This repository demonstrates the synchronization of LDAP object into iRODS cataloque.
Features:
-
LDAP people objects are translated to iRODS users
-
LDAP group objects arre translated to iRODS groups
-
LDAP group memberships are translated to iRODS group memberships
-
LDAP attributes are translated to iRODS metadata
-
For each user identity created, a user is also created on a SSH server
-
When the LDAP user object contains a sshPublicKey attribute, also an ~/.ssh/authorized_keys entry is created containing that key.
Please look in the .github/workflows/ci.yml for configuration details
You have multiple run options:
-
Run locally with LDAP and iRODS docker containers
-
Connect to existing LDAP and/or iRODS instances
Running on localhost: (docker is required !)
All required services are defined in the docker-compose.yml file in etc directory. These services can easily be started by:
(cd etc; docker-compose up -d)
You can verify the LDAP is running and initialised correctly by following command:
ldapsearch -x -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -b dc=example,dc=org -w secret
This repository is fully prepared to operate on GitPod. You can launch the workspace on GitPod. During initialization of the workspace, docker is prepared as well. Both LDAP and iRODS containers are instantiated. When workspace is opened, you may directly execute command 'pytest' to see that everythings works as expected.
For connecting to existing instances, make sure you have administrator credentials and provide the credential in the .env file (see below)
For a single pass execution you can execute:
python -m pytest
You can create a .env file that can contain values for following configuration keys.
| key | Sample | Description |
|---|---|---|
| LDAP_HOST | ldap://localhost:389 | The LDAP to connect to |
| LDAP_ADMIN_PASSWORD | secret | The LDAP Admin Password |
| LDAP_CONFIG_PASSWORD | config | The LDAP Config Password |
| LDAP_DOMAIN | "example.org" | LDAP Domain |
| LDAP_BASE_DN | "dc=example,dc=org" | LDAP Base DN |
| LDAP_BIND_DN | "cn=admin,dc=example,dc=org" | LDAP Bind DN |
| IRODS_VERSION | 4.2.8 | The requested iRODS version, default: 4.2.8 |
| IRODS_JSON | ~/.irods/irods_environment.json | The irods_environment.json file |
| IRODS_CERT | /etc/irods/irods.crt | The irods CA Certificate for SSL interaction |
| IRODS_HOST | localhost | The iRODS host to connect to |
| IRDDS_PORT | 1247 | The iRODS service port to connect to |
| IRODS_USER | rods | iRODS administrator user |
| IRODS_PASS | password | iRODS administrator password |
| IRODS_ZONE | tempZone | The iRODS zone |
| SSH_SKIP | false | Setup SSH per user True/False |
| SSH_USER | root | Administrator user |
| SSH_HOST | localhost | iRODS client host to setup users on |
| SSH_PORT | 2222 | Port to connect to iRODS client host |
| LOG_LEVEL | INFO | Loglevel can be NONE, DEBUG, INFO, WARN, ERROR |
| DRY_RUN | False | Either True or False, when True No updates are performed to iRODS. |