Merge branch 'base' into ldap-server

.env

@@ -1,4 +0,0 @@
-PROXY_PROTOCOL=http
-PROXY_HOST=localhost
-PROXY_PORT=8080
-IDENTITY_SERVICE_BASEURL=http://auth.example.org:8080

docker-compose.yml

@@ -1,30 +1,16 @@
-# Sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
+# Originally sourced from https://github.com/Alfresco/acs-deployment/blob/4.0.3/docker-compose/docker-compose.yml
 #
-# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose
+version: "3"
-version: "2"
 
 services:
 
-    identity:
+    directory:
-        image: alfresco/alfresco-identity-service:1.3
+        image: osixia/openldap:1.4.0
-        user: jboss
         environment:
-            KEYCLOAK_USER: admin
+            LDAP_ORGANISATION: "Example Organization"
-            KEYCLOAK_PASSWORD: admin
+            LDAP_DOMAIN: example.org
-            KEYCLOAK_HOSTNAME: auth.example.org
+            LDAP_ADMIN_PASSWORD: admin
-            KEYCLOAK_IMPORT: /tmp/keycloak-alfresco-realm.json
+        command: "--copy-service --loglevel=debug"
-            KEYCLOAK_STATISTICS: enabled
-        networks:
-            default:
-                aliases:
-                    - "auth.example.org"
         volumes:
-            - ./keycloak-alfresco-realm.json:/tmp/keycloak-alfresco-realm.json:ro
+            - ./openldap-example.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif:ro
-    
+
-    proxy:
-        build: ./nginx-ingress
-        image: local/nginx-ingress:aims
-        ports:
-            - 8080:8080
-        depends_on:
-            - identity

keycloak-alfresco-realm.json

@@ -1,47 +0,0 @@
-{
-  "realm": "alfresco",
-  "enabled": true,
-  "sslRequired": "external",
-  "registrationAllowed": false,
-  "roles": {
-    "realm": [ {
-      "name": "user",
-      "description": "User privileges"
-    }, {
-      "name": "admin",
-      "description": "Administrator privileges"
-    } ]
-  },
-  "clients": [
-    {
-      "clientId": "alfresco",
-      "name": "Alfresco Products",
-      "enabled": true,
-      "alwaysDisplayInConsole": false,
-      "redirectUris": [ "*" ],
-      "standardFlowEnabled": true,
-      "implicitFlowEnabled": true,
-      "directAccessGrantsEnabled": false,
-      "publicClient": true,
-      "protocol": "openid-connect",
-      "attributes": {
-        "login_theme": "alfresco"
-      }
-    }
-  ],
-  "requiredCredentials": [ "password" ],
-  "users": [
-    {
-      "username": "admin",
-      "email": "admin@app.activiti.com",
-      "enabled": true,
-      "credentials" : [
-        {
-          "type" : "password",
-          "value" : "admin"
-        }
-      ],
-      "realmRoles": [ "user", "admin" ]
-    }
-  ]
-}

nginx-ingress/Dockerfile

@@ -1,8 +0,0 @@
-FROM nginx:stable-alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT [ "/entrypoint.sh" ]

nginx-ingress/entrypoint.sh

@@ -1,11 +0,0 @@
-#!/bin/sh
-
-if [[ $AIMS_URL ]]; then
-  sed -i s%http:\/\/identity:8080%"$AIMS_URL"%g /etc/nginx/nginx.conf
-fi
-
-if [[ $ACCESS_LOG ]]; then
-  sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
-fi
-
-nginx -g "daemon off;"

nginx-ingress/nginx.conf

@@ -1,43 +0,0 @@
-worker_processes  1;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    server {
-        listen *:8080;
-
-        client_max_body_size 0;
-
-        set  $allowOriginSite *;
-        proxy_pass_request_headers on;
-        proxy_pass_header Set-Cookie;
-
-        # External settings, do not remove
-        #ENV_ACCESS_LOG
-
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-        proxy_redirect off;
-#        proxy_buffering off;
-        proxy_buffer_size	64k;
-        proxy_buffers		4 256k;
-        proxy_busy_buffers_size	256k;
-        proxy_set_header Host              $http_host;
-        proxy_set_header X-Real-IP         $remote_addr;
-        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_pass_header Set-Cookie;
-
-        location / {
-            return 301 $scheme://$http_host/auth;
-        }
-
-        location /auth/ {
-            proxy_pass http://identity:8080;
-
-            # If using external proxy / load balancer (for initial redirect if no trailing slash)
-            absolute_redirect off;
-        }
-    }
-}

openldap-example.ldif

@@ -0,0 +1,80 @@
+version: 1
+
+dn: uid=admin.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Administrator
+uid: admin.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: admin.1@example.org
+
+dn: uid=manager.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: Manager
+uid: manager.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: manager.1@example.org
+
+dn: uid=user.1,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #1
+sn: User
+uid: user.1
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.1@example.org
+
+dn: uid=user.2,dc=example,dc=org
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: uidObject
+objectClass: simpleSecurityObject
+objectClass: mailAccount
+cn: #2
+sn: User
+uid: user.2
+userPassword: {SSHA}m2qOFBapko4Bky4vbQYCVyW4+KWeuswg/BqObw==
+mail: user.2@example.org
+
+dn: cn=power-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: power-users
+member: uid=manager.1,dc=example,dc=org
+
+dn: cn=admins,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: admins
+member: uid=admin.1,dc=example,dc=org
+
+dn: cn=acs-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: acs-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.1,dc=example,dc=org
+
+dn: cn=aps-users,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: aps-users
+member: cn=power-users,dc=example,dc=org
+member: uid=user.2,dc=example,dc=org
+