From b687237ba3e2176d8f5cca6be73a9fffd2a49b1a Mon Sep 17 00:00:00 2001 From: Geoff Greer Date: Mon, 19 Aug 2024 11:19:29 -0700 Subject: [PATCH 1/2] Add import script that works with any number of ldiff files. --- .github/workflows/ci.yaml | 2 +- scripts/import.sh | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100755 scripts/import.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5a93c351..64142274 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -87,7 +87,7 @@ jobs: - name: Create ldif files run: node ./scripts/ldif.js && ls -la - name: Import ldif into openldap - run: ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f big-00000.ldif && ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f big-00001.ldif && ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f big-00002.ldif + run: ./scripts/import.sh - name: Build baton-ldap run: go build ./cmd/baton-ldap - name: Run baton-ldap diff --git a/scripts/import.sh b/scripts/import.sh new file mode 100755 index 00000000..29c3bff9 --- /dev/null +++ b/scripts/import.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -euxo pipefail + + +for filename in big-*.ldif; do + [ -e "$filename" ] || continue + ldapadd -D 'CN=admin,DC=example,DC=org' -N -x -H 'ldap://localhost:389/' -w admin -f "$filename" +done From fd0c2ff90a909815ab9fd4d9aceab226f825a718 Mon Sep 17 00:00:00 2001 From: Geoff Greer Date: Mon, 19 Aug 2024 11:30:51 -0700 Subject: [PATCH 2/2] Fix ldif script to work with latest version of node. Add a usersPerGroup variable so we don't add every user to every group. --- .github/workflows/ci.yaml | 4 ++-- scripts/ldif.js | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 64142274..e4ecfef0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -93,6 +93,6 @@ jobs: - name: Run baton-ldap run: ./baton-ldap - name: Revoke grants - run: ./baton-ldap --revoke-grant 'group:cn=testgroup00000,dc=example,dc=org:member:user:cn=testuser00999@example.com,dc=example,dc=org' && ./baton-ldap --revoke-grant 'group:cn=othertestgroup00000,dc=example,dc=org:member:user:cn=testuser00999@example.com,dc=example,dc=org' + run: ./baton-ldap --revoke-grant 'group:cn=testgroup00000,dc=example,dc=org:member:user:cn=testuser00099@example.com,dc=example,dc=org' && ./baton-ldap --revoke-grant 'group:cn=othertestgroup00000,dc=example,dc=org:member:user:cn=testuser00099@example.com,dc=example,dc=org' - name: Grant entitlements - run: ./baton-ldap --grant-entitlement 'group:cn=testgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00999@example.com,dc=example,dc=org' --grant-principal-type 'user' && ./baton-ldap --grant-entitlement 'group:cn=othertestgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00999@example.com,dc=example,dc=org' --grant-principal-type 'user' + run: ./baton-ldap --grant-entitlement 'group:cn=testgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00099@example.com,dc=example,dc=org' --grant-principal-type 'user' && ./baton-ldap --grant-entitlement 'group:cn=othertestgroup00000,dc=example,dc=org:member' --grant-principal 'cn=testuser00099@example.com,dc=example,dc=org' --grant-principal-type 'user' diff --git a/scripts/ldif.js b/scripts/ldif.js index 306b32b0..5e0a6734 100644 --- a/scripts/ldif.js +++ b/scripts/ldif.js @@ -8,18 +8,21 @@ const fs = require('node:fs'); const userCount = 1000; const groupCount = 50; const maxFileSize = 2000000; // php ldap admin has a 2MB limit +const usersPerGroup = 100; let fileSize = 0; let fileCount = 0; const baseFileName = "big-"; -let f; +let f = null; // Only pass strings that constitute full objects to write(). // Otherwise the object will span across multiple files and import will fail. function write (data, opts = {}) { fileSize += data.length; if (fileSize > maxFileSize) { - fs.closeSync(f); + if (f) { + fs.closeSync(f); + } fileSize = data.length; fileCount++; f = null; @@ -56,7 +59,7 @@ cn: testgroup${groupIdStr} gidNumber: ${groupId} `; - for (let userId = 0; userId < userCount; userId++) { + for (let userId = 0; userId < usersPerGroup; userId++) { const userIdStr = ("00000" + userId).slice(-5); groupStr += `memberUid: testuser${userIdStr}@example.com `; @@ -75,7 +78,7 @@ cn: othertestgroup${groupIdStr} owner: cn=testuser00000@example.com,dc=example,dc=org `; - for (let userId = 0; userId < userCount; userId++) { + for (let userId = 0; userId < usersPerGroup; userId++) { const userIdStr = ("00000" + userId).slice(-5); groupStr += `uniquemember: cn=testuser${userIdStr}@example.com,dc=example,dc=org `;