os2mo-ldap-import-export/docker-compose.yml at master · magenta-aps/os2mo-ldap-import-export · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# SPDX-FileCopyrightText: Magenta ApS <https://magenta.dk>
# SPDX-License-Identifier: MPL-2.0
services:
  # NOTE: this service should be kept synchronised with the one in .gitlab-ci.yml!
  ldap:
    container_name: ldap
    image: osixia/openldap:1.5.0
    command: ["--copy-service", "--loglevel", "debug"]
    environment:
      LDAP_ORGANISATION: "magenta"
      LDAP_DOMAIN: "magenta.dk"
      LDAP_ADMIN_PASSWORD: "AdminPassword123"
      LDAP_CONFIG_PASSWORD: "ConfigPassword123"
      LDAP_LOG_LEVEL: 512
    volumes:
      - ./dev-environment/ldif/:/container/service/slapd/assets/config/bootstrap/ldif/custom/:ro
      - ./dev-environment/schema/:/container/service/slapd/assets/config/bootstrap/schema/custom/:ro
    networks:
      - default
  #    ports:
  #      - "389:389"

  # Samba AD DC is an Active Directory compatible LDAP server
  # It is to test Microsoft Active Directory specific behavior, such as DirSync
  samba:
    # Most Samba AD DC OCI images require privileged as Samba AD imitates the entire
    # Active Directory setup including a full Kerberos server, DNS server and ACL.
    # The ACL in particular is problematic as it stores it using Windows-style ACLs in
    # the `security.*` xattr namespace on the file-system which requires `CAP_SYS_ADMIN`
    # or equivalent root-level access.
    #
    # The below Samba AD DC OCI image is specifically designed to avoid all of this, by
    # stripping everything but the domain controller itself. As such it does not provide
    # Kerberos, DNS, ACL, Group policies or similar, only the domain controller itself.
    #
    # For more information, see: https://github.com/smblds/smblds-container
    #
    # Should the need for a more full-fledged Samba AD DC with Kerberos et al be needed,
    # consider migration to: https://github.com/samba-in-kubernetes/samba-container,
    # assuming the project eventually looses the need to use privileged.
    container_name: samba
    image: smblds/smblds:latest
    hostname: dc
    environment:
      DOMAIN: "MAGENTA"
      REALM: "MAGENTA.DK"
      ADMINPASS: "AdminPassword123"
      INSECURE_LDAP: "true"
      INSECURE_PASSWORDSETTINGS: "true"
    networks:
      - default

  mo-init:
    image: magentaaps/os2mo-init:5
    environment:
      MO_URL: "http://mo:5000"
      CLIENT_ID: "dipex"
      CLIENT_SECRET: "603f1c82-d012-4d04-9382-dbe659c533fb"
      AUTH_SERVER: "http://keycloak:8080/auth"
      AUTH_REALM: "mo"
    volumes:
      - type: bind
        source: ./init.config.yaml
        target: /config/config.yml
        read_only: true
    restart: on-failure
    networks:
      - os2mo_default

  mo_ldap_import_export:
    container_name: mo_ldap_ie
    build: .
    command:
      [
        "uvicorn",
        "--factory",
        "mo_ldap_import_export.main:create_app",
        "--host",
        "0.0.0.0",
        "--reload",
      ]
    environment:
      # FastRAMQPI
      FASTRAMQPI__JSON_LOGS: False
      # DAP causes 'Address already in use' errors when running tests
      FASTRAMQPI__DAP: "false"

      # MO
      FASTRAMQPI__AMQP__URL: "amqp://guest:guest@msg-broker"
      FASTRAMQPI__AUTH_SERVER: "http://keycloak:8080/auth"
      FASTRAMQPI__MO_URL: "http://mo:5000"
      FASTRAMQPI__CLIENT_ID: "dipex"
      FASTRAMQPI__CLIENT_SECRET: "603f1c82-d012-4d04-9382-dbe659c533fb"

      # Database
      FASTRAMQPI__DATABASE__USER: "fastramqpi"
      FASTRAMQPI__DATABASE__PASSWORD: "fastramqpi"
      FASTRAMQPI__DATABASE__HOST: "db"
      FASTRAMQPI__DATABASE__NAME: "fastramqpi"

      # LDAP
      # Connection
      LDAP_CONTROLLERS: '[{"host": "ldap"}]'
      LDAP_DOMAIN: "magenta.dk"
      LDAP_USER: "cn=admin,dc=magenta,dc=dk"
      LDAP_PASSWORD: "AdminPassword123"
      LDAP_AUTH_METHOD: "simple"
      LDAP_DIALECT: "Standard"
      # Synchronisation
      # NOTE: these are NOT the settings used during integration tests! Those
      # are defined in conftest.py.
      LDAP_SEARCH_BASE: "dc=magenta,dc=dk"
      LDAP_OUS_TO_SEARCH_IN: '["ou=os2mo,o=magenta"]'
      LDAP_OUS_TO_WRITE_TO: '[""]'
      LDAP_OU_FOR_NEW_USERS: "ou=os2mo,o=magenta"
      LDAP_OBJECT_CLASS: "inetOrgPerson"
      LISTEN_TO_CHANGES_IN_MO: True
      LISTEN_TO_CHANGES_IN_LDAP: True
      LDAP_CPR_ATTRIBUTE: "employeeNumber"
      LDAP_IT_SYSTEM: "ADUUID"
    volumes:
      - ./mo_ldap_import_export/:/app/mo_ldap_import_export:ro
      # Uncomment this to integrate with the mo development stack. Note that
      # this may break unittests.
      # - ./dev-environment/kolding_fixture.yaml:/var/run/config.yaml:ro
      - ./tests/:/app/tests/:ro
    networks:
      - default
      - os2mo_default
    ports:
      - "127.0.0.1:8000:8000"
      - "127.0.0.1:5678:5678"

  db:
    image: postgres:16
    environment:
      POSTGRES_USER: "fastramqpi"
      POSTGRES_PASSWORD: "fastramqpi"
      POSTGRES_DB: "fastramqpi"
    networks:
      - default

networks:
  os2mo_default:
    external: true