I wrote a chef cookbook that you might find useful as well. https://github.com/RiotGamesCookbooks/dirsrv-cookbook
You could use chef-solo in one of the steps that provisions your Docker container. -alan On Jan 10, 2016 8:43 AM, "Charlie Mordant" <[email protected]> wrote: > Hi census experts! > > At first, I wanted to thank you for that wonderful technology, providing > secure (tls ready, acl ready, clusterable) product: you're the only one > driving annuary (directory) as mature as this. > > I'm encountering an untraditional issue: I'm trying to make a kind of > cloud service all ldap centric: all my services are consuming ldap to give > user credentials (jenkins, webmail, nexus, etc...). > > I'm able to make a first-time ldap installation that fits all my needs but > not able to makes it repeatable. > > The issues are that: > * docker image are really difficult to tackle: > mains parts are on the same db: netscaperoot things, ssl > configuration, maxbersize, as well as the users db (dc=mydn, dc=people), so > splitting concerns are difficult. > * remove-ds.pl then setup-ds.pl does not make admin-ds recognizable > within the new ldap. > * remove-ds-admin.pl removes some rpm mandatory files, so yum erase > (389-ds-base, 389-admin, 389-adminutil), yum install is mandatory (but it > looks like its not sufficient, and can cause some side effect: removing > other deps). > > So how can I make a repeatable 389 install? > What I want to achieve: > * Install a 389 server importing a personal CA and certs > * Securizing access (my cloud has prices depending on the number of users) > so my cloud adds users to 'dc=mycompany,ou=people, ou=company' but company > can add users to 'dc=mycompany,ou=people, ou=webmail,ou=contacts' > * Making it repeatable (exporting contacts data, yum erase 389-ds, yum > install 389-ds then configure stuff and importing contacts data should > lead to the same result as before), and I'm not able to do that after 3 > month of work. > > I've a sample Opscode Chef recipe mounting all this stuff, but > re-provisioning machine leads to errors, I can give access to one of your > dev if wanted. > > Can 389 can be improved to uninstall ds then reinstall an installation > (without the admin things) and being as complete as before? > > > Best regards > > -- > Charlie Mordant > > Full OSGI/EE stack made with Karaf: > https://github.com/OsgiliathEnterprise/net.osgiliath.parent > > -- > 389 users mailing list > 389-users@%(host_name)s > > http://lists.fedoraproject.org/admin/lists/[email protected] >
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/[email protected]
