From ca136c7c225354671e9371cb68a9a55a7f9b080e Mon Sep 17 00:00:00 2001 From: Oleg Gaidarenko Date: Mon, 1 Jul 2019 15:09:04 +0300 Subject: [PATCH] Devenv:LDAP: couple simplifications for LDAP (#17807) * Add LDAP config instead sed use * Add container name * Add SizeLimit option to client and to server. Probably useless at this point, but it's better to have it then otherwise --- devenv/docker/blocks/openldap/Dockerfile | 2 ++ .../docker/blocks/openldap/docker-compose.yaml | 1 + devenv/docker/blocks/openldap/entrypoint.sh | 4 ---- devenv/docker/blocks/openldap/ldap.conf | 16 ++++++++++++++++ go.mod | 1 + pkg/services/ldap/ldap.go | 1 + 6 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 devenv/docker/blocks/openldap/ldap.conf diff --git a/devenv/docker/blocks/openldap/Dockerfile b/devenv/docker/blocks/openldap/Dockerfile index b0d23b9e0c9..0200045e607 100644 --- a/devenv/docker/blocks/openldap/Dockerfile +++ b/devenv/docker/blocks/openldap/Dockerfile @@ -19,6 +19,8 @@ EXPOSE 389 VOLUME ["/etc/ldap", "/var/lib/ldap"] +COPY ldap.conf /etc/ldap.dist/ldap.conf + COPY modules/ /etc/ldap.dist/modules COPY prepopulate/ /etc/ldap.dist/prepopulate diff --git a/devenv/docker/blocks/openldap/docker-compose.yaml b/devenv/docker/blocks/openldap/docker-compose.yaml index d11858ccfb9..8874a6a96b8 100644 --- a/devenv/docker/blocks/openldap/docker-compose.yaml +++ b/devenv/docker/blocks/openldap/docker-compose.yaml @@ -1,4 +1,5 @@ openldap: + container_name: ldap build: docker/blocks/openldap environment: SLAPD_PASSWORD: grafana diff --git a/devenv/docker/blocks/openldap/entrypoint.sh b/devenv/docker/blocks/openldap/entrypoint.sh index d202ed14b31..dac56daf10d 100755 --- a/devenv/docker/blocks/openldap/entrypoint.sh +++ b/devenv/docker/blocks/openldap/entrypoint.sh @@ -49,10 +49,6 @@ EOF dc_string="$dc_string,dc=$dc_part" done - base_string="BASE ${dc_string:1}" - - sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf - if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"` diff --git a/devenv/docker/blocks/openldap/ldap.conf b/devenv/docker/blocks/openldap/ldap.conf new file mode 100644 index 00000000000..6fab0c31821 --- /dev/null +++ b/devenv/docker/blocks/openldap/ldap.conf @@ -0,0 +1,16 @@ +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +BASE dc=grafana,dc=org +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 + +SIZELIMIT 1000 +#TIMELIMIT 15 +#DEREF never + +# TLS certificates (needed for GnuTLS) +TLS_CACERT /etc/ssl/certs/ca-certificates.crt diff --git a/go.mod b/go.mod index 869d9fd70ac..46dda5b945d 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect github.com/codegangsta/cli v1.20.0 + github.com/davecgh/go-spew v1.1.1 github.com/denisenkom/go-mssqldb v0.0.0-20190315220205-a8ed825ac853 github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect github.com/facebookgo/inject v0.0.0-20180706035515-f23751cae28b diff --git a/pkg/services/ldap/ldap.go b/pkg/services/ldap/ldap.go index b2a17f420f8..d53d9166602 100644 --- a/pkg/services/ldap/ldap.go +++ b/pkg/services/ldap/ldap.go @@ -261,6 +261,7 @@ func (server *Server) getSearchRequest( return &ldap.SearchRequest{ BaseDN: base, Scope: ldap.ScopeWholeSubtree, + SizeLimit: 1000, DerefAliases: ldap.NeverDerefAliases, Attributes: attributes, Filter: filter,