forbes-0023
fb13795ef7
Add docker-compose.allinone.yaml with five services: - PostgreSQL 16 with auto-applied migrations - MinIO for S3-compatible file storage - OpenLDAP (bitnami/openldap:2.6) with memberOf overlay and preconfigured silo-admins/silo-users/silo-viewers groups - Silo API server built from Dockerfile - Nginx reverse proxy (optional, via --profile nginx) Add scripts/setup-docker.sh interactive helper that generates deployments/.env and deployments/config.docker.yaml with random credentials. Supports --non-interactive for CI. Add deployments/ldap/ LDIF init scripts for memberOf overlay and Silo role groups. Add deployments/nginx/ reverse proxy configs.
37 lines
1.0 KiB
Plaintext
37 lines
1.0 KiB
Plaintext
# Enable the memberOf overlay for OpenLDAP.
|
|
# When a user is added to a groupOfNames, their entry automatically
|
|
# gets a memberOf attribute pointing to the group DN.
|
|
# This is required for Silo's LDAP role mapping.
|
|
#
|
|
# Loaded automatically by bitnami/openldap from /docker-entrypoint-initdb.d/
|
|
|
|
dn: cn=module{0},cn=config
|
|
changetype: modify
|
|
add: olcModuleLoad
|
|
olcModuleLoad: memberof
|
|
|
|
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
|
|
changetype: add
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcMemberOf
|
|
olcOverlay: memberof
|
|
olcMemberOfRefInt: TRUE
|
|
olcMemberOfDangling: ignore
|
|
olcMemberOfGroupOC: groupOfNames
|
|
olcMemberOfMemberAD: member
|
|
olcMemberOfMemberOfAD: memberOf
|
|
|
|
# Enable refint overlay to maintain referential integrity
|
|
# (removes memberOf when a user is removed from a group)
|
|
dn: cn=module{0},cn=config
|
|
changetype: modify
|
|
add: olcModuleLoad
|
|
olcModuleLoad: refint
|
|
|
|
dn: olcOverlay=refint,olcDatabase={2}mdb,cn=config
|
|
changetype: add
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcRefintConfig
|
|
olcOverlay: refint
|
|
olcRefintAttribute: memberOf member
|