Merge pull request 'auto-manager' (#1) from auto-manager into master

Reviewed-on: #1

.gitignore

@@ -0,0 +1 @@
+ldap.vars

files/populate.ldif.template

@@ -0,0 +1,89 @@
+version: 1
+
+dn: ou=People,{{ldap_base}}
+objectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups,{{ldap_base}}
+objectClass: organizationalUnit
+ou: Groups
+
+
+# Entry 1: cn=ldapclient service,ou=Groups,{{ldap_base}}
+dn: cn=ldapclient service,ou=Groups,{{ldap_base}}
+cn: ldapclient service
+gidnumber: 1499
+objectclass: posixGroup
+objectclass: top
+
+# Entry 1: cn=ldapclient_service,ou=People,{{ldap_base}}
+dn: cn=ldapclient_service,ou=People,{{ldap_base}}
+cn: ldapclient_service
+gidnumber: 1499
+givenname: ldapclient
+homedirectory: /home/ldapclient
+loginshell: /bin/bash
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn:  service
+uid: ldapclient
+uidnumber: 1499
+userpassword: {MD5}{{ldpad_client_password_md5}}
+
+
+# Entry 1: cn={{user_uid}},ou=Groups,{{ldap_base}}
+dn: cn={{user_uid}},ou=Groups,{{ldap_base}}
+cn: {{user_uid}}
+gidnumber: 1500
+objectclass: posixGroup
+objectclass: top
+
+# Entry 1: cn={{user_uid}},ou=People,{{ldap_base}}
+dn: cn={{user_uid}},ou=People,{{ldap_base}}
+cn: {{user_uid}}
+gidnumber: 1500
+givenname: {{user_first_name}}
+homedirectory: /home/{{user_uid}}
+loginshell: /bin/bash
+mail: {{user_email}}
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+objectclass: ldapPublicKey
+objectclass: sudoRole
+sudocommand: ALL
+sudohost: ALL
+sudouser: {{uid}}
+sn: {{user_last_name}}
+uid: {{user_uid}}
+uidnumber: 1500
+userpassword: {MD5}{{user_password_md5}}
+
+
+# Entry 1: cn=app_sso_admin,ou=Groups,{{ldap_base}}
+dn: cn=app_sso_admin,ou=Groups,{{ldap_base}}
+cn: app_sso_admin
+description: Admin access for SSO app
+member: cn={{user_uid}},ou=People,{{ldap_base}}
+objectclass: groupOfNames
+objectclass: top
+owner: cn={{user_uid}},ou=People,{{ldap_base}}
+
+# Entry 1: cn=host_access,ou=Groups,{{ldap_base}}
+dn: cn=host_access,ou=Groups,{{ldap_base}}
+cn: host_access
+description: PAM Access to all hosts
+member: cn={{user_uid}},ou=People,{{ldap_base}}
+objectclass: groupOfNames
+objectclass: top
+owner: cn={{user_uid}},ou=People,{{ldap_base}}
+
+# Entry 1: cn=host_admin,ou=Groups,{{ldap_base}}
+dn: cn=host_admin,ou=Groups,{{ldap_base}}
+cn: host_admin
+description: sudo on all hosts
+member: cn={{user_uid}},ou=People,{{ldap_base}}
+objectclass: groupOfNames
+objectclass: top
+owner: cn={{user_uid}},ou=People,{{ldap_base}}

files/sso-manager.conf.template

@@ -0,0 +1,13 @@
+module.exports = {
+	userModel: 'ldap',
+	ldap: {
+		url: 'ldap://localhost:389',
+		bindDN: 'cn=admin,{{ldap_base}}',
+		bindPassword: '{{password}}',
+		userBase: 'ou=People,{{ldap_base}}',
+		groupBase: 'ou=Groups,{{ldap_base}}',		
+		userFilter: '(objectClass=posixAccount)',
+		userNameAttribute: 'uid'
+	},
+	name: '{{org_name}}',
+};

index.sh

@@ -2,10 +2,23 @@
 
 set -e
 
-org_name="Theta42"
-domain="theta42.com"
-password=$1
-ldap_base="dc=theta42,dc=com"
+# Pull in the mustache template library for bash
+source lib/mo
+
+if [ ! -f ./ldap.vars ]; then
+    echo "ldap.vars file not found!"
+    echo "Please copy ldap.vars.template to ldap.vars and edit it."
+    exit 1
+fi
+
+
+source ldap.vars
+
+export user_uid=`echo -n "${user_first_name:0:1}$user_last_name" | tr '[:upper:]' '[:lower:]'`
+export password_md5=`echo -n "$password" | openssl dgst -md5 -binary | openssl enc -base64`
+export ldpad_client_password_md5=`echo -n "$ldpad_client_password" | openssl dgst -md5 -binary | openssl enc -base64`
+export user_password_md5=`echo -n "$user_password" | openssl dgst -md5 -binary | openssl enc -base64`
+
 
 echo "slapd slapd/internal/adminpw string $password" | debconf-set-selections
 echo "slapd slapd/password1 string $password" | debconf-set-selections
@@ -27,6 +40,10 @@ echo '' > /etc/ldap/ldap.conf
 echo "BASE   $ldap_base" >> /etc/ldap/ldap.conf
 echo "URI    ldap://localhost" >> /etc/ldap/ldap.conf
 
+temp_populate_ldif=$(mktemp)
+populate_ldif_template="$(cat files/populate.ldif.template)"
+echo "$populate_ldif_template" | mo > "$temp_populate_ldif"
+
 ldapadd -Y EXTERNAL -H ldapi:/// -f files/sshkey.ldif
 ldapadd -Y EXTERNAL -H ldapi:/// -f files/sudo.ldif
 ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/add_index.ldif
@@ -34,3 +51,25 @@ ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/logging.ldif
 ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/memberof_config.ldif
 ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/refint1.ldif
 ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif
+ldapadd -x -D "cn=admin,$ldap_base" -w "$password" -H ldap:// -f "$temp_populate_ldif"
+
+
+apt install curl git redis-server -y
+curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -
+apt update
+apt-get install -y nodejs git
+sso_conf_template="$(cat files/sso-manager.conf.template)"
+
+mkdir /var/www
+cd /var/www
+
+git clone https://github.com/theta42/sso-manager-node.git
+
+cd sso-manager-node/nodejs
+npm install
+
+echo "$sso_conf_template" | mo > "conf/secrets.js"
+
+wget -q https://raw.githubusercontent.com/theta42/sso-manager-node/master/ops/systemd/sso-manager.service -O /etc/systemd/system/sso-manger.service
+systemctl start sso-manger.service
+systemctl enable sso-manger.service

ldap.vars.template

@@ -0,0 +1,14 @@
+# Information for the base LDAP server
+export org_name='Theta42'
+export domain='theta42.com'
+export password='password'
+export ldap_base='dc=theta42,dc=com'
+
+# LDAP client services account
+export ldpad_client_password='password'
+
+# First Admin user, you!
+export user_first_name='William'
+export user_last_name='Mantly'
+export user_email='wmantly@gmail.com'
+export user_password='password'