fix #146 and #147, add memberOf test in CI, simplify memberOf configu…

…ration

.bin/myval.yaml

@@ -13,6 +13,20 @@ phpldapadmin:
     hosts:
     - "phpldapadmin.example"
 customSchemaFiles:
+  00-memberof.ldif: |-
+    # Load memberof module
+    dn: cn=module,cn=config
+    cn: module
+    objectClass: olcModuleList
+    olcModuleLoad: memberof.so
+    olcModulePath: /opt/bitnami/openldap/lib/openldap
+  01-memberof.ldif: |-
+    dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
+    changetype: add
+    objectClass: olcOverlayConfig
+    objectClass: olcMemberOf
+    olcOverlay: memberof
+    olcMemberOfRefint: TRUE
   10_owncloud_schema.ldif: |-
     # This LDIF files describes the ownCloud schema and can be used to
     # add two optional attributes: ownCloudQuota and ownCloudUUID
@@ -62,6 +76,23 @@ customLdifFiles:
     uid: jdupond
     uidnumber: 1000
     userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
+  03-test-memberof.ldif: |-
+    dn: ou=Group,dc=example,dc=org
+    objectclass: organizationalUnit
+    ou: Group
+
+    dn: ou=People,dc=example,dc=org
+    objectclass: organizationalUnit
+    ou: People
+
+    dn: uid=test1,ou=People,dc=example,dc=org
+    objectclass: account
+    uid: test1
+
+    dn: cn=testgroup,ou=Group,dc=example,dc=org
+    objectclass: groupOfNames
+    cn: testgroup
+    member: uid=test1,ou=People,dc=example,dc=org
 service:
   ldapPortNodePort: 30389
   sslLdapPortNodePort: 30636

.github/workflows/ci.yml

@@ -71,11 +71,18 @@ jobs:
       - name: test write
         shell: bash
         run: |
-           echo "test access to openldap database"
+           echo "Write test to openldap database"
            LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f  .bin/user.ldif
            LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
            if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 5 ]; then exit 1 ; fi
            if ! grep -q "objectClass: ownCloud" /tmp/test-write.txt; then  echo exit 1; fi
+      - name: test memberOf
+        shell: bash
+        run: |
+           echo "MemberOf test to openldap database"
+           LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)" > /tmp/test-write.txt
+           if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 2 ]; then exit 1 ; fi
+           if ! grep -q "uid=test1,ou=People,dc=example,dc=org" /tmp/test-write.txt; then  echo exit 1; fi
       - name: chaos tests
         shell: bash
         run: |

advanced_examples/MemberOf.md

@@ -1,125 +1,10 @@
 # Examples of MemberOf configuration
 
-## Enable MemberOf using replication
+## Enable MemberOf
 
 Use the following values to enable `memberof` attribute:
 
-```
-# Default configuration for openldap as environment variables. These get injected directly in the container.
-# Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
-env:
- BITNAMI_DEBUG: "true"
- LDAP_LOGLEVEL: "256"
- LDAP_TLS_ENFORCE: "false"
- LDAPTLS_REQCERT: "never"
- LDAP_ENABLE_TLS: "yes"
- LDAP_CONFIG_ADMIN_ENABLED: "yes"
- LDAP_SKIP_DEFAULT_TREE: "no"
-
-customLdifFiles:
-  00-root.ldif: |-
-    # Root creation
-    dn: dc=example,dc=org
-    objectClass: dcObject
-    objectClass: organization
-    o: Example, Inc
-  01-default-user.ldif: |-
-    dn: cn=Jean Dupond,dc=example,dc=org
-    cn: Jean Dupond
-    gidnumber: 500
-    givenname: Jean
-    homedirectory: /home/users/jdupond
-    objectclass: inetOrgPerson
-    objectclass: posixAccount
-    objectclass: top
-    sn: Dupond
-    uid: jdupond
-    uidnumber: 1000
-    userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
-  02-default-group.ldif: |-
-    dn: cn=myGroup,dc=example,dc=org
-    cn: myGroup
-    gidnumber: 500
-    objectclass: posixGroup
-    objectclass: top
-    add: memberUid
-    memberUid: jdupond    
-  03-test-memberof.ldif: |-
-    dn: ou=Group,dc=example,dc=org
-    objectclass: organizationalUnit
-    ou: Group
-
-    dn: ou=People,dc=example,dc=org
-    objectclass: organizationalUnit
-    ou: People
-
-    dn: uid=test1,ou=People,dc=example,dc=org
-    objectclass: account
-    uid: test1
-
-    dn: cn=testgroup,ou=Group,dc=example,dc=org
-    objectclass: groupOfNames
-    cn: testgroup
-    member: uid=test1,ou=People,dc=example,dc=org
-customSchemaFiles:
-  #enable memberOf ldap search functionality, users automagically track groups they belong to
-  00-memberof.ldif: |-
-    dn: cn=module{0},cn=config
-    changetype: modify
-    add: olcModuleLoad
-    olcModuleLoad: memberof
-
-  01-memberof.ldif: |-
-    dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
-    changetype: add
-    objectClass: olcOverlayConfig
-    objectClass: olcMemberOf
-    olcOverlay: memberof
-    olcMemberOfRefint: TRUE
-```
-
-Connect to your openldap instance and execute:
-
-```
-LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://127.0.0.1:1636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)"
-```
-You should get the following result: 
-```
-# extended LDIF
-#
-# LDAPv3
-# base <dc=example,dc=org> with scope subtree
-# filter: (memberOf=cn=testgroup,ou=Group,dc=example,dc=org)
-# requesting: ALL
-#
-
-# test1, People, example.org
-dn: uid=test1,ou=People,dc=example,dc=org
-objectClass: account
-uid: test1
-
-# search result
-search: 2
-result: 0 Success
-
-# numResponses: 2
-# numEntries: 1
-```
-
-## Enable MemberOf without replication
-
-When the replication is disabled, the `cn=module` needs to be loaded using :
-
-```
-# Load memberof module
-dn: cn=module,cn=config
-cn: module
-objectClass: olcModuleList
-olcModuleLoad: memberof.so
-olcModulePath: /opt/bitnami/openldap/lib/openldap
-```
-
-Use the following values to enable `memberof` attribute:
+this configuration works regardless of the `replication` configuration.
 
 ```
 # Default configuration for openldap as environment variables. These get injected directly in the container.
@@ -134,7 +19,6 @@ env:
  LDAP_SKIP_DEFAULT_TREE: "no"
 
 replicaCount: 1
-
 replication:
   enabled: false
 

templates/statefulset.yaml

@@ -80,9 +80,9 @@ spec:
             - name: cm-custom-schema-files
               mountPath: /cm-schemas/{{ $file }}.ldif
               subPath: {{ $file }}.ldif
+      {{- end }}
             - name: custom-schema-files
               mountPath: /custom-schemas/
-      {{- end }}
     {{- end }}
     {{- if or (.Values.customLdifFiles) (.Values.customLdifCm) }}
             - name: cm-custom-ldif-files
@@ -131,16 +131,16 @@ spec:
         - name: volume-permissions
           image: {{ include "openldap.volumePermissionsImage" . }}
           imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
-          command: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.command "context" $) | nindent 12 }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.image.command "context" $) | nindent 12 }}
           {{- if .Values.containerSecurityContext.enabled }}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: foo
-              mountPath: bar
+            - mountPath: /bitnami
+              name: data
       {{- end }}
       {{- /*
  serviceAccountName: {{ template "openldap.serviceAccountName" . }}

values.yaml

@@ -429,8 +429,8 @@ volumePermissions:
     pullPolicy: IfNotPresent
 
   ## Command to execute during the volumePermission startup
-  ## command: ['sh', '-c', 'echo "hello world"']
-  command: {}
+    command: [ 'sh', '-c', 'chmod -R g+rwX /bitnami' ]
+  ## command: {}
   ## Init container's resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
   ## @param volumePermissions.resources.limits The resources limits for the init container