From 93d56f79d5156ecc17ce9e28a2ca64f6bfa16dfe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Mon, 5 Dec 2022 13:35:30 +0100
Subject: [PATCH] Add config and documentation for running dirsrv with Docker

---
 .env.example                     |  7 ++++++
 README.md                        | 18 ++++++++++++--
 app/jobs/create_ldap_user_job.rb |  2 +-
 config/ldap.yml                  |  2 +-
 docker-compose.yml               | 42 ++++++++++++++++++++------------
 5 files changed, 51 insertions(+), 20 deletions(-)

diff --git a/.env.example b/.env.example
index 99df7d4..9f308d3 100644
--- a/.env.example
+++ b/.env.example
@@ -1,4 +1,11 @@
+LDAP_HOST=localhost
+LDAP_PORT=389
+LDAP_ADMIN_PASSWORD=passthebutter
+LDAP_SUFFIX="dc=kosmos,dc=org"
+
 EJABBERD_API_URL='https://xmpp.kosmos.org/api'
+
 BTCPAY_API_URL='http://localhost:23001/api/v1'
+
 LNDHUB_API_URL='http://localhost:3023'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
diff --git a/README.md b/README.md
index cc306ee..5b249c4 100644
--- a/README.md
+++ b/README.md
@@ -31,10 +31,24 @@ Running all specs:
 
     bundle exec rspec
 
+### Docker (Compose)
+
+There is a working Dockr Compose config file, which allows you to spin up both
+an app server for Rails as well as a local 389ds (LDAP) server.
+
+By default, `docker-compose up` will only start the LDAP server, listening on
+port 389 on your machine. Uncomment other services in `docker-compose.yml`.
+
 ### LDAP server
 
-TODO make it easy to run a local Kosmos LDAP server for development, without
-manual LDIF imports etc. (or provide a staging instance)
+See the previous section for quickly spinning up an LDAP server with Docker (or
+edit your environment configuration to use an existing one).
+
+After creating the Docker container for the first time (or after deleting it),
+you need to run the following command once, in order to create the dirsrv
+back-end:
+
+    docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"
 
 ## Documentation
 
diff --git a/app/jobs/create_ldap_user_job.rb b/app/jobs/create_ldap_user_job.rb
index da5e533..5146f53 100644
--- a/app/jobs/create_ldap_user_job.rb
+++ b/app/jobs/create_ldap_user_job.rb
@@ -18,7 +18,7 @@ class CreateLdapUserJob < ApplicationJob
   def ldap_client
     ldap_client ||= Net::LDAP.new host: ldap_config['host'],
       port: ldap_config['port'],
-      encryption: ldap_config['ssl'],
+      # encryption: ldap_config['ssl'],
       auth: {
         method: :simple,
         username: ldap_config['admin_user'],
diff --git a/config/ldap.yml b/config/ldap.yml
index 17b4505..2a412b5 100644
--- a/config/ldap.yml
+++ b/config/ldap.yml
@@ -29,7 +29,7 @@ development:
   host: <%= ENV["LDAP_HOST"] || "localhost" %>
   port: <%= ENV["LDAP_PORT"] || "389" %>
   attribute: cn
-  base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
+  base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
   admin_user: "cn=Directory Manager"
   admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
   ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
diff --git a/docker-compose.yml b/docker-compose.yml
index c4e3830..a4d5a29 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,22 +3,32 @@ services:
     image: 4teamwork/389ds:latest
     volumes:
       - ./tmp/389ds:/data
+    ports:
+      - "389:3389"
     environment:
       DS_DM_PASSWORD: passthebutter
       SUFFIX_NAME: "dc=kosmos,dc=org"
-  web:
-    build: .
-    tty: true
-    command: bash -c "rm -f tmp/pids/server.pid && bin/dev"
-    volumes:
-      - .:/akkounts
-    ports:
-      - "3000:3000"
-    environment:
-      RAILS_ENV: development
-      LDAP_HOST: ldap
-      LDAP_PORT: 3389
-      LDAP_ADMIN_PASSWORD: passthebutter
-      LDAP_USE_TLS: "false"
-    depends_on:
-      - ldap
+  # phpldapadmin:
+  #   image: osixia/phpldapadmin:0.9.0
+  #   ports:
+  #     - "8389:80"
+  #   environment:
+  #     PHPLDAPADMIN_HTTPS: false
+  #     PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap': [{'server': [{'tls': False}, {'port': 3389}]}, {'login': [{'bind_id': 'cn=Directory Manager'}, {'bind_pass': 'passthebutter'}]}]}]"
+  #     PHPLDAPADMIN_LDAP_CLIENT_TLS: false
+  # web:
+  #   build: .
+  #   tty: true
+  #   command: bash -c "sleep 5 && rm -f tmp/pids/server.pid && bin/dev"
+  #   volumes:
+  #     - .:/akkounts
+  #   ports:
+  #     - "3000:3000"
+  #   environment:
+  #     RAILS_ENV: development
+  #     LDAP_HOST: ldap
+  #     LDAP_PORT: 3389
+  #     LDAP_ADMIN_PASSWORD: passthebutter
+  #     LDAP_USE_TLS: "false"
+  #   depends_on:
+  #     - ldap