Giter Club home page Giter Club logo

cp4ba-idp-ldap's Introduction

cp4ba-idp-ldap

Utilities for IBM Cloud Pak® for Business Automation

Last update: 2024-02-20

This repository contains a series of examples and tools for creating and configuring a containerized LDAP server and configuring federated IDP in a IBM Cloud Pak deployed using Foundational services v4.x

Change Log

2024-01-29: Changed 'sed -i' command for compatibility with Darwin platform

WARNING:

++++++++++++++++++++++++++++++++++++++++++++++++
This software and the configurations contained in the repository MUST be considered as examples for educational purposes.
An LDAP deployed within the cluster is used, the OpenLDAP image is provided by the IBM registry 'cp.icr.io'.
Do not use in a production environment without making your own necessary modifications.
++++++++++++++++++++++++++++++++++++++++++++++++

Contents

Folders

configs folder contains .properties and .ldif files used for configuration procedures

scripts folder contains .sh bash scripts

Configuration files

For LDAP configuration

Use a .properties file with the following variables

# target namespace (use your own)
TNS=cp4ba

# LDAP vars (domain name, domain extension, full domain string, path to .ldif file)
LDAP_DOMAIN=domain1
LDAP_DOMAIN_EXT=net
LDAP_FULL_DOMAIN="dc=${LDAP_DOMAIN},dc=${LDAP_DOMAIN_EXT}"
LDAP_LDIF_NAME="./configs/_cfg1-ldap-domain.ldif"

# wait check interval
LDAP_WAIT_SECS=10

# Cloud Pak entitlement key (export CP4BA_AUTO_ENTITLEMENT_KEY in your shell before run the installation script)
ENTITLEMENT_KEY=${CP4BA_AUTO_ENTITLEMENT_KEY}

For IDP configuration

Use a .properties file with the following variables

# target namespace (use your own)
TNS=cp4ba

# IDP name (in Pak 'Access Control' console)
IDP_NAME=domain1

# LDAP vars (domain name, domain extension, full domain string, path to .ldif file)

# Full URL of LDAP service
LDAP_URL="ldap://"${IDP_NAME}"-ldap."${TNS}".svc.cluster.local:389"
LDAP_HOST=${IDP_NAME}"-ldap."${TNS}".svc.cluster.local"
LDAP_PORT=389
LDAP_PROTOCOL="ldap"
                 
# LDAP base DN
LDAP_BASEDN="dc=${IDP_NAME},dc=net"

# LDAP admin user
LDAP_BINDDN="cn=admin,${LDAP_BASEDN}"

# Password must be base64 value, use echo "passw0rd" -n | base64, eg: passw0rd --> cGFzc3cwcmQ=
LDAP_BINDPASSWORD="..."

# OpenLDAP type values (change values as needed)
LDAP_TYPE="Custom"
LDAP_USERFILTER="(&(cn=%v)(objectclass=person))" 
LDAP_GROUPFILTER="(&(cn=%v)(objectclass=groupOfNames))"
LDAP_USERIDMAP="*:uid"
LDAP_GROUPIDMAP="*:cn"
LDAP_GROUPMEMBERIDMAP="memberof:member"

# SCIM attributes
LDAP_PAGINGSEARCH="false"
LDAP_NESTEDSEARCH="false"
LDAP_PAGING_SIZE="1000"

LDAP installation and configuration commands

WARNING: before run any command please update configuration files with your values

# install openldap deployment and wait for pod ready
./scripts/add-ldap.sh -p ./configs/_cfg1-ldap-domain.properties

./scripts/add-ldap.sh -p ./configs/_cfg-production-ldap-domain.properties

# [optional] install phpadmin tool, use TLS cert from secret 'icp4adeploy-root-ca' in namespace 'cp4ba'

./scripts/add-phpadmin.sh -p ./configs/_cfg1-ldap-domain.properties -s common-web-ui-cert -w common-web-ui-cert -n cp4ba

./scripts/add-phpadmin.sh -p ./configs/_cfg-production-ldap-domain.properties -s common-web-ui-cert -w common-web-ui-cert -n cp4ba-federated-wfps

# NO ./scripts/add-phpadmin.sh -p ./configs/_cfg1-ldap-domain.properties -s icp4adeploy-root-ca -w common-web-ui-cert -n cp4ba

IDP installation and configuration commands

./scripts/add-idp.sh -p ./configs/_cfg1-idp.properties

Users onboarding into Pak environment commands

# add users (list from ldif secret)
./scripts/onboard-users.sh -p ./configs/_cfg1-ldap-domain.properties -o add -s

# add users (list from file)
./scripts/onboard-users.sh -p ./configs/_cfg1-ldap-domain.properties -o add -u ../configs/file-of-users


# remove users from ldif secret
./scripts/onboard-users.sh -p ./configs/_cfg1-ldap-domain.properties -o remove -s

# remove users from users file
./scripts/onboard-users.sh -p ./configs/_cfg1-ldap-domain.properties -o remove -u ../configs/file-of-users

List Roles and Groups

./scripts/onboard-users.sh -p ./configs/_cfg1-ldap-domain.properties -r

LDAP deletion commands

# remove phpadmin tool
./scripts/remove-phpadmin.sh -p ./configs/_cfg1-ldap-domain.properties

# remove openldap deployment
./scripts/remove-ldap.sh -p ./configs/_cfg1-ldap-domain.properties

IDP deletion commands

./scripts/remove-idp.sh -p ./configs/_cfg1-idp.properties

References

IDP provider and LDAP configuration in IBM Cloud Pak foundational services 4.2

Identity Provider APIs 4.3

cp4ba-idp-ldap's People

Contributors

marcoantonioni avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.