Add LAPs data for ldap_spec

Author: zeroSteiner

spec/acceptance/ldap_spec.rb

@@ -68,7 +68,10 @@
               required: [
                 /Searching base DN='DC=ldap,DC=example,DC=com'/,
                 /Checking if the target LDAP server is an Active Directory Domain Controller.../,
-                /266 entries, 0 creds found in 'DC=ldap,DC=example,DC=com'./
+                /The target LDAP server is not an Active Directory Domain Controller./,
+                /Credentials (password) found in mslaps-password: Administrator:[LAPSv2]SuperSecretPassword!/,
+                /Credentials (password) found in ms-mcs-admpwd: Administrator:[LAPSv1]SuperSecretPassword!/,
+                /Found [1-9]\d* entries and [1-9]\d* credentials in 'DC=ldap,DC=example,DC=com'./
               ]
             }
           }

test/ldap/Dockerfile

@@ -5,6 +5,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteract
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install openssl
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install vim
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install ldap-utils
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install ldb-tools
 
 RUN rm /etc/krb5.conf
 RUN mkdir -p /opt/ad-scripts

test/ldap/laps-accounts.ldif

@@ -0,0 +1,11 @@
+dn: CN=Basic Machine,CN=Computers,DC=ldap,DC=example,DC=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+objectClass: computer
+cn: Basic Machine
+sAMAccountName: BASICMACHINE$
+userAccountControl: 4096
+ms-Mcs-AdmPwd: [LAPSv1]SuperSecretPassword!
+msLAPS-Password: {"n":"Administrator", "t":"1d8161b41c41cde", "p":"[LAPSv2]SuperSecretPassword!"}

test/ldap/laps-schema-add.ldif

@@ -0,0 +1,29 @@
+dn: CN=ms-LAPS-Password,CN=Schema,CN=Configuration,DC=ldap,DC=example,DC=com
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-LAPS-Password
+attributeID: 1.2.840.113556.1.6.44.1.2
+lDAPDisplayName: msLAPS-Password
+attributeSyntax: 2.5.5.5
+oMSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 904
+adminDisplayName: ms-LAPS-Password
+adminDescription: LAPS v2 Password
+
+dn: CN=ms-Mcs-AdmPwd,CN=Schema,CN=Configuration,DC=ldap,DC=example,DC=com
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Mcs-AdmPwd
+attributeID: 1.2.840.113556.1.8000.2554.50051.45980.28112.18903.35903.6685103.1224907.2.1
+lDAPDisplayName: ms-Mcs-AdmPwd
+attributeSyntax: 2.5.5.5
+oMSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 904
+adminDisplayName: ms-Mcs-AdmPwd
+adminDescription: LAPS v1 Password

test/ldap/laps-schema-modify.ldif

@@ -0,0 +1,5 @@
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=ldap,DC=example,DC=com
+changetype: modify
+add: mayContain
+mayContain: ms-Mcs-AdmPwd
+mayContain: msLAPS-Password

test/ldap/samba-ad-setup.sh

@@ -28,4 +28,10 @@ samba-tool domain provision\
 
 mv /etc/samba/smb.conf /var/lib/samba/private/smb.conf
 
+info "Applying LAPS schema changes..."
+ldbadd    -H /var/lib/samba/private/sam.ldb laps-schema-add.ldif    --option="dsdb:schema update allowed"=true
+ldbmodify -H /var/lib/samba/private/sam.ldb laps-schema-modify.ldif --option="dsdb:schema update allowed"=true
+info "Adding LAPS test accounts..."
+ldbadd    -H /var/lib/samba/private/sam.ldb laps-accounts.ldif
+
 touch /var/lib/samba/.setup