Merge branch 'base' into ldap-server

.env

@@ -1,11 +0,0 @@
-ALFRESCO_DIR=~/alfresco
-ALFRESCO_LICENSE_DIR=~/alfresco/license
-
-PROXY_PROTOCOL=http
-PROXY_HOST=localhost
-PROXY_PORT=8080
-
-ACS_TAG=7.4.1.1
-AAMQ_TAG=latest
-POSTGRES_TAG=13
-ACS_SHARE_TAG=7.4.1.2

alfresco-share/docker/Dockerfile

@@ -1,11 +0,0 @@
-ARG ACS_SHARE_TAG=inject-it
-FROM alfresco/alfresco-share:${ACS_SHARE_TAG}
-
-ARG TOMCAT_DIR=/usr/local/tomcat
-
-COPY tomcat-share-context.xml ${TOMCAT_DIR}/conf/Catalina/localhost/share.xml
-COPY *.amp ${TOMCAT_DIR}/amps_share/
-
-RUN java -jar ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt*.jar install ${TOMCAT_DIR}/amps_share ${TOMCAT_DIR}/webapps/share -nobackup -directory && \
-	mkdir -p ${TOMCAT_DIR}/modules/share
-

alfresco-share/docker/README.md

@@ -1,3 +0,0 @@
-## Usage
-
-Download all AMP files needed into this directory.  All of them will be copied into a new Docker image and installed into the Alfresco Share web application.

alfresco-share/docker/tomcat-share-context.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<Context>
-        <Resources>
-                <PreResources base="${catalina.base}/modules/share" className="org.apache.catalina.webresources.DirResourceSet" webAppMount="/WEB-INF/lib" readOnly="true" />
-        </Resources>
-</Context>

alfresco-share/modules/README.md

@@ -1,3 +0,0 @@
-## Usage
-
-Download all JAR module files needed into this directory.  All of them will be dynamically loaded into the Docker container and loaded into the Alfresco Share web application.

docker-compose.yml

@@ -1,68 +1,17 @@
-# Originally sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
+# Sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
 #
-version: "3"
+# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
+version: "2"
 
 services:
 
-    platform:
-        image: alfresco/alfresco-content-repository-community:${ACS_TAG}
+    directory:
+        image: osixia/openldap:1.4.0
         environment:
-            JAVA_TOOL_OPTIONS: "
-                -Dencryption.keystore.type=JCEKS
-                -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
-                -Dencryption.keyAlgorithm=DESede
-                -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
-                -Dmetadata-keystore.password=mp6yc0UD9e
-                -Dmetadata-keystore.aliases=metadata
-                -Dmetadata-keystore.metadata.password=oKIWzVdEdA
-                -Dmetadata-keystore.metadata.algorithm=DESede"
-            JAVA_OPTS: "
-                -Ddb.driver=org.postgresql.Driver
-                -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
-                -Dshare.host=${PROXY_HOST}
-                -Dshare.port=${PROXY_PORT}
-                -Dshare.protocol=${PROXY_PROTOCOL}
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-                "
-        depends_on:
-            - postgres-acs
-            - activemq
-    
-    share:
-        build:
-            context: ./alfresco-share/docker
-            args:
-                ACS_SHARE_TAG: ${ACS_SHARE_TAG}
-        image: local/alfresco-share:latest
-        environment:
-            REPO_HOST: "platform"
-            CSRF_FILTER_REFERER: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?/?.*"
-            CSRF_FILTER_ORIGIN: "${PROXY_PROTOCOL}://${PROXY_HOST}(:${PROXY_PORT})?"
-            JAVA_OPTS: "
-                -Dshare.host=${PROXY_HOST}
-                -Dshare.port=${PROXY_PORT}
-                -Dshare.protocol=${PROXY_PROTOCOL}
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                "
+            LDAP_ORGANISATION: "Example Organization"
+            LDAP_DOMAIN: example.org
+            LDAP_ADMIN_PASSWORD: admin
+        command: "--copy-service --loglevel=debug"
         volumes:
-            - "./alfresco-share/modules:/usr/local/tomcat/modules/share:ro"
-    
-    postgres-acs:
-        image: postgres:${POSTGRES_TAG}
+            - ./openldap-example.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif:ro
 
-    activemq:
-        image: alfresco/alfresco-activemq:${AAMQ_TAG}
-
-    proxy:
-        build: ./nginx-ingress
-        image: local/nginx-ingress:acs-share
-        ports:
-            - 8080:8080
-        depends_on:
-            - platform
-            - share

nginx-ingress/Dockerfile

@@ -1,8 +0,0 @@
-FROM nginx:stable-alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT [ "/entrypoint.sh" ]

nginx-ingress/entrypoint.sh

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-if [[ $ACS_PLATFORM_URL ]]; then
-  sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACS_SHARE_URL ]]; then
-  sed -i s%http:\/\/share:8080%"$ACS_SHARE_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACCESS_LOG ]]; then
-  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
-fi
-
-nginx -g "daemon off;"

nginx-ingress/nginx.conf

@@ -1,59 +0,0 @@
-worker_processes  1;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    server {
-        listen *:8080;
-
-        client_max_body_size 0;
-
-        set  $allowOriginSite *;
-        proxy_pass_request_headers on;
-        proxy_pass_header Set-Cookie;
-
-        # External settings, do not remove
-        #ENV_ACCESS_LOG
-
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-        proxy_redirect off;
-        proxy_buffering off;
-        proxy_set_header Host              $http_host;
-        proxy_set_header X-Real-IP         $remote_addr;
-        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_pass_header Set-Cookie;
-        
-        # Protect access to SOLR APIs
-        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
-
-        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
-        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
-        
-        # Protect access to Prometheus endpoint
-        location ~ ^(/.*/s/prometheus)$ {return 403;}
-        
-        location / {
-            proxy_pass http://platform:8080;
-        }
-
-        location /alfresco/ {
-            proxy_pass http://platform:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-
-        location /share/ {
-            proxy_pass http://share:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-    }
-}

openldap-example.ldif

@@ -0,0 +1,80 @@
+version: 1
+
+dn: uid=admin.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Administrator
+uid: admin.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: admin.1@example.org
+
+dn: uid=manager.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Manager
+uid: manager.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: manager.1@example.org
+
+dn: uid=user.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: User
+uid: user.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.1@example.org
+
+dn: uid=user.2,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #2
+sn: User
+uid: user.2
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.2@example.org
+
+dn: cn=power-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: power-users
+member: uid=manager.1,dc=example,dc=org
+
+dn: cn=admins,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: admins
+member: uid=admin.1,dc=example,dc=org
+
+dn: cn=acs-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: acs-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.1,dc=example,dc=org
+
+dn: cn=aps-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: aps-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.2,dc=example,dc=org
+