Skip to content

Instantly share code, notes, and snippets.

@cloudnull

cloudnull/setup-openldap-in-an-lxc-container-to-test-rpc-against.md

Created November 21, 2015 03:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cloudnull/734f2f6809c80e882580 to your computer and use it in GitHub Desktop.
Save cloudnull/734f2f6809c80e882580 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup-openldap-in-an-lxc-container-to-test-rpc-against.md

Setup OpenLDAP in an LXC Container to Test RPC Against

Setup the Host Bridge

Login to a host capable of running LXC containers.

In order to use the LXC container, a new bridge will need to be created: br-host.

First, install the necessary networking packages:

apt-get install bridge-utils

Reconfigure the network interface file (configure as necessary to match your environment):

# The loopback network interface
auto lo
iface lo inet loopback

auto em1
iface em1 inet manual

# Container Bridge
auto br-host
iface br-host inet static
address 10.240.0.20
netmask 255.255.252.0
gateway 10.240.0.1
dns-nameservers 8.8.8.8 8.8.4.4
bridge_ports em1
bridge_stp off
bridge_waitport 0
bridge_fd 0

Bring up br-host:

ifdown em1; ifup br-host

Create the LXC Container

Install necessary LXC packages:

apt-get install lxc

Create the LXC container:

lxc-create -t download -n openldap -- --dist ubuntu --release trusty --arch amd64

Append the following to /var/lib/lxc/openldap/config (modify as necessary to match your environment):

lxc.network.type = veth
lxc.network.name = eth1
lxc.network.ipv4 = 10.240.0.11/24
lxc.network.link = br-host
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.network.flags = up
lxc.network.mtu = 1500

Start the LXC container:

lxc-start -d --name openldap

Attach to the LXC container:

lxc-attach --name openldap

Install OpenLDAP in the LXC Container

Install OpenLDAP packages:

apt-get install slapd ldap-utils

During install, slapd will prompt you to enter a password for the admin LDAP user.

Now, configure OpenLDAP to setup a default schema (example.com is used throughout the documentation):

dpkg-reconfigure slapd

After a default schema is created, import a useable schema by creating a file, schema.ldif and pasting in the following contents:

dn: ou=Users,dc=example,dc=com
objectClass: organizationalUnit
ou: Users

dn: ou=ServiceAccounts,dc=example,dc=com
objectClass: organizationalUnit
ou: ServiceAccounts

dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups

dn: uid=rpc-ldap-bind,ou=ServiceAccounts,dc=example,dc=com
objectClass: inetOrgPerson
uid: rpc-ldap-bind
sn: rpc-ldap-bind
givenName: rpc-ldap-bind
cn: rpc-ldap-bind
displayName: rpc-ldap-bind
userPassword: rpc-ldap-bind

dn: uid=ldap-stack_domain_admin,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-stack_domain_admin
sn: ldap-stack_domain_admin
givenName: ldap-stack_domain_admin
cn: ldap-stack_domain_admin
displayName: ldap-stack_domain_admin
userPassword: ldap-stack_domain_admin

dn: uid=ldap-admin,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-admin
sn: ldap-admin
cn: ldap-admin
displayName: ldap-admin
userPassword: ldap-admin

dn: uid=ldap-keystone,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-keystone
sn: ldap-keystone
cn: ldap-keystone
displayName: ldap-keystone
userPassword: ldap-keystone

dn: uid=ldap-swift_dispersion,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-swift_dispersion
sn: ldap-swift_dispersion
cn: ldap-swift_dispersion
displayName: ldap-swift_dispersion
userPassword: ldap-swift_dispersion

dn: uid=ldap-swift,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-swift
sn: ldap-swift
cn: ldap-swift
displayName: ldap-swift
userPassword: ldap-swift

dn: uid=ldap-cinder,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-cinder
sn: ldap-cinder
cn: ldap-cinder
displayName: ldap-cinder
userPassword: ldap-cinder

dn: uid=ldap-glance,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-glance
sn: ldap-glance
cn: ldap-glance
displayName: ldap-glance
userPassword: ldap-glance

dn: uid=ldap-heat,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-heat
sn: ldap-heat
cn: ldap-heat
displayName: ldap-heat
userPassword: ldap-heat

dn: uid=ldap-neutron,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-neutron
sn: ldap-neutron
cn: ldap-neutron
displayName: ldap-neutron
userPassword: ldap-neutron

dn: uid=ldap-nova,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-nova
sn: ldap-nova
cn: ldap-nova
displayName: ldap-nova
userPassword: ldap-nova

dn: uid=ldap-ceilometer,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: ldap-ceilometer
sn: ldap-ceilometer
givenName: ldap-ceilometer
cn: ldap-ceilometer
displayName: ldap-ceilometer
userPassword: ldap-ceilometer

dn: uid=cloud-user-1,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: cloud-user-1
sn: cloud-user-1
givenName: cloud-user-1
cn: cloud-user-1
displayName: cloud-user-1
userPassword: cloud-user-1

dn: uid=cloud-user-2,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
uid: cloud-user-2
sn: cloud-user-2
givenName: cloud-user-2
cn: cloud-user-2
displayName: cloud-user-2
userPassword: cloud-user-2

Finally, add the organizational units and users (the password prompted for will be what you set when you installed slapd):

ldapadd -x -D cn=admin,dc=example,dc=com -W -h 10.240.0.11 -f schema.ldif

If you need to delete individual users, you can use the following command:

ldapdelete -x -D cn=admin,dc=example,dc=com -W -h 10.240.0.11 uid=ldap-nova,ou=Users,dc=example,dc=com

Verify LDAP Connectivity

You can verify connectivity is working by running the following command (the password prompted for will be the password for rpc-ldap-bind you set in schema.ldif)

ldapsearch -x -W -D uid=rpc-ldap-bind,ou=ServiceAccounts,dc=example,dc=com -h 10.240.0.11 -b "dc=example,dc=com"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment