ocis_ldap example: Switch to newer ldap server image

Switch away from the unmaintained osixia image to the more uptodate
bitnami image.

Also update the owncloud schema to include the latest changes

Fixes #5636

deployments/examples/ocis_ldap/config/ldap/docker-entrypoint-override.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+printenv
+
+if [ ! -f /opt/bitnami/openldap/certs/openldap.key ]
+then	
+	openssl req -x509 -newkey rsa:4096 -keyout /opt/bitnami/openldap/certs/openldap.key -out /opt/bitnami/openldap/certs/openldap.crt -sha256 -days 365 -batch -nodes
+fi
+# run original docker-entrypoint
+/opt/bitnami/scripts/openldap/entrypoint.sh "$@"

deployments/examples/ocis_ldap/config/ldap/ldif/10_base.ldif

@@ -0,0 +1,13 @@
+dn: dc=owncloud,dc=com
+objectClass: organization
+objectClass: dcObject
+dc: owncloud
+o: ownCloud
+
+dn: ou=users,dc=owncloud,dc=com
+objectClass: organizationalUnit
+ou: users
+
+dn: ou=groups,dc=owncloud,dc=com
+objectClass: organizationalUnit
+ou: groups

deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif

@@ -1,7 +1,3 @@
-dn: ou=users,dc=owncloud,dc=com
-objectClass: organizationalUnit
-ou: users
-
 # Start dn with uid (user identifier / login), not cn (Firstname + Surname)
 dn: uid=einstein,ou=users,dc=owncloud,dc=com
 objectClass: inetOrgPerson
@@ -20,7 +16,7 @@ mail: einstein@example.org
 uidNumber: 20000
 gidNumber: 30000
 homeDirectory: /home/einstein
-ownCloudUUID:: NGM1MTBhZGEtYzg2Yi00ODE1LTg4MjAtNDJjZGY4MmMzZDUx
+ownCloudUUID: 4c510ada-c86b-4815-8820-42cdf82c3d51
 userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ==
 
 dn: uid=marie,ou=users,dc=owncloud,dc=com
@@ -40,7 +36,7 @@ mail: marie@example.org
 uidNumber: 20001
 gidNumber: 30000
 homeDirectory: /home/marie
-ownCloudUUID:: ZjdmYmY4YzgtMTM5Yi00Mzc2LWIzMDctY2YwYThjMmQwZDlj
+ownCloudUUID: f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c
 userPassword:: e1NTSEF9UmFvQWs3TU9jRHBIUWY3bXN3MGhHNnVraFZQWnRIRlhOSUNNZEE9PQ==
 
 dn: uid=richard,ou=users,dc=owncloud,dc=com
@@ -60,7 +56,7 @@ mail: richard@example.org
 uidNumber: 20002
 gidNumber: 30000
 homeDirectory: /home/richard
-ownCloudUUID:: OTMyYjQ1NDAtOGQxNi00ODFlLThlZjQtNTg4ZTRiNmIxNTFj
+ownCloudUUID: 932b4540-8d16-481e-8ef4-588e4b6b151c
 userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ==
 
 dn: uid=moss,ou=users,dc=owncloud,dc=com
@@ -80,7 +76,7 @@ mail: moss@example.org
 uidNumber: 20003
 gidNumber: 30000
 homeDirectory: /home/moss
-ownCloudUUID:: MDU4YmZmOTUtNjcwOC00ZmU1LTkxZTQtOWVhM2QzNzc1ODhi
+ownCloudUUID: 058bff95-6708-4fe5-91e4-9ea3d377588b
 userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc=
 
 dn: uid=admin,ou=users,dc=owncloud,dc=com
@@ -100,5 +96,5 @@ mail: admin@example.org
 uidNumber: 20004
 gidNumber: 30000
 homeDirectory: /home/admin
-ownCloudUUID:: ZGRjMjAwNGMtMDk3Ny0xMWViLTlkM2YtYTc5Mzg4OGNkMGY4
+ownCloudUUID: ddc2004c-0977-11eb-9d3f-a793888cd0f8
 userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo=

deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif

@@ -1,14 +1,10 @@
-dn: ou=groups,dc=owncloud,dc=com
-objectClass: organizationalUnit
-ou: groups
-
 dn: cn=users,ou=groups,dc=owncloud,dc=com
 objectClass: groupOfNames
 objectClass: ownCloud
 objectClass: top
 cn: users
 description: Users
-ownCloudUUID:: NTA5YTlkY2QtYmIzNy00ZjRmLWEwMWEtMTlkY2EyN2Q5Y2Zh
+ownCloudUUID: 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa
 member: uid=einstein,ou=users,dc=owncloud,dc=com
 member: uid=marie,ou=users,dc=owncloud,dc=com
 member: uid=richard,ou=users,dc=owncloud,dc=com
@@ -21,7 +17,7 @@ objectClass: ownCloud
 objectClass: top
 cn: sailing-lovers
 description: Sailing lovers
-ownCloudUUID:: NjA0MGFhMTctOWM2NC00ZmVmLTliZDAtNzcyMzRkNzFiYWQw
+ownCloudUUID: 6040aa17-9c64-4fef-9bd0-77234d71bad0
 member: uid=einstein,ou=users,dc=owncloud,dc=com
 
 dn: cn=violin-haters,ou=groups,dc=owncloud,dc=com
@@ -30,7 +26,7 @@ objectClass: ownCloud
 objectClass: top
 cn: violin-haters
 description: Violin haters
-ownCloudUUID:: ZGQ1OGU1ZWMtODQyZS00OThiLTg4MDAtNjFmMmVjNmY5MTFm
+ownCloudUUID: dd58e5ec-842e-498b-8800-61f2ec6f911f
 member: uid=einstein,ou=users,dc=owncloud,dc=com
 
 dn: cn=radium-lovers,ou=groups,dc=owncloud,dc=com
@@ -39,7 +35,7 @@ objectClass: ownCloud
 objectClass: top
 cn: radium-lovers
 description: Radium lovers
-ownCloudUUID:: N2I4N2ZkNDktMjg2ZS00YTVmLWJhZmQtYzUzNWQ1ZGQ5OTdh
+ownCloudUUID: 7b87fd49-286e-4a5f-bafd-c535d5dd997a
 member: uid=marie,ou=users,dc=owncloud,dc=com
 
 dn: cn=polonium-lovers,ou=groups,dc=owncloud,dc=com
@@ -48,7 +44,7 @@ objectClass: ownCloud
 objectClass: top
 cn: polonium-lovers
 description: Polonium lovers
-ownCloudUUID:: Y2VkYzIxYWEtNDA3Mi00NjE0LTg2NzYtZmE5MTY1ZjU5OGZm
+ownCloudUUID: cedc21aa-4072-4614-8676-fa9165f598ff
 member: uid=marie,ou=users,dc=owncloud,dc=com
 
 dn: cn=quantum-lovers,ou=groups,dc=owncloud,dc=com
@@ -57,7 +53,7 @@ objectClass: ownCloud
 objectClass: top
 cn: quantum-lovers
 description: Quantum lovers
-ownCloudUUID:: YTE3MjYxMDgtMDFmOC00YzMwLTg4ZGYtMmIxYTlkMWNiYTFh
+ownCloudUUID: a1726108-01f8-4c30-88df-2b1a9d1cba1a
 member: uid=richard,ou=users,dc=owncloud,dc=com
 
 dn: cn=philosophy-haters,ou=groups,dc=owncloud,dc=com
@@ -66,7 +62,7 @@ objectClass: ownCloud
 objectClass: top
 cn: philosophy-haters
 description: Philosophy haters
-ownCloudUUID:: MTY3Y2JlZTItMDUxOC00NTVhLWJmYjItMDMxZmUwNjIxZTVk
+ownCloudUUID: 167cbee2-0518-455a-bfb2-031fe0621e5d
 member: uid=richard,ou=users,dc=owncloud,dc=com
 
 dn: cn=physics-lovers,ou=groups,dc=owncloud,dc=com
@@ -75,7 +71,7 @@ objectClass: ownCloud
 objectClass: top
 cn: physics-lovers
 description: Physics lovers
-ownCloudUUID:: MjYyOTgyYzEtMjM2Mi00YWZhLWJmZGYtOGNiZmVmNjRhMDZl
+ownCloudUUID: 262982c1-2362-4afa-bfdf-8cbfef64a06e
 member: uid=einstein,ou=users,dc=owncloud,dc=com
 member: uid=marie,ou=users,dc=owncloud,dc=com
 member: uid=richard,ou=users,dc=owncloud,dc=com

deployments/examples/ocis_ldap/config/ldap/schemas/10_owncloud_schema.ldif

@@ -0,0 +1,35 @@
+# This LDIF files describes the ownCloud schema and can be used to
+# add three optional attributes: ownCloudQuota, ownCloudUUID and ownCloudUserEnabled
+# The ownCloudUUID is used to store a unique, non-reassignable, persistent identifier for users and groups
+dn: cn=owncloud,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: owncloud
+olcObjectIdentifier: ownCloudOid 1.3.6.1.4.1.39430
+olcAttributeTypes: ( ownCloudOid:1.1.1 NAME 'ownCloudQuota'
+  DESC 'User Quota (e.g. 2 GB)'
+  EQUALITY caseExactMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( ownCloudOid:1.1.2 NAME 'ownCloudUUID'
+  DESC 'A non-reassignable and persistent account ID)'
+  EQUALITY uuidMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE )
+olcAttributeTypes: ( ownCloudOid:1.1.3 NAME 'oCExternalIdentity'
+  DESC 'A triple separated by "$" representing the objectIdentity resource type of the Graph API ( signInType $ issuer $ issuerAssignedId )'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( ownCloudOid:1.1.4 NAME 'ownCloudUserEnabled'
+  DESC 'A boolean value indicating if ownCloudUser is enabled'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
+olcObjectClasses: ( ownCloudOid:1.2.1 NAME 'ownCloud'
+  DESC 'ownCloud LDAP Schema'
+  AUXILIARY
+  MAY ( ownCloudQuota $ ownCloudUUID ) )
+olcObjectClasses: ( ownCloudOid:1.2.2 NAME 'ownCloudUser'
+  DESC 'ownCloud User LDAP Schema'
+  SUP ownCloud
+  AUXILIARY
+  MAY ( ocExternalIdentity $ ownCloudUserEnabled ) )

deployments/examples/ocis_ldap/docker-compose.yml

@@ -60,7 +60,7 @@ services:
     command: [ "-c", "ocis init || true; ocis server" ]
     environment:
       # users/gropups from ldap
-      LDAP_URI: ldaps://ldap-server
+      LDAP_URI: ldaps://ldap-server:1636
       LDAP_INSECURE: "true"
       LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
       LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
@@ -72,7 +72,6 @@ services:
       LDAP_USER_OBJECTCLASS: "inetOrgPerson"
       LDAP_LOGIN_ATTRIBUTES: "uid"
       OCIS_ADMIN_USER_ID: "ddc2004c-0977-11eb-9d3f-a793888cd0f8"
-      IDP_LDAP_URI: ldap://ldap-server
       IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
       IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid"
       IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
@@ -105,22 +104,27 @@ services:
     restart: always
 
   ldap-server:
-    image: osixia/openldap:latest
+    image: bitnami/openldap:2.6
     networks:
       ocis-net:
-    command: --copy-service --loglevel debug
+    entrypoint: ["/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ]
     environment:
+      BITNAMI_DEBUG: true
       LDAP_TLS_VERIFY_CLIENT: never
-      LDAP_DOMAIN: owncloud.com
-      LDAP_ORGANISATION: ownCloud
+      LDAP_ENABLE_TLS: "yes"
+      LDAP_TLS_CA_FILE: /opt/bitnami/openldap/certs/openldap.crt
+      LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/certs/openldap.crt
+      LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/certs/openldap.key
+      LDAP_ROOT: "dc=owncloud,dc=com"
       LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
-      LDAP_RFC2307BIS_SCHEMA: "true"
-      LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
     ports:
-      - "127.0.0.1:389:389"
-      - "127.0.0.1:636:636"
+      - "127.0.0.1:389:1389"
+      - "127.0.0.1:636:1636"
     volumes:
-      - ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
+      - ./config/ldap/ldif:/ldifs
+      - ./config/ldap/schemas:/schemas
+      - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
+      - ldap-certs:/opt/bitnami/openldap/certs
     logging:
       driver: ${LOG_DRIVER:-local}
     restart: always
@@ -130,7 +134,7 @@ services:
     networks:
       ocis-net:
     environment:
-      PHPLDAPADMIN_LDAP_HOSTS: ldap-server
+      PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap-server': [{'server': [{'port': 1389}]}]}]"
       PHPLDAPADMIN_HTTPS: "false"
     labels:
       - "traefik.enable=true"
@@ -145,6 +149,7 @@ services:
 
 volumes:
   certs:
+  ldap-certs:
   ocis-config:
   ocis-data: