Add LAPs data for ldap_spec

zeroSteiner · zeroSteiner · commit 71ae1a7ed821 · 2025-04-07T17:50:34.000-04:00
diff --git a/test/ldap/Dockerfile b/test/ldap/Dockerfile
@@ -5,6 +5,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteract
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install openssl
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install vim
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install ldap-utils
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install ldb-tools
 
 RUN rm /etc/krb5.conf
 RUN mkdir -p /opt/ad-scripts
diff --git a/test/ldap/laps-accounts.ldif b/test/ldap/laps-accounts.ldif
@@ -0,0 +1,11 @@
+dn: CN=Basic Machine,CN=Computers,DC=ldap,DC=example,DC=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+objectClass: computer
+cn: Basic Machine
+sAMAccountName: BASICMACHINE$
+userAccountControl: 4096
+ms-Mcs-AdmPwd: [LAPSv1]SuperSecretPassword!
+msLAPS-Password: {"n":"Administrator", "t":"1d8161b41c41cde", "p":"[LAPSv2]SuperSecretPassword!"}
diff --git a/test/ldap/laps-schema-add.ldif b/test/ldap/laps-schema-add.ldif
@@ -0,0 +1,29 @@
+dn: CN=ms-LAPS-Password,CN=Schema,CN=Configuration,DC=ldap,DC=example,DC=com
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-LAPS-Password
+attributeID: 1.2.840.113556.1.6.44.1.2
+lDAPDisplayName: msLAPS-Password
+attributeSyntax: 2.5.5.5
+oMSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 904
+adminDisplayName: ms-LAPS-Password
+adminDescription: LAPS v2 Password
+
+dn: CN=ms-Mcs-AdmPwd,CN=Schema,CN=Configuration,DC=ldap,DC=example,DC=com
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: ms-Mcs-AdmPwd
+attributeID: 1.2.840.113556.1.8000.2554.50051.45980.28112.18903.35903.6685103.1224907.2.1
+lDAPDisplayName: ms-Mcs-AdmPwd
+attributeSyntax: 2.5.5.5
+oMSyntax: 19
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 904
+adminDisplayName: ms-Mcs-AdmPwd
+adminDescription: LAPS v1 Password
diff --git a/test/ldap/laps-schema-modify.ldif b/test/ldap/laps-schema-modify.ldif
@@ -0,0 +1,5 @@
+dn: CN=Computer,CN=Schema,CN=Configuration,DC=ldap,DC=example,DC=com
+changetype: modify
+add: mayContain
+mayContain: ms-Mcs-AdmPwd
+mayContain: msLAPS-Password
diff --git a/test/ldap/samba-ad-setup.sh b/test/ldap/samba-ad-setup.sh
@@ -28,4 +28,10 @@ samba-tool domain provision\
 
 mv /etc/samba/smb.conf /var/lib/samba/private/smb.conf
 
+info "Applying LAPS schema changes..."
+ldbadd    -H /var/lib/samba/private/sam.ldb laps-schema-add.ldif    --option="dsdb:schema update allowed"=true
+ldbmodify -H /var/lib/samba/private/sam.ldb laps-schema-modify.ldif --option="dsdb:schema update allowed"=true
+info "Adding LAPS test accounts..."
+ldbadd    -H /var/lib/samba/private/sam.ldb laps-accounts.ldif
+
 touch /var/lib/samba/.setup
