Merge branch 'base' into ldap-server

.env

@@ -1,10 +0,0 @@
-ALFRESCO_DIR=~/alfresco
-ALFRESCO_LICENSE_DIR=~/alfresco/license
-
-PROXY_PROTOCOL=http
-PROXY_HOST=localhost
-PROXY_PORT=8080
-
-ACS_TAG=7.4.1.1
-AAMQ_TAG=latest
-POSTGRES_TAG=13

docker-compose.yml

@@ -1,43 +1,17 @@
-# Originally sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
+# Sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
 #
-version: "3"
+# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
+version: "2"
 
 services:
 
-    platform:
+    directory:
-        image: alfresco/alfresco-content-repository-community:${ACS_TAG}
+        image: osixia/openldap:1.4.0
         environment:
-            JAVA_TOOL_OPTIONS: "
+            LDAP_ORGANISATION: "Example Organization"
-                -Dencryption.keystore.type=JCEKS
+            LDAP_DOMAIN: example.org
-                -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
+            LDAP_ADMIN_PASSWORD: admin
-                -Dencryption.keyAlgorithm=DESede
+        command: "--copy-service --loglevel=debug"
-                -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
+        volumes:
-                -Dmetadata-keystore.password=mp6yc0UD9e
+            - ./openldap-example.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif:ro
-                -Dmetadata-keystore.aliases=metadata
-                -Dmetadata-keystore.metadata.password=oKIWzVdEdA
-                -Dmetadata-keystore.metadata.algorithm=DESede"
-            JAVA_OPTS: "
-                -Ddb.driver=org.postgresql.Driver
-                -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-                "
-        depends_on:
-            - postgres-acs
-            - activemq
 
-    postgres-acs:
-        image: postgres:${POSTGRES_TAG}
-
-    activemq:
-        image: alfresco/alfresco-activemq:${AAMQ_TAG}
-
-    proxy:
-        build: ./nginx-ingress
-        image: local/nginx-ingress:acs
-        ports:
-            - 8080:8080
-        depends_on:
-            - platform

nginx-ingress/Dockerfile

@@ -1,8 +0,0 @@
-FROM nginx:stable-alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT [ "/entrypoint.sh" ]

nginx-ingress/entrypoint.sh

@@ -1,11 +0,0 @@
-#!/bin/sh
-
-if [[ $ACS_PLATFORM_URL ]]; then
-  sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACCESS_LOG ]]; then
-  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
-fi
-
-nginx -g "daemon off;"

nginx-ingress/nginx.conf

@@ -1,52 +0,0 @@
-worker_processes  1;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    server {
-        listen *:8080;
-
-        client_max_body_size 0;
-
-        set  $allowOriginSite *;
-        proxy_pass_request_headers on;
-        proxy_pass_header Set-Cookie;
-
-        # External settings, do not remove
-        #ENV_ACCESS_LOG
-
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-        proxy_redirect off;
-        proxy_buffering off;
-        proxy_set_header Host              $http_host;
-        proxy_set_header X-Real-IP         $remote_addr;
-        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_pass_header Set-Cookie;
-        
-        # Protect access to SOLR APIs
-        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
-
-        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
-        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
-        
-        # Protect access to Prometheus endpoint
-        location ~ ^(/.*/s/prometheus)$ {return 403;}
-        
-        location / {
-            proxy_pass http://platform:8080;
-        }
-
-        location /alfresco/ {
-            proxy_pass http://platform:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-    }
-}

openldap-example.ldif

@@ -0,0 +1,80 @@
+version: 1
+
+dn: uid=admin.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Administrator
+uid: admin.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: admin.1@example.org
+
+dn: uid=manager.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Manager
+uid: manager.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: manager.1@example.org
+
+dn: uid=user.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: User
+uid: user.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.1@example.org
+
+dn: uid=user.2,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #2
+sn: User
+uid: user.2
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.2@example.org
+
+dn: cn=power-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: power-users
+member: uid=manager.1,dc=example,dc=org
+
+dn: cn=admins,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: admins
+member: uid=admin.1,dc=example,dc=org
+
+dn: cn=acs-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: acs-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.1,dc=example,dc=org
+
+dn: cn=aps-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: aps-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.2,dc=example,dc=org
+