summary refs log tree commit diff
path: root/services/accounts
diff options
context:
space:
mode:
Diffstat (limited to 'services/accounts')
-rw-r--r--services/accounts/ldif/ISL.ldif48
-rw-r--r--services/accounts/ldif/add2group.ldif5
-rw-r--r--services/accounts/ldif/examples/ldap-root.ldif7
-rw-r--r--services/accounts/ldif/examples/modtest.ldif20
-rw-r--r--services/accounts/openldap.nix6
-rwxr-xr-xservices/accounts/scripts/add4
-rwxr-xr-xservices/accounts/scripts/del29
-rwxr-xr-xservices/accounts/scripts/list4
8 files changed, 120 insertions, 3 deletions
diff --git a/services/accounts/ldif/ISL.ldif b/services/accounts/ldif/ISL.ldif
new file mode 100644
index 0000000..0220904
--- /dev/null
+++ b/services/accounts/ldif/ISL.ldif
@@ -0,0 +1,48 @@
+# internetsafetylabs.org
+dn: dc=internetsafetylabs,dc=org
+objectClass: domain
+dc: internetsafetylabs
+
+dn: ou=people,dc=internetsafetylabs,dc=org
+objectClass: organizationalUnit
+ou: people
+
+dn: ou=staff,ou=people,dc=internetsafetylabs,dc=org
+objectClass: organizationalUnit
+ou: staff
+
+dn: ou=contributors,ou=people,dc=internetsafetylabs,dc=org
+objectClass: organizationalUnit
+ou: contributors
+
+dn: ou=inspectors,ou=people,dc=internetsafetylabs,dc=org
+objectClass: organizationalUnit
+ou: inspectors
+
+dn: ou=groups,dc=internetsafetylabs,dc=org
+objectClass: organizationalUnit
+ou: groups
+
+dn: ou=services,dc=internetsafetylabs,dc=org
+objectClass: organizationalUnit
+ou: services
+
+# -------
+
+dn: uid=irenes,ou=staff,ou=people,dc=internetsafetylabs,dc=org
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Irene Knapp
+sn: Knapp
+uid: irenes
+mail: ireneista@internetsafetylabs.org
+
+dn: uid=rorr,ou=contributors,ou=people,dc=internetsafetylabs,dc=org
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Robert Orr
+sn: Orr
+uid: rorr
+mail: robert@coffeezombie.com
diff --git a/services/accounts/ldif/add2group.ldif b/services/accounts/ldif/add2group.ldif
new file mode 100644
index 0000000..a087887
--- /dev/null
+++ b/services/accounts/ldif/add2group.ldif
@@ -0,0 +1,5 @@
+# add user to existing group = change uid=alice
+dn: cn=admins,ou=groups,dc=example,dc=com
+changetype: modify
+add: member
+member: uid=DUMMY,ou=people,dc=example,dc=com
diff --git a/services/accounts/ldif/examples/ldap-root.ldif b/services/accounts/ldif/examples/ldap-root.ldif
new file mode 100644
index 0000000..8c4cfb1
--- /dev/null
+++ b/services/accounts/ldif/examples/ldap-root.ldif
@@ -0,0 +1,7 @@
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+replace: olcRootDN
+olcRootDN: cn=admin,dc=internetsafetylabs,dc=org
+-
+replace: olcRootPW
+olcRootPW: secret
diff --git a/services/accounts/ldif/examples/modtest.ldif b/services/accounts/ldif/examples/modtest.ldif
new file mode 100644
index 0000000..a5ac883
--- /dev/null
+++ b/services/accounts/ldif/examples/modtest.ldif
@@ -0,0 +1,20 @@
+dn: ou=Groups,dc=internetsafetylabs,dc=org
+changetype: modify
+replace: ou
+ou: groups
+
+dn: ou=Groups,dc=internetsafetylabs,dc=org
+changetype: modrdn
+newrdn: ou=groups
+deleteoldrdn: 0
+
+dn: ou=People,dc=internetsafetylabs,dc=org
+changetype: modify
+replace: ou
+ou: people
+
+dn: ou=People,dc=internetsafetylabs,dc=org
+changetype: modrdn
+newrdn: ou=people
+deleteoldrdn: 0
+
diff --git a/services/accounts/openldap.nix b/services/accounts/openldap.nix
index 764d7bf..e164fb4 100644
--- a/services/accounts/openldap.nix
+++ b/services/accounts/openldap.nix
@@ -116,7 +116,7 @@
 
             # This is needed because the memberof overlay has to do its
             # changes as a DN.
-            olcRootDN = "cn=admin,dc=internetsafetylabs,dc=org";
+            olcRootDN = "cn=ldap-admins,dc=internetsafetylabs,dc=org";
 
             # This should probably be commented out when there's nothing
             # horrible going on. It's important for bootstrapping and for
@@ -128,8 +128,8 @@
             #
             # TODO: we might consider adding some sort of auto-expiration
             # feature to the secret manager?
-            #olcRootPW = builtins.readFile
-            #    "/etc/nixos/secrets/openldap/root-password";
+            olcRootPW = builtins.readFile
+                "/etc/nixos/secrets/openldap/root-password";
 
             # TODO: once we have better formatting for this code (see the TODO
             # about an abstraction layer for long lines), the thinking behind
diff --git a/services/accounts/scripts/add b/services/accounts/scripts/add
new file mode 100755
index 0000000..c7ec98d
--- /dev/null
+++ b/services/accounts/scripts/add
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+ldapadd -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret -f ISL.ldif
+
diff --git a/services/accounts/scripts/del b/services/accounts/scripts/del
new file mode 100755
index 0000000..a78c3ee
--- /dev/null
+++ b/services/accounts/scripts/del
@@ -0,0 +1,29 @@
+#!/bin/sh
+echo 0
+ldapdelete -v -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret uid=irenes,ou=staff,ou=people,dc=internetsafetylabs,dc=org 
+
+echo 1
+ldapdelete -v -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret uid=rorr,ou=contributors,ou=people,dc=internetsafetylabs,dc=org 
+
+echo 2
+ldapdelete -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret ou=services,dc=internetsafetylabs,dc=org
+
+echo 3
+ldapdelete -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret ou=groups,dc=internetsafetylabs,dc=org
+
+echo 4
+ldapdelete -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret ou=inspectors,dc=internetsafetylabs,dc=org
+
+echo 5
+ldapdelete -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret ou=contributors,dc=internetsafetylabs,dc=org
+
+echo 6
+ldapdelete -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret ou=staff,ou=people,dc=internetsafetylabs,dc=org
+
+echo 7
+ldapdelete -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret ou=people,dc=internetsafetylabs,dc=org
+
+echo 8
+ldapdelete -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret dc=internetsafetylabs,dc=org
+
+echo 9
diff --git a/services/accounts/scripts/list b/services/accounts/scripts/list
new file mode 100755
index 0000000..de99c6a
--- /dev/null
+++ b/services/accounts/scripts/list
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+ldapsearch -x  -D "cn=ldap-admins,dc=internetsafetylabs,dc=org" -w secret -b "dc=internetsafetylabs,dc=org"
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-21 10:31:41 +0000