Merge branch 'base' into ldap-server

.env

@@ -1,6 +0,0 @@
-ALFRESCO_DIR=~/alfresco
-ALFRESCO_LICENSE_DIR=~/alfresco/license
-
-PROXY_PROTOCOL=http
-PROXY_HOST=localhost
-PROXY_PORT=8080

alfresco-content-repository/docker/Dockerfile

@@ -1,16 +0,0 @@
-FROM alfresco/alfresco-content-repository:latest
-
-ARG USERNAME=alfresco
-ARG TOMCAT_DIR=/usr/local/tomcat
-
-USER root
-
-COPY catalina.policy /tmp/catalina.policy.ext
-COPY tomcat-platform-context.xml ${TOMCAT_DIR}/conf/Catalina/localhost/alfresco.xml
-COPY *.amp ${TOMCAT_DIR}/amps/
-
-RUN java -jar ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt*.jar install ${TOMCAT_DIR}/amps ${TOMCAT_DIR}/webapps/alfresco -nobackup -directory && \
-	mkdir -p ${TOMCAT_DIR}/modules && \
-	cat /tmp/catalina.policy.ext >> ${TOMCAT_DIR}/conf/catalina.policy
-
-USER ${USERNAME}

alfresco-content-repository/docker/README.md

@@ -1,3 +0,0 @@
-## Usage
-
-Download all AMP files needed into this directory.  All of them will be copied into a new Docker image and installed into the Alfresco Platform web application.

alfresco-content-repository/docker/catalina.policy

@@ -1,4 +0,0 @@
-grant codeBase "file:${catalina.base}/modules/-" {
-    permission java.security.AllPermission;
-};
-

alfresco-content-repository/docker/tomcat-platform-context.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<Context>
-        <Resources>
-                <PreResources base="${catalina.base}/modules" className="org.apache.catalina.webresources.DirResourceSet" webAppMount="/WEB-INF/lib" readOnly="true" />
-        </Resources>
-</Context>
-

alfresco-content-repository/modules/README.md

@@ -1,3 +0,0 @@
-## Usage
-
-Download all JAR module files needed into this directory.  All of them will be dynamically loaded into the Docker container and loaded into the Alfresco Platform web application.

docker-compose.yml

@@ -4,34 +4,14 @@
 version: "2"
 
 services:
-    platform:
-        build: ./alfresco-content-repository/docker
-        image: local/alfresco-content-repository:latest
+
+    directory:
+        image: osixia/openldap:1.4.0
         environment:
-            JAVA_OPTS: "
-                -Ddb.driver=org.postgresql.Driver
-                -Ddb.url=jdbc:postgresql://postgres-acs:5432/alfresco
-                -Dalfresco.host=${PROXY_HOST}
-                -Dalfresco.port=${PROXY_PORT}
-                -Dalfresco.protocol=${PROXY_PROTOCOL}
-                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-                "
-        depends_on:
-            - postgres-acs
-            - activemq
+            LDAP_ORGANISATION: "Example Organization"
+            LDAP_DOMAIN: example.org
+            LDAP_ADMIN_PASSWORD: admin
+        command: "--copy-service --loglevel=debug"
         volumes:
-            - "./alfresco-content-repository/modules:/usr/local/tomcat/modules:ro"
-    
-    postgres-acs:
-        image: postgres:latest
+            - ./openldap-example.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif:ro
 
-    activemq:
-        image: alfresco/alfresco-activemq:latest
-
-    proxy:
-        build: ./nginx-ingress
-        image: local/nginx-ingress:acs
-        ports:
-            - 8080:8080
-        depends_on:
-            - platform

nginx-ingress/Dockerfile

@@ -1,8 +0,0 @@
-FROM nginx:stable-alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT [ "/entrypoint.sh" ]

nginx-ingress/entrypoint.sh

@@ -1,11 +0,0 @@
-#!/bin/sh
-
-if [[ $ACS_PLATFORM_URL ]]; then
-  sed -i s%http:\/\/platform:8080%"$ACS_PLATFORM_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACCESS_LOG ]]; then
-  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
-fi
-
-nginx -g "daemon off;"

nginx-ingress/nginx.conf

@@ -1,52 +0,0 @@
-worker_processes  1;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    server {
-        listen *:8080;
-
-        client_max_body_size 0;
-
-        set  $allowOriginSite *;
-        proxy_pass_request_headers on;
-        proxy_pass_header Set-Cookie;
-
-        # External settings, do not remove
-        #ENV_ACCESS_LOG
-
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-        proxy_redirect off;
-        proxy_buffering off;
-        proxy_set_header Host              $http_host;
-        proxy_set_header X-Real-IP         $remote_addr;
-        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_pass_header Set-Cookie;
-        
-        # Protect access to SOLR APIs
-        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
-        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
-
-        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
-        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
-        
-        # Protect access to Prometheus endpoint
-        location ~ ^(/.*/s/prometheus)$ {return 403;}
-        
-        location / {
-            proxy_pass http://platform:8080;
-        }
-
-        location /alfresco/ {
-            proxy_pass http://platform:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-    }
-}

openldap-example.ldif

@@ -0,0 +1,80 @@
+version: 1
+
+dn: uid=admin.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Administrator
+uid: admin.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: admin.1@example.org
+
+dn: uid=manager.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Manager
+uid: manager.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: manager.1@example.org
+
+dn: uid=user.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: User
+uid: user.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.1@example.org
+
+dn: uid=user.2,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #2
+sn: User
+uid: user.2
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.2@example.org
+
+dn: cn=power-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: power-users
+member: uid=manager.1,dc=example,dc=org
+
+dn: cn=admins,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: admins
+member: uid=admin.1,dc=example,dc=org
+
+dn: cn=acs-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: acs-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.1,dc=example,dc=org
+
+dn: cn=aps-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: aps-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.2,dc=example,dc=org
+