Update test_ldap_person to correct jupyterhub

Author: rasmunk

tests/configs/jhub/ldap_person_hook.py

@@ -0,0 +1,13 @@
+"""A simple jupyter config file for testing the authenticator."""
+# from ldap_hooks import setup_ldap_entry_hook
+# from ldap_hooks import LDAP
+c = get_config()
+
+c.JupyterHub.authenticator_class = 'jhubauthenticators.HeaderAuthenticator'
+c.JupyterHub.spawner_class = 'dockerspawner.Dockerspawner'
+
+# c.Spawner.pre_spawn_hook = setup_ldap_entry_hook
+
+# LDAP.url = 'http://127.0.0.1'
+# LDAP.user = 'cn=admin,dc=example,dc=org'
+# LDAP.password = 'dummyldap_password'

tests/configs/openldap/mount_schema/README.md

@@ -0,0 +1 @@
+Bootstrap schemas, for a container started without an existing ldap config.

tests/configs/openldap/mount_schema/certs.schema

@@ -0,0 +1,5 @@
+objectclass    ( 2.25.254185546955548845187682617152348290622 NAME 'X-certsDistinguishedName' SUP top STRUCTURAL
+         DESC 'An object containing the attributes
+               for a common 509 Distinguished Name'
+         MUST cn
+         MAY ( c $ st $ l $ o $ ou $ emailAddress ) )

tests/configs/openldap/mount_schema/mmc/README.md

@@ -0,0 +1 @@
+Mandriva Management Console (MMC) ldap schemas, delete the forlder if not needed ;)

tests/configs/openldap/mount_schema/mmc/dhcp.schema

@@ -0,0 +1,155 @@
+# A schema for storing DNS zones in LDAP
+#
+attributetype ( 1.3.6.1.4.1.2428.20.0.0  NAME 'dNSTTL'
+    DESC 'An integer denoting time to live'
+    EQUALITY integerMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
+    DESC 'The class of a resource record'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
+    DESC 'The name of a zone, i.e. the name of the highest node in the zone'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
+    DESC 'The starting labels of a domain name'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord'
+    DESC 'domain name pointer, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord'
+    DESC 'host information, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord'
+    DESC 'mailbox or mail list information, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
+    DESC 'text string, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
+    DESC 'for AFS Data Base location, RFC 1183'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
+    DESC 'Signature, RFC 2535'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
+    DESC 'Key, RFC 2535'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
+    DESC 'IPv6 address, RFC 1886'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord'
+    DESC 'Location, RFC 1876'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord'
+    DESC 'non-existant, RFC 2535'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord'
+    DESC 'service location, RFC 2782'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord'
+    DESC 'Naming Authority Pointer, RFC 2915'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord'
+    DESC 'Key Exchange Delegation, RFC 2230'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord'
+    DESC 'certificate, RFC 2538'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record'
+    DESC 'A6 Record Type, RFC 2874'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
+    DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
+    DESC 'Delegation Signer, RFC 3658'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
+    DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord'
+    DESC 'RRSIG, RFC 3755'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
+    DESC 'NSEC, RFC 3755'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
+        SUP top STRUCTURAL
+    MUST ( zoneName $ relativeDomainName )
+        MAY ( DNSTTL $ DNSClass $
+              ARecord $ MDRecord $ MXRecord $ NSRecord $
+          SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
+              MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
+              KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
+              SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
+              A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
+              RRSIGRecord $ NSECRecord ) )

tests/configs/openldap/mount_schema/mmc/dnszone.schema

@@ -0,0 +1,128 @@
+##
+## Needed attributes for MMC Mail Plugin
+##
+## Cédric Delfosse (cdelfosse@mandriva.com)
+## Matthieu Vogelweith (mvogelweith@mandriva.com)
+## Jean-Philippe Braun (jpbraun@mandriva.com)
+
+# Attributes
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.1
+        NAME 'maildrop'
+        DESC 'Mail addresses where mails are forwarded -- ie forwards'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.2
+        NAME 'mailalias'
+        DESC 'Mail addresses accepted by this account -- ie aliases'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.3
+        NAME 'mailenable'
+        DESC 'Mail Account / Virtual alias validity'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.4
+        NAME 'mailbox'
+        DESC 'Mailbox path where mails are delivered'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.5
+        NAME 'virtualdomain'
+        DESC 'A mail domain name'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.6
+        NAME 'virtualdomaindescription'
+        DESC 'Virtual domain description'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.7
+        NAME 'mailuserquota'
+        DESC 'Mailbox quota for a user in kilo-bytes'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.8
+        NAME 'mailhost'
+        DESC 'The mail server IP address or FQDN for a user'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.9
+        NAME 'mailaliasmember'
+        DESC 'Member of a virtual alias'
+        SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.10
+        NAME 'mailproxy'
+        DESC 'Mail proxy'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.11
+        NAME 'mailhidden'
+        DESC 'Mail Account hidden in address book'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
+
+# Mail Account Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.1
+        NAME 'mailAccount'
+        DESC 'Mail Account'
+        SUP top
+        AUXILIARY
+        MUST (
+            mail
+            )
+        MAY (
+            mailalias $ maildrop $ mailenable $ mailbox $ mailuserquota $
+            mailhost $ mailproxy $ mailhidden
+            )
+        )
+
+# Mail Domain Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.2
+        NAME 'mailDomain'
+        DESC 'Domain mail entry'
+        SUP top
+        STRUCTURAL
+        MUST (
+            virtualdomain
+            )
+        MAY (
+            virtualdomaindescription $ mailuserquota
+            )
+        )
+
+# Mail Group Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.3
+        NAME 'mailGroup' SUP top AUXILIARY
+        DESC 'Mail Group'
+        MUST ( mail )
+        MAY ( mailhidden )
+        )
+
+# Virtual Alias Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.4
+        NAME 'mailAlias'
+        DESC 'Mail Alias'
+        SUP top
+        STRUCTURAL
+        MUST ( mailalias )
+        MAY ( mail $ mailaliasmember $ mailenable )
+        )

tests/configs/openldap/mount_schema/mmc/mail.schema

@@ -0,0 +1,31 @@
+##
+## Needed attributes for MMC (Mandriva Management Console)
+##
+## Version 01
+##
+## J�r�me Wax (jerome.wax@linbox.com)
+##
+
+# Attributes
+attributetype ( 1.3.6.1.4.1.40098.1.1.12.1 NAME 'lmcACL'
+        DESC 'LMC acl entry'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.40098.1.1.12.2 NAME 'lmcPrefMode'
+        DESC 'LMC user preferences'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.40098.1.1.12.3 NAME 'lmcPrinterAllowed'
+        DESC 'LMC a printer where the user has the rights to print'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+# Objectclass
+objectclass ( 1.3.6.1.4.1.40098.1.2.1.19.1 NAME 'lmcUserObject' AUXILIARY
+        DESC 'Objectclass for LMC user settings '
+        MAY  ( lmcACL $ lmcPrefMode $ lmcPrinterAllowed ))

tests/configs/openldap/mount_schema/mmc/mmc.schema

@@ -0,0 +1,19 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+# Author: Eric AUGE <eau@phear.org>
+# 
+# Based on the proposal of : Mark Ruijter
+#
+
+
+# octetString SYNTAX
+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' 
+	DESC 'MANDATORY: OpenSSH Public key' 
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# printableString SYNTAX yes|no
+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+	DESC 'MANDATORY: OpenSSH LPK objectclass'
+	MAY ( sshPublicKey $ uid ) 
+	)

tests/configs/openldap/mount_schema/mmc/openssh-lpk.schema

@@ -0,0 +1,29 @@
+##
+## schema file for Unix Quotas
+## Schema for storing Unix Quotas in LDAP
+## OIDs are owned by Cogent Innovators, LLC
+##
+## 1.3.6.1.4.1.19937.1.1.x - attributetypes
+## 1.3.6.1.4.1.19937.1.2.x - objectclasses
+##
+
+attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota'
+        DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
+
+attributetype ( 1.3.6.1.4.1.19937.1.1.2 NAME 'networkquota'
+        DESC 'Network Quotas (network,protocol,bytes)'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
+
+objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP posixAccount AUXILIARY
+        DESC 'System Quotas'
+        MUST ( uid )
+        MAY  ( quota $ networkquota ))
+
+objectclass ( 1.3.6.1.4.1.19937.1.2.2 NAME 'defaultQuotas'
+        DESC 'Quota defaults to apply to members of a group'
+        SUP top AUXILIARY
+        MUST ( cn )
+        MAY ( quota $ networkquota ))