Add tasks for modifying schema, first custom attributes

refs #172, #173
2024-03-13 14:29:14 +01:00 · 2024-03-13 14:29:14 +01:00 · de20931d30
commit de20931d30
parent 8de0a2e26e
4 changed files with 63 additions and 1 deletions
--- a/lib/tasks/ldap.rake
+++ b/lib/tasks/ldap.rake
@ -1,6 +1,6 @@
 namespace :ldap do
  desc "Reset the LDAP directory and set up base entries and default org"
-  task setup: :environment do |t, args|
+  task setup: [:environment, :add_custom_attributes] do |t, args|
    ldap = LdapService.new

    ldap.delete_entry "cn=admin_role,ou=kosmos.org,cn=users,dc=kosmos,dc=org", true
@ -19,6 +19,42 @@ namespace :ldap do
    }, true
  end

+  desc "Add custom attributes to schema"
+  task add_custom_attributes: :environment do |t, args|
+    %w[ admin service_enabled nostr_key ].each do |name|
+      Rake::Task["ldap:modify_ldap_schema"].invoke(name, "add")
+      Rake::Task['ldap:modify_ldap_schema'].reenable
+    end
+  end
+
+  desc "Delete custom attributes from schema"
+  task delete_custom_attributes: :environment do |t, args|
+    %w[ admin service_enabled nostr_key ].each do |name|
+      Rake::Task["ldap:modify_ldap_schema"].invoke(name, "delete")
+      Rake::Task['ldap:modify_ldap_schema'].reenable
+    end
+  end
+
+  desc "Modify LDAP schema"
+  task :modify_ldap_schema, [:name, :operation] => [:environment] do |t, args|
+    puts "Modify schema: #{args[:operation]} #{args[:name]}"
+
+    filename = "#{Rails.root}/schemas/ldap/#{args[:name]}.ldif"
+    ldif = YAML.safe_load(File.read(filename))
+    dn = ldif["dn"]
+    attribute = ldif["add"]
+    value = ldif[attribute]
+    operation = [ args[:operation].to_sym, attribute.to_sym, value ]
+
+    ldap = LdapService.new
+    res = ldap.modify dn, [ operation ]
+
+    if res != 0
+      puts "Result code: #{res}"
+      exit 1
+    end
+  end
+
  desc "List user domains/organizations"
  task list_organizations: :environment do |t, args|
    ldap = LdapService.new
--- a/schemas/ldap/admin.ldif
+++ b/schemas/ldap/admin.ldif
@ -0,0 +1,9 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( 1.3.6.1.4.1.61554.1.1.2.1.1
+  NAME 'admin'
+  DESC 'Admin flag'
+  EQUALITY booleanMatch
+  SYNTAX  1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
--- a/schemas/ldap/nostr_key.ldif
+++ b/schemas/ldap/nostr_key.ldif
@ -0,0 +1,9 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( 1.3.6.1.4.1.61554.1.1.2.1.21
+  NAME 'nostrKey'
+  DESC 'Nostr public key'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
--- a/schemas/ldap/service_enabled.ldif
+++ b/schemas/ldap/service_enabled.ldif
@ -0,0 +1,8 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( 1.3.6.1.4.1.61554.1.1.2.1.2
+  NAME 'serviceEnabled'
+  DESC 'Services enabled for account'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )