OpenLDAP/BackSQL

From Chorke Wiki
Jump to navigation Jump to search

SQL Schema

cat << DDL | psql -U ${USER}
CREATE DATABASE openldap;
CREATE USER openldap WITH ENCRYPTED PASSWORD 'sadaqah!';
GRANT ALL PRIVILEGES ON DATABASE openldap TO openldap;
ALTER DATABASE openldap OWNER TO openldap;
DDL

wget -cq https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.6.7.tgz -P ${HOME}/Downloads/
tar -xzf ${HOME}/Downloads/openldap-2.6.7.tgz -C ${HOME}/Downloads
rm  -rf  ${HOME}/Downloads/openldap-2.6.7.tgz

cat openldap-2.6.7/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql
cat openldap-2.6.7/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_drop.sql
cat openldap-2.6.7/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf 

LXD_BRIDGE_IP="$(ip addr show lxdbr0|awk '/inet / {print $2}'|cut -d '/' -f 1)"
echo -n password: ; read -s PGPASSWORD; export PGPASSWORD; echo
# password: sadaqah!

   cat openldap-2.6.7/servers/slapd/back-sql/rdbms_depend/pgsql/backsql_create.sql|psql -dopenldap -Uopenldap -h${LXD_BRIDGE_IP}
echo '\dt+'|psql -dopenldap -Uopenldap -h${LXD_BRIDGE_IP}
rm -rf openldap-2.6.7

SQL Backend

lxc launch ubuntu:24.04 openldap
lxc list -c=n -f=json|jq -r '.[]|select(.name=="openldap")|.status'

# install `psql` & `odbc` driver
cat <<'EXE' | lxc exec openldap -- bash
apt-get update
apt-get install -y postgresql-client odbc-postgresql unixodbc
apt-get clean
EXE

# extract lxd bridge network ip using `ip address show` command
LXD_BRIDGE_IP="$(ip addr show lxdbr0 | awk '/inet / {print $2}' | cut -d '/' -f 1)"
cat << EXE | lxc exec openldap -- bash
echo "${LXD_BRIDGE_IP} host.lxd.internal"|tee -a /etc/hosts
ping -c5 host.lxd.internal
EXE

# psql connection test
cat <<'EXE' | lxc exec openldap -- bash
export PGPASSWORD='sadaqah!';echo
cat <<'SQL' | psql -dopenldap -Uopenldap -hhost.lxd.internal
SELECT current_database(), CURRENT_USER, CURRENT_TIMESTAMP;
SQL
EXE

# `PostgreSQL` odbc driver config
cat <<'EXE' | lxc exec openldap -- bash
cat <<'INI' | tee -a /etc/odbcinst.ini >/dev/null
[PostgreSQL]
Description = ODBC for PostgreSQL
Driver      = /usr/lib/x86_64-linux-gnu/odbc/psqlodbcw.so
Setup       = /usr/lib/x86_64-linux-gnu/odbc/libodbcpsqlS.so

INI
cat /etc/odbcinst.ini
EXE

# `ldap` odbc datasource config
cat <<'EXE' | lxc exec openldap -- bash
cat <<'INI' | tee -a /etc/odbc.ini >/dev/null
[ldap]
Description = OpenLDAP PostgreSQL DB
Servername  = host.lxd.internal
Driver      = PostgreSQL
Database    = openldap
Username    = openldap
Password    = sadaqah!
Port        = 5432

INI
cat /etc/odbc.ini
EXE

# `ldap` odbc datasource test
cat <<'SQL' | lxc exec openldap -- isql -v ldap openldap sadaqah!
SELECT current_database(), CURRENT_USER, CURRENT_TIMESTAMP;
SQL

lxc snapshot openldap base:2.6.7

lxc publish  openldap/base:2.6.7 --alias openldap/base:2.6.7

lxc restore  openldap base:2.6.7

# install `slapd` and `ldap-utils`
cat <<'EXE' | lxc exec openldap -- bash
apt-get update
echo 'slapd slapd/password1 password sadaqah!' | debconf-set-selections
echo 'slapd slapd/password2 password sadaqah!' | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
ls -lah /usr/lib/ldap | grep back_sql
apt-get clean
EXE

cat <<'EXE' | lxc exec openldap -- bash
OLC_LOG_LEVEL=$(mktemp -u)
cat <<'INI' | tee ${OLC_LOG_LEVEL} >/dev/null
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats config
INI
ldapadd -Y EXTERNAL -H ldapi:/// -f ${OLC_LOG_LEVEL}
EXE

echo 'systemctl restart slapd' | lxc exec openldap -- bash
echo 'tail -n10 -f /var/log/syslog' | lxc exec openldap -- bash
echo "ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config '(olcLogLevel=*)'" | lxc exec openldap -- bash
echo "ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config '(olcRootDN=*)' olcRootDN" | lxc exec openldap -- bash

# checking ldap `back-sql` module
cat <<'EXE' | lxc exec openldap -- bash
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config
printf '\n=============================================================\n'
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config | grep -i back_sql
EXE

# sql backend module load
cat <<'EXE' | lxc exec openldap -- bash
BACK_SQL_INI=$(mktemp -u)
cat <<'INI' | tee ${BACK_SQL_INI} >/dev/null
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: back_sql
INI
ldapadd -Y EXTERNAL -H ldapi:/// -f ${BACK_SQL_INI}
EXE

# admin password added using `slappasswd`
# slappasswd -h {SSHA} -s sadaqah!

cat <<'EXE' | lxc exec openldap -- bash
ADMIN_PASS_INI=$(mktemp -u)
cat <<'INI' | tee ${ADMIN_PASS_INI} >/dev/null
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}Pg5ICKylRb08GzjwP9/M7gi8SQ8re9BA
INI
ldapmodify -Y EXTERNAL -H ldapi:/// -f ${ADMIN_PASS_INI}
EXE

# postgresql sql backend configuration
cat <<'EXE' | lxc exec openldap -- bash
PG_BACK_SQL=$(mktemp -u)
cat <<'INI' | tee ${PG_BACK_SQL} >/dev/null
dn: olcDatabase={1}sql,cn=config
objectClass: olcDatabaseConfig
objectClass: olcSqlConfig
olcDatabase: {1}sql
olcDbSqlBaseObject: dc=chorke,dc=org
olcDbSqlDBName: openldap
olcDbSqlDBUser: openldap
olcDbSqlDBPass:: c2FkYXFhaCE=
olcDbSqlDBURI: postgresql://host.lxd.internal/openldap
olcDbSqlUpperCase: FALSE
olcSuffix: dc=chorke,dc=org
INI
ldapadd -Y EXTERNAL -H ldapi:/// -f ${PG_BACK_SQL}
EXE

echo "ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcSqlConfig)'" | lxc exec openldap -- bash
echo 'ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=module{0},cn=config'|lxc exec openldap -- bash

lxc snapshot openldap ldap:2.6.7

lxc publish  openldap/slapd:2.6.7 --alias openldap/ldap:2.6.7

lxc restore  openldap ldap:2.6.7

Playground

lxc image info ubuntu:noble --vm|yq .Aliases
lxc image info ubuntu:24.04 --vm|yq .Aliases

lxc image info ubuntu:noble     |yq .Aliases
lxc image info ubuntu:24.04     |yq .Aliases

lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine
lxc image list ubuntu: os=ubuntu release=noble type=virtual-machine

lxc image list ubuntu: os=ubuntu release=noble type=container
lxc image list ubuntu: os=ubuntu release=noble type=container

lxc image list ubuntu:24.04
lxc launch ubuntu:24.04 openldap
lxc launch ubuntu:40d8df642812 openldap

lxc list status=running name=openldap --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=openldap --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info openldap|yq '.Resources.["Network usage"][]["IP addresses"].inet'

systemctl list-dependencies graphical.target
dpkg -l | grep 'gnome-shell-extension'
apt list --installed|grep linux-image

lxc snapshot openldap base:2.6.7
lxc publish  openldap/base:2.6.7 --alias openldap/base:2.6.7
lxc restore  openldap base:2.6.7

cat <<-'EXE'|sudo bash
umount /var/snap/firefox/common/host-hunspell
snap remove firefox
EXE

cat <<-'EXE'|sudo bash
snap disable lxd
snap remove --purge lxd
EXE

systemctl list-dependencies --type=service --state=running
systemctl list-dependencies --type=service --state=active
systemctl list-dependencies docker.service
systemctl list-dependencies --all

LXD_BRIDGE_IP="$(lxc network ls --format=json|jq -r '.[]|select(.name=="lxdbr0")|.config."ipv4.address"|split("/")[0]')"
LXD_BRIDGE_IP="$(ip addr show lxdbr0 | awk '/inet / {print $2}' | cut -d '/' -f 1)"

ls -lah /etc/ldap/slapd.d/cn\=config/
ls -alh /etc/ldap/slapd.d/
ls -alh /etc/ldap/schema/
ls -alh /etc/ldap/

cat /etc/ldap/slapd.d/cn\=config/cn\=schema.ldif
cat /etc/ldap/slapd.d/cn\=config.ldif
cat /etc/ldap/ldap.conf
cat /etc/default/slapd

cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{-1\}frontend.ldif
cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif
cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{1\}mdb.ldif 
cat /etc/ldap/slapd.d/cn\=config/cn\=module\{0\}.ldif

systemctl status slapd

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=OpenLDAP/BackSQL&oldid=13957"