Example using ldap + local roles

ldap-combined-localroles/README.md

@@ -0,0 +1,16 @@
+Using LDAP for authentication and local realm file for roles
+=====================
+
+This configuration uses LDAP for authentication, and uses a realm property file for user roles.
+
+The user authentication is defined in LDAP, and the groups are defined in the realm.properties file.
+
+**LDAP Users:**
+
+* `username: build`
+
+  `password: build`
+
+* `username: admin`
+
+  `password: admin`

ldap-combined-localroles/docker-compose.yml

@@ -0,0 +1,40 @@
+version: '3'
+
+services:
+    rundeck1:
+        hostname: rundeck1
+        image: ${RUNDECK_IMAGE:-rundeck/rundeck:SNAPSHOT}
+        links:
+          - ldap
+        tty: true
+        environment:
+            RUNDECK_GRAILS_URL: http://localhost:4440
+            RUNDECK_JAAS_MODULES_0: JettyCombinedLdapLoginModule
+            RUNDECK_JAAS_LDAP_FLAG: requisite
+            RUNDECK_JAAS_LDAP_PROVIDERURL: ldap://ldap:389
+            RUNDECK_JAAS_LDAP_BINDDN: cn=admin,dc=rdtest,dc=com
+            RUNDECK_JAAS_LDAP_BINDPASSWORD: AdminPass123
+            RUNDECK_JAAS_LDAP_USERBASEDN: ou=users,dc=rdtest,dc=com
+            RUNDECK_JAAS_LDAP_IGNOREROLES: 'true'
+            RUNDECK_JAAS_LDAP_STOREPASS: 'true'
+            RUNDECK_JAAS_MODULES_1: JettyRolePropertyFileLoginModule
+            RUNDECK_JAAS_FILE_FLAG: required
+            RUNDECK_JAAS_FILE_USEFIRSTPASS: 'true'
+            RUNDECK_JAAS_DEBUG: 'true'
+        volumes:
+          - ${RUNDECK_LICENSE_FILE:-/dev/null}:/home/rundeck/etc/rundeckpro-license.key
+          - ./realm.properties:/home/rundeck/server/config/realm.properties
+        ports:
+          - 4440:4440
+    ldap:
+        hostname: ldap
+        image: osixia/openldap:1.2.1 
+        environment:
+          - LDAP_ORGANISATION=RD Test
+          - LDAP_DOMAIN=rdtest.com
+          - LDAP_ADMIN_PASSWORD=AdminPass123
+        volumes:
+          - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:rw
+        ports:
+          - "389:389"
+        command: --copy-service

ldap-combined-localroles/ldif/50-bootstrap.ldif

@@ -0,0 +1,93 @@
+# Define top-level entry:
+#dn: {{ LDAP_BASE_DN }}
+#objectClass: dcObject
+#objectClass: organization
+#o: Example, Inc.
+#dc: example
+
+# Define an entry to contain users:
+dn: ou=users,{{ LDAP_BASE_DN }}
+objectClass: organizationalUnit
+ou: users
+
+# Define some users:
+
+dn: cn=admin, ou=users,{{ LDAP_BASE_DN }}
+uid: admin
+userPassword: admin
+#####
+# MD5 creds, Base64 encoded
+#userPassword: admin
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+sn: The admin account
+cn: admin
+
+dn: cn=build, ou=users,{{ LDAP_BASE_DN }}
+uid: build
+userPassword: {MD5}sNonVSCRjiPdYV4qdHUo8Q==
+#####
+# MD5 creds, Base64 encoded
+#userPassword: build
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+sn: The account to use to demonstrate managing builds only
+cn: build
+
+dn: cn=deploy, ou=users,{{ LDAP_BASE_DN }}
+uid: deploy
+userPassword: {CRYPT}de01JmlU8XXTQ
+#####
+# CRYPT creds
+#userPassword: deploy
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+sn: The account to use to demonstrate managing deployment only
+cn: deploy
+
+dn: cn=test, ou=users,{{ LDAP_BASE_DN }}
+uid: test
+userPassword: test
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+sn: Has no role access
+cn: test
+
+# Define an entry to contain roles:
+dn: ou=roles, {{ LDAP_BASE_DN }}
+objectClass: organizationalUnit
+ou: roles
+
+# Define some roles and their membership:
+dn: cn=architect, ou=roles,{{ LDAP_BASE_DN }}
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}
+cn: architect
+
+dn: cn=admin, ou=roles,{{ LDAP_BASE_DN }}
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}
+cn: admin
+
+dn: cn=user, ou=roles,{{ LDAP_BASE_DN }}
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}
+uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}
+uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}
+cn: user
+
+dn: cn=build, ou=roles,{{ LDAP_BASE_DN }}
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}
+uniqueMember: cn=build,ou=users,{{ LDAP_BASE_DN }}
+cn: build
+
+dn: cn=deploy, ou=roles,{{ LDAP_BASE_DN }}
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=users,{{ LDAP_BASE_DN }}
+uniqueMember: cn=deploy,ou=users,{{ LDAP_BASE_DN }}
+cn: deploy

ldap-combined-localroles/realm.properties

@@ -0,0 +1,2 @@
+admin:-,user,admin
+build:-,user