Updates for LDAP not working yet

djthorpe · djthorpe · commit a27e7ab6412e · 2024-01-24T11:38:47.000+01:00
diff --git a/openldap/input.tf b/openldap/input.tf
@@ -39,16 +39,6 @@ variable "data" {
   description = "Directory for data persistence, required"
 }
 
-variable "ldif" {
-  type        = string
-  description = "Directory for additional ldif files, optional"
-}
-
-variable "schema" {
-  type        = string
-  description = "Directory for additional schema files, optional"
-}
-
 variable "admin_password" {
   description = "LDAP admin password (required)"
   type        = string
@@ -59,3 +49,8 @@ variable "basedn" {
   description = "LDAP distinguished name (required)"
   type        = string
 }
+
+variable "organization" {
+  description = "Organization name (required)"
+  type        = string
+}
diff --git a/openldap/ldif/root.ldif b/openldap/ldif/root.ldif
@@ -0,0 +1,22 @@
+
+# Root
+dn: {{ env "NOMAD_META_basedn" }}
+objectClass: top
+objectClass: organization
+dc: {{ env "NOMAD_META_organization" }}
+description: Organization
+
+# Groups
+dn: ou={{ env "NOMAD_META_groups" }},{{ env "NOMAD_META_basedn" }}
+ou: {{ env "NOMAD_META_groups" }}
+objectClass: top
+objectClass: organizationalUnit
+description: User groups
+
+# Users
+dn: ou={{ env "NOMAD_META_users" }},{{ env "NOMAD_META_basedn" }}
+ou: {{ env "NOMAD_META_users" }}
+objectClass: top
+objectClass: organizationalUnit
+description: Users
+
diff --git a/openldap/ldif/tree.ldif b/openldap/ldif/tree.ldif
diff --git a/openldap/main.tf b/openldap/main.tf
@@ -13,10 +13,13 @@ resource "nomad_job" "ldap" {
       hosts              = jsonencode(var.hosts)
       port               = var.port
       data               = var.data
-      ldif               = var.ldif
-      schema             = var.schema
       admin_password     = var.admin_password
       basedn             = var.basedn
+      organization       = var.organization
+      ldif = jsonencode({
+        "root" = file("${path.module}/ldif/root.ldif")
+      })
+      schema = jsonencode({})
     }
   }
 }
diff --git a/openldap/nomad/openldap.hcl b/openldap/nomad/openldap.hcl
@@ -51,13 +51,13 @@ variable "data" {
 }
 
 variable "ldif" {
-  description = "Path to custom LDIF files, optional"
-  type        = string
+  description = "Custom LDIF rules, optional"
+  type        = map(string)
 }
 
 variable "schema" {
-  description = "Path to custom schema files, optional"
-  type        = string
+  description = "Custom schemas, optional"
+  type        = map(string)
 }
 
 variable "admin_password" {
@@ -70,13 +70,18 @@ variable "basedn" {
   type        = string
 }
 
+variable "organization" {
+  description = "Organization name"
+  type        = string
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // LOCALS
 
 locals {
-  data_path   = "/bitnami/openldap"
-  ldif_path   = var.ldif == "" ? "" : "/ldap/ldif"
-  schema_path = var.schema == "" ? "" : "/ldap/schema"
+  data_path   = "/bitnami/openldap/data"
+  ldif_path   = "${NOMAD_ALLOC_DIR}/data/ldif"
+  schema_path = "${NOMAD_ALLOC_DIR}/data/schema"
 }
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -128,17 +133,31 @@ job "openldap" {
     task "daemon" {
       driver = "docker"
 
-      config {
-        image      = var.docker_image
-        force_pull = var.docker_always_pull
-        volumes = compact([
-          local.ldif_path == "" ? "" : format("%s:%s", var.ldif, local.ldif_path),
-          local.schema_path == "" ? "" : format("%s:%s", var.schema, local.schema_path)
-        ])
-        ports = ["ldap"]
+      // Metadata for ldif and schema templates
+      meta {
+        basedn       = var.basedn
+        organization = var.organization
+        users        = "users"
+        groups       = "groups"
       }
 
-      // TODO: /bitnami/openldap should be /alloc/data when var.data is empty
+      // LDIF templates
+      dynamic "template" {
+        for_each = var.ldif
+        content {
+          destination = "${local.ldif_path}/${template.key}.ldif"
+          data        = template.value
+        }
+      }
+
+      // Schema templates
+      dynamic "template" {
+        for_each = var.schema
+        content {
+          destination = "${local.schema_path}/${template.key}.schema"
+          data        = template.value
+        }
+      }
 
       env {
         LDAP_ADMIN_USERNAME    = "admin"
@@ -148,8 +167,17 @@ job "openldap" {
         LDAP_ADD_SCHEMAS       = "yes"
         LDAP_EXTRA_SCHEMAS     = "cosine, inetorgperson, nis"
         LDAP_SKIP_DEFAULT_TREE = "yes"
-        LDAP_CUSTOM_LDIF_DIR   = local.ldif_path
-        LDAP_CUSTOM_SCHEMA_DIR = local.schema_path
+        LDAP_CUSTOM_LDIF_DIR   = "" // local.ldif_path
+        LDAP_CUSTOM_SCHEMA_DIR = "" // local.schema_path
+      }
+
+      config {
+        image      = var.docker_image
+        force_pull = var.docker_always_pull
+        volumes = compact([
+          format("%s:%s", var.data, local.data_path),
+        ])
+        ports = ["ldap"]
       }
 
     } // task "daemon"

Original file line number	Diff line number	Diff line change
`@@ -13,10 +13,13 @@ resource "nomad_job" "ldap" {`
`13`	`13`	`hosts = jsonencode(var.hosts)`
`14`	`14`	`port = var.port`
`15`	`15`	`data = var.data`
`16`		`- ldif = var.ldif`
`17`		`- schema = var.schema`
`18`	`16`	`admin_password = var.admin_password`
`19`	`17`	`basedn = var.basedn`
	`18`	`+ organization = var.organization`
	`19`	`+ ldif = jsonencode({`
	`20`	`+ "root" = file("${path.module}/ldif/root.ldif")`
	`21`	`+ })`
	`22`	`+ schema = jsonencode({})`
`20`	`23`	`}`
`21`	`24`	`}`
`22`	`25`	`}`