Skip to content

Commit 6c1c56d

Browse files
committed
remove unused stuff
with the dockerized test openldap server, none of this is needed
1 parent 7c85643 commit 6c1c56d

File tree

9 files changed

+0
-598
lines changed

9 files changed

+0
-598
lines changed

script/generate-fixture-ca

Lines changed: 0 additions & 48 deletions
This file was deleted.

script/install-openldap

Lines changed: 0 additions & 134 deletions
Original file line numberDiff line numberDiff line change
@@ -1,134 +0,0 @@
1-
#!/usr/bin/env sh
2-
set -e
3-
set -x
4-
5-
BASE_PATH=$( cd "`dirname $0`/../test/fixtures/openldap" && pwd )
6-
SEED_PATH=$( cd "`dirname $0`/../test/fixtures" && pwd )
7-
8-
dpkg -s slapd time ldap-utils gnutls-bin ssl-cert > /dev/null ||\
9-
DEBIAN_FRONTEND=noninteractive apt-get update -y --force-yes && \
10-
DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes slapd time ldap-utils gnutls-bin ssl-cert
11-
12-
/etc/init.d/slapd stop
13-
14-
TMPDIR=$(mktemp -d)
15-
cd $TMPDIR
16-
17-
# Delete data and reconfigure.
18-
cp -v /var/lib/ldap/DB_CONFIG ./DB_CONFIG
19-
rm -rf /etc/ldap/slapd.d/*
20-
rm -rf /var/lib/ldap/*
21-
cp -v ./DB_CONFIG /var/lib/ldap/DB_CONFIG
22-
slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/slapd.conf.ldif
23-
# Load memberof and ref-int overlays and configure them.
24-
slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/memberof.ldif
25-
# Load retcode overlay and configure
26-
slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/retcode.ldif
27-
28-
# Add base domain.
29-
slapadd -F /etc/ldap/slapd.d <<EOM
30-
dn: dc=rubyldap,dc=com
31-
objectClass: top
32-
objectClass: domain
33-
dc: rubyldap
34-
EOM
35-
36-
chown -R openldap.openldap /etc/ldap/slapd.d
37-
chown -R openldap.openldap /var/lib/ldap
38-
39-
/etc/init.d/slapd start
40-
41-
# Import seed data.
42-
# NOTE: use ldapadd in order for memberOf and refint to apply, instead of:
43-
# cat $SEED_PATH/seed.ldif | slapadd -F /etc/ldap/slapd.d
44-
/usr/bin/time ldapadd -x -D "cn=admin,dc=rubyldap,dc=com" -w passworD1 \
45-
-h localhost -p 389 \
46-
-f $SEED_PATH/seed.ldif
47-
48-
rm -rf $TMPDIR
49-
50-
# SSL
51-
export CA_CERT="/usr/local/share/ca-certificates/rubyldap-ca.crt"
52-
export CA_KEY="/etc/ssl/private/rubyldap-ca.key"
53-
54-
# The self-signed fixture CA cert & key are generated by
55-
# `script/generate-fiuxture-ca` and checked into version control.
56-
# You shouldn't need to muck with these unless you're writing more
57-
# TLS/SSL integration tests, and need special magic values in the cert.
58-
59-
cp "${SEED_PATH}/ca/cacert.pem" "${CA_CERT}"
60-
cp "${SEED_PATH}/ca/cakey.pem" "${CA_KEY}"
61-
62-
# actually add the fixture CA to the system store
63-
update-ca-certificates
64-
65-
# Make a private key for the server:
66-
certtool --generate-privkey \
67-
--bits 1024 \
68-
--outfile /etc/ssl/private/ldap01_slapd_key.pem
69-
70-
sh -c "cat > /etc/ssl/ldap01.info <<EOF
71-
organization = Example Company
72-
cn = ldap01.example.com
73-
dns_name = ldap01.example.com
74-
dns_name = ldap02.example.com
75-
dns_name = localhost
76-
tls_www_server
77-
encryption_key
78-
signing_key
79-
expiration_days = 3650
80-
EOF"
81-
82-
# The integration server may be accessed by IP address, in which case
83-
# we want some of the IPs included in the cert. We skip loopback (127.0.0.1)
84-
# because that's the IP we use in the integration test for cert name mismatches.
85-
ADDRS=$(ifconfig -a | grep 'inet addr:' | cut -f 2 -d : | cut -f 1 -d ' ')
86-
for ip in $ADDRS; do
87-
if [ "x$ip" = 'x127.0.0.1' ]; then continue; fi
88-
echo "ip_address = $ip" >> /etc/ssl/ldap01.info
89-
done
90-
91-
# Create the server certificate
92-
certtool --generate-certificate \
93-
--load-privkey /etc/ssl/private/ldap01_slapd_key.pem \
94-
--load-ca-certificate "${CA_CERT}" \
95-
--load-ca-privkey "${CA_KEY}" \
96-
--template /etc/ssl/ldap01.info \
97-
--outfile /etc/ssl/certs/ldap01_slapd_cert.pem
98-
99-
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF | true
100-
dn: cn=config
101-
add: olcTLSCACertificateFile
102-
olcTLSCACertificateFile: ${CA_CERT}
103-
-
104-
add: olcTLSCertificateFile
105-
olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem
106-
-
107-
add: olcTLSCertificateKeyFile
108-
olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem
109-
EOF
110-
111-
# LDAP over TLS/SSL (ldaps://) is deprecated in favour of StartTLS. The latter
112-
# refers to an existing LDAP session (listening on TCP port 389) becoming
113-
# protected by TLS/SSL whereas LDAPS, like HTTPS, is a distinct
114-
# encrypted-from-the-start protocol that operates over TCP port 636. But we
115-
# enable it for testing here.
116-
sed -i -e 's|^SLAPD_SERVICES="\(.*\)"|SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"|' /etc/default/slapd
117-
118-
adduser openldap ssl-cert
119-
chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem
120-
chmod g+r /etc/ssl/private/ldap01_slapd_key.pem
121-
chmod o-r /etc/ssl/private/ldap01_slapd_key.pem
122-
123-
# Drop packets on a secondary port used to specific timeout tests
124-
iptables -A INPUT -p tcp -j DROP --dport 8389
125-
126-
# Forward a port for Vagrant
127-
iptables -t nat -A PREROUTING -p tcp --dport 9389 -j REDIRECT --to-port 389
128-
129-
# fix up /etc/hosts for cert validation
130-
grep ldap01 /etc/hosts || echo "127.0.0.1 ldap01.example.com" >> /etc/hosts
131-
grep ldap02 /etc/hosts || echo "127.0.0.1 ldap02.example.com" >> /etc/hosts
132-
grep bogus /etc/hosts || echo "127.0.0.1 bogus.example.com" >> /etc/hosts
133-
134-
service slapd restart

test/fixtures/ca/ca.info

Lines changed: 0 additions & 4 deletions
This file was deleted.

test/fixtures/ca/cacert.pem

Lines changed: 0 additions & 24 deletions
This file was deleted.

0 commit comments

Comments
 (0)