we use. Everything is in a format compatible with 389DS and can be readily dropped into /etc/dirsrv/slapd-.../schema.

License is inside each file, except for SCHAC for which I couldn't locate a license.

SCHAC

SCHema for ACademia.

The file 97schac.ldif comes from the official schema in OpenLDAP format, converted to 389DS format with manual edits (replacing textual OIDs with numbers from olcObjectIdentifier) and some scripts, especially ol2rhds.pl.

SSH

Located at 98ssh.ldif, it allows storing public SSH keys. It's an OpenLDAP schema with minor modifications to adapt it to 389DS.

SSH as Text

A single objectClass with a single plain text variable to add an SSH key to things. This is 98sshAsText.ldif.

Telegram

98telegram.ldif is a simple schema to store some Telegram related inforamation: ID, nickname and group invite links.

The very large OID from the UUID arc (i.e. 2.25.100841824846419382782883384063386193490) may cause some problems to very old/buggy software, however both 389DS and Apache Directory Studio seem to have no problems with them.

WEEE Open

There are a few more bits and bobs in 98weeeopen.ldif. Not very interesting.

Generating UUIDs for OIDs

Since this ancient knowledge seems to have disappeared from the Internet after 2019, those UUIDs can be generated like this:

import uuid
int(uuid.uuid4())

Password Policies

Use policies.yml to replace existing values.

ACI

The aci directory contains some ACIs for 389DS and tests related to those.

make_acis.py has a method that formats all the parts into an ACI, then it prints all the ACIs in a YAML format that can be pasted into an Ansible playbook. For details on how and where to paste it, see the "sso" repo.

Alternatively, make_acis.py can also output a LDIF file.

test_acis.py uses pytest to test that the ACIs are working as expected. It also tests the password policy set in the "sso" repo. It requires 389DS configured as in that repo. If you follow the instructions there, you'll clone this repo anyway, so it all makes sense, hopefully.

To create ACIs:

cd aci
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# For Ansible, past the output into the playbook:
./make_acis.py -y -s "{{ dirsrv_suffix }}"
# Alternatively, as a LDIF file (replace with real suffix):
./make_acis.py -l -s "dc=example,dc=test"

To test them:

# Create LDIF file with ACIs for tests:
./make_acis.py -l -s "dc=example,dc=test" > aci_tmp.ldif
# Run 389DS in a container or in any other way of your choice
docker run --name dirsrv -p 3389:3389 -e DS_SUFFIX_NAME="dc=example,dc=test" -e DS_DM_PASSWORD="asd" 389ds/dirsrv:latest
# Required env variables for the tests
export TEST_PASSWORD="asd"
export TEST_LDAP_CONNECTION_STRING="ldap://disrv:3389"
export TEST_SUFFIX="dc=example,dc=test"
export TEST_ACI_LDIF="aci_tmp.lidf"
export TEST_IMPORT_SCHEMA=1 # To import the schema during tests, do not set at all if you want to import manually
# Run tests, this will also create a backend and DIT
./test_acis.py

About

LDAP schema

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%