Port plugin to OMV6 (#2)

* Fix static rootbindpw by using the correct variable

* Adapt UI

* Remove obsolete file creation from salt

* Fix editing route / missing content

* Adapt README and add scripts for testing

* Remove TODO

* Fix script

.gitignore

@@ -0,0 +1,4 @@
+.vagrant
+
+# Generated files from dpkg-buildpackage
+openmediavault-ldap_*

README.md

@@ -1,39 +1,42 @@
 # Openmediavault LDAP
 
-This plugin connects OMV5 to an OPEN-LDAP Server for centralized user management
-and authentification. It adapts the official LDAP plugin [1] for OMV4 to use it
-with OMV5.  
-Basically there aren't any fundamental changes up to 5.3.9-r1 tag. You can use LDAP
-for system wide User- and Groupmanagement. Additionally you can activate PAM auth 
-with *libpam-ldapd* module. The name switch service is done with *libnss-ldapd*.
-For caching actually the NSCD service is used, maybe we should change from NSLCD to 
-SSSD in future. A good explanation of the pam auth and nss process will give
-you the reference [4].  
-This repo is under development. Checkout the tags in the master branch for stable 
-and tested releases. If you encounter some problems make a new issue or write an email
-to *devel[at]nareo.de*.  
-Be aware: This code was tested in a clean environment with fresh installed OMV5 setup.
-I am not responsible for loss of your data! Please make always a full backup
-of your OMV machine before installing this plugin!
+This plugin connects OMV6 to an OPEN-LDAP Server for centralized user management
+and authentification. Originally this is / was a fork of the official plugin[1]
+
+Note that this is the old school way of connecting Samba to LDAP. Recent
+documentation recommends to use the LDAP that is integrated into Samba since
+version 4.
+
+You can use LDAP for system wide User- and Groupmanagement. Additionally you can
+activate PAM auth with *libpam-ldapd* module. The name switch service is done
+with *libnss-ldapd*. For caching actually the NSCD service is used, maybe we
+should change from NSLCD to SSSD in future. A good explanation of the pam auth
+and nss process will give you the reference [4].
+This repo is under development. Checkout the tags in the master branch for stable
+and tested releases. If you encounter some problems make a new issue.
+Be aware: This code was tested in a clean environment with fresh installed OMV5
+setup.  I am not responsible for loss of your data! Please make always a full
+backup of your OMV machine before installing this plugin!
 
 ## Build DEBIAN package
 
 Create DEB package with `dpkg-buildpackage -uc -us` inside the
 source directory. The \*.deb file will be placed in the parent
-directory.
+directory. A script to build the files using docker is also provided
+(`build-package-using-docker.sh`)
 
-## Install Plugin into Openmediavault 5
+## Install Plugin into Openmediavault 6
 
-Upload the generated \*.deb file to OMV5 plugins and install it. Once it is
-installed, you have an additional menu item for LDAP Server settings.
+Upload the generated \*.deb file to OMV6 using scp and install it via apt (e.g.
+apt install \*.deb). Once it is installed, you have an additional menu item for
+LDAP Server settings within *Users*.
 
 ## Testing Environment and Help
 
-The directory *.test* contains some basic config files for test environment
-with OMV5. I need someone to test with other LDAP services.
+For testing a local LDAP can be setup. See `install-tools.sh`.
 
 Environment:
-* Openmediavault 5.5.9-1 (Usul) with running SAMBA service
+* Openmediavault 6.x (Shaitan) with running SAMBA service
 * OpenLDAP 2.4.47 server (setup with `smbldap-populate`)
 * all smbldap-tools 0.9.9-1 installed on OMV5
 
@@ -49,4 +52,4 @@ If you get in trouble, try:
 * [2]  https://wiki.debian.org/LDAP/PAM
 * [3]  https://linux-club.de/wiki/opensuse/Samba_und_OpenLDAP
 * [4]  https://www.debuntu.org/how-to-set-up-a-ldap-server-and-its-clients-page-2/
-* [5]  https://deepdoc.at/dokuwiki/doku.php?id=server_und_serverdienste:openldap_mit_samba_als_pdc_neues_backend
+* [5]  https://deepdoc.at/dokuwiki/doku.php?id=server_und_serverdienste:openldap_mit_samba_als_pdc_neues_backend

Vagrantfile

@@ -0,0 +1,70 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   apt-get update
+  #   apt-get install -y apache2
+  # SHELL
+end

build-package-using-docker.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+BUILDER_IMAGE="local/$(basename $(pwd))/deb-builder"
+
+docker build -t ${BUILDER_IMAGE} deb-builder
+
+# Remove old results
+rm -fv openmediavault-ldap_*
+
+# Note: We need to mount the parent directory as dpkg-buildpackage writes there
+docker run \
+  --rm \
+  -t \
+  -v $(pwd)/../:$(pwd)/../ \
+  -w $(pwd) \
+  ${BUILDER_IMAGE} \
+  dpkg-buildpackage -uc -us
+
+# Move results from parent directory
+mv -v ../openmediavault-ldap_* .

deb-builder/Dockerfile

@@ -0,0 +1,6 @@
+FROM debian:bullseye-slim
+
+RUN apt-get update \
+	&& apt-get install -y dpkg-dev debhelper gettext \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*

debian/changelog

@@ -1,3 +1,9 @@
+openmediavault-ldap (6.0.0~1) stable; urgency=low
+
+  * Adapt to openmediavault 6 (Sheitan).
+
+ -- slangdaddy <de_doener@web.de>  Sun, 29 May 2022 21:02:54 +0200
+
 openmediavault-ldap (5.3.9~1) stable; urgency=low
 
   * Adapt to openmediavault 5 (Usul).

debian/compat

@@ -1 +1 @@
-9
+12

debian/control

@@ -4,13 +4,13 @@ XB-Plugin-Section: network
 Priority: optional
 Maintainer: Volker Theile <volker.theile@openmediavault.org>
 Uploaders: Seb36273 <devel@nareo.de>
-Build-Depends: debhelper (>> 7), gettext
+Build-Depends: debhelper (>> 12), gettext
 Standards-Version: 3.9.6
 Homepage: http://www.openmediavault.org
 
 Package: openmediavault-ldap
 Architecture: all
-Depends: openmediavault (>= 5.0), libnss-ldap, libpam-ldap
+Depends: openmediavault (>= 6.0), libnss-ldap, libpam-ldap
 Conflicts: openmediavault-ad
 Priority: optional
 Description: openmediavault Lightweight Directory Access Protocol (LDAP) plugin

debian/openmediavault-ldap.install

@@ -1,3 +1,2 @@
 usr/share/openmediavault/* usr/share/openmediavault
-var/www/openmediavault/* var/www/openmediavault
 srv/* srv

debian/openmediavault-ldap.postinst

@@ -35,12 +35,8 @@ case "$1" in
 			pam-auth-update --force --package --remove ldap
 		fi
 
-		########################################################################
-		# Activate package triggers. These triggers are only set during the
-		# package installation.
-		########################################################################
-		dpkg-trigger update-fixperms
-		dpkg-trigger update-locale
+		# Activate trigger to rebuild workbench configuration files.
+	        dpkg-trigger update-workbench
 
 		########################################################################
 		# Initialize and migrate configuration database.

debian/openmediavault-ldap.postrm

@@ -26,9 +26,9 @@ set -e
 
 remove_action() {
 	# Regenerate configuration files to remove LDAP settings.
-	
-	# Activate trigger to purge cached files.
-	dpkg-trigger update-fixperms
+
+        # Activate trigger to rebuild workbench configuration files.
+        dpkg-trigger update-workbench
 }
 
 case "$1" in

install-omv.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+# Install OMV in a test environment based on Debian
+# See https://openmediavault.readthedocs.io/en/stable/installation/on_debian.html
+
+echo "Installing openmediavault gpg keyring"
+apt-get install --yes gnupg
+wget -O "/etc/apt/trusted.gpg.d/openmediavault-archive-keyring.asc" https://packages.openmediavault.org/public/archive.key
+apt-key add "/etc/apt/trusted.gpg.d/openmediavault-archive-keyring.asc"
+
+echo "Add package repositories"
+cat <<EOF >> /etc/apt/sources.list.d/openmediavault.list
+deb https://packages.openmediavault.org/public shaitan main
+# deb https://downloads.sourceforge.net/project/openmediavault/packages shaitan main
+## Uncomment the following line to add software from the proposed repository.
+# deb https://packages.openmediavault.org/public shaitan-proposed main
+# deb https://downloads.sourceforge.net/project/openmediavault/packages shaitan-proposed main
+## This software is not part of OpenMediaVault, but is offered by third-party
+## developers as a service to OpenMediaVault users.
+# deb https://packages.openmediavault.org/public shaitan partner
+# deb https://downloads.sourceforge.net/project/openmediavault/packages shaitan partner
+EOF
+
+echo "Install openmediavault package"
+export LANG=C.UTF-8
+export DEBIAN_FRONTEND=noninteractive
+export APT_LISTCHANGES_FRONTEND=none
+apt-get update
+apt-get --yes --auto-remove --show-upgraded \
+    --allow-downgrades --allow-change-held-packages \
+    --no-install-recommends \
+    --option DPkg::Options::="--force-confdef" \
+    --option DPkg::Options::="--force-confold" \
+    install openmediavault-keyring openmediavault
+
+omv-confdbadm populate
+
+echo "Don't forget to add vagrant to the ssh group!"
+echo "Now do a reboot or vagrant reload"

install-tools.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+# Install tools for testing the plugin
+
+echo "Installing utils for development / testing"
+# TODO: setup LDAP with test data
+apt-get --yes install slapd ldap-utils smbldap-tools
+
+# See https://ubuntu.com/server/docs/samba-openldap-backend
+echo "Configuring LDAP"
+ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config 'cn=*samba*'
+
+cat<<EOF > /tmp/samba_indices.ldif
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+replace: olcDbIndex
+olcDbIndex: objectClass eq
+olcDbIndex: uidNumber,gidNumber eq
+olcDbIndex: loginShell eq
+olcDbIndex: uid,cn eq,sub
+olcDbIndex: memberUid eq,sub
+olcDbIndex: member,uniqueMember eq
+olcDbIndex: sambaSID eq
+olcDbIndex: sambaPrimaryGroupSID eq
+olcDbIndex: sambaGroupType eq
+olcDbIndex: sambaSIDList eq
+olcDbIndex: sambaDomainName eq
+olcDbIndex: default sub,eq
+EOF
+
+ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/samba_indices.ldif
+
+# Note: Samba must be activated / running in OMV from here on
+# Generate configuration for smbldap-config, ask several questions
+# Note: Ensure that the port is not part of the hostname!
+smbldap-config
+# Prepare the LDAP using freshly created config
+smbldap-populate -g 10000 -u 10000 -r 10000
+
+# Tell samba the ldap admin password
+smbpasswd -W
+
+# Not sure if thats really necessary
+systemctl restart smbd.service nmbd.service
+
+# Finally add a user to LDAP / Samba
+smbldap-useradd -a -P -m jodoe

srv/salt/omv/deploy/ldap/files/etc-ldap-pam_conf.j2

@@ -4,6 +4,6 @@ uri ldap{% if config.enablessl | to_bool %}'s'{% endif %}://{{ config.host }}{%
 ldap_version {{ ldap_version }}
 binddn {{ config.rootbinddn }}
 {%- if config.rootbindpw | length > 0 %}
-bindpw rootbindpw
+bindpw {{ config.rootbindpw }}
 {%- endif %}
 pam_password crypt

srv/salt/omv/deploy/ldap/ldap.sls

@@ -20,25 +20,12 @@
 {% set config = salt['omv_conf.get']('conf.service.ldap') %}
 
 {% set ldap_version = salt['pillar.get']('default:OMV_LDAP_LDAPVERSION', '3') %}
-{% set ldap_config_file = salt['pillar.get']('default:OMV_LDAP_CONFIG', '/etc/ldap/ldap.conf') %}
 {% set ldap_pam_config_file = salt['pillar.get']('default:OMV_LDAP_PAM_CONFIG', '/etc/pam_ldap.conf') %}
 {% set ldap_libnss_config_file = salt['pillar.get']('default:OMV_LDAP_LIBNSS_CONFIG', '/etc/libnss-ldap.conf') %}
 {% set ldap_libnss_secret_file = salt['pillar.get']('default:OMV_LDAP_LIBNSS_SECRET', '/etc/libnss-ldap.secret') %}
 
 {% if config.enable | to_bool %}
 
-configure_ldap:
-  file.managed:
-    - name: {{ ldap_config_file }}
-    - source:
-      - salt://{{ tpldir }}/files/etc-ldap_conf.j2
-    - template: jinja
-    - context:
-        config: {{ config | json }}
-    - user: root
-    - group: root
-    - mode: 644
-
 configure_ldap_pam:
   file.managed:
     - name: {{ ldap_pam_config_file }}