Initial commit

Author: aptalca

.dockerignore

@@ -0,0 +1,6 @@
+.git
+.gitignore
+.github
+.gitattributes
+READMETEMPLATE.md
+README.md

.gitattributes

@@ -0,0 +1,17 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain

.gitignore

@@ -0,0 +1,43 @@
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# =========================
+# Operating System Files
+# =========================
+
+# OSX
+# =========================
+
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk

Dockerfile

@@ -0,0 +1,29 @@
+FROM lsiobase/alpine.python:3.7
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="aptalca"
+
+# install packages
+RUN \
+ apk add --no-cache --virtual=build-dependencies \
+	build-base \
+	openldap-dev \
+	python2-dev \
+	python3-dev && \
+ pip install --no-cache-dir \
+	cryptography \
+	python-ldap && \
+ echo "**** remove build dependencies ****" && \
+ apk del --purge \
+	build-dependencies && \
+ rm -rf \
+	/tmp/*
+
+# copy local files
+COPY root/ /
+
+# ports and volumes
+EXPOSE 8888 9000

README.md

@@ -1 +1,15 @@
-# docker-ldap-auth
+[linuxserverurl]: https://linuxserver.io
+[forumurl]: https://forum.linuxserver.io
+[ircurl]: https://www.linuxserver.io/irc/
+[podcasturl]: https://www.linuxserver.io/podcast/
+
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl]
+
+## This is a Container in active development by the [LinuxServer.io][linuxserverurl] team and is not recommended for use by the general public.
+
+If you want to comment\contribute on this container , are looking for support on any of our other work , or are curious about us in general, check out the following.
+
+* [forum.linuxserver.io][forumurl]
+* [IRC][ircurl] on freenode at `#linuxserver.io`
+* [Podcast][podcasturl] covers everything to do with getting the most from your Linux Server plus a focus on all things Docker and containerisation!
+

READMETEMPLATE.md

@@ -0,0 +1,111 @@
+[linuxserverurl]: https://linuxserver.io
+[forumurl]: https://forum.linuxserver.io
+[ircurl]: https://www.linuxserver.io/irc/
+[appurl]: www.example.com
+[dockerfileurl]: https://github.com/linuxserver/docker-<container-name>/blob/master/Dockerfile
+[hub]: https://hub.docker.com/r/<image-name>/
+
+
+
+[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png?v=4&s=4000)][linuxserverurl]
+
+
+## Contact information:- 
+
+| Type | Address/Details | 
+| :---: | --- |
+| Discord | [Discord](https://discord.gg/YWrKVTn) |
+| IRC | freenode at `#linuxserver.io` more information at:- [IRC][ircurl]
+| Forum | [Linuserver.io forum][forumurl] |
+
+&nbsp;
+&nbsp;
+
+The [LinuxServer.io][linuxserverurl] team brings you another image release featuring :-
+
+ + regular and timely application updates
+ + easy user mappings
+ + custom base image with s6 overlay
+ + weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth
+ + security updates
+
+# <image-name>
+
+[![Dockerfile-link](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/Dockerfile-Link-green.png)][dockerfileurl]
+
+Provide a short, concise description of the application. No more than two SHORT paragraphs. Link to sources where possible and include an image illustrating your point if necessary. Point users to the original applications website, as that's the best place to get support - not here.
+
+`IMPORTANT, replace all instances of <image-name> with the correct dockerhub repo (ie linuxserver/plex) and <container-name> information (ie, plex) and make sure to update the block at the top of this file containing app specific urls, dockerhub url and dockerfile url etc.`
+
+&nbsp;
+
+## Usage
+
+```
+docker create \
+  --name=<container-name> \
+  -v <path to data>:/config \
+  -e PGID=<gid> -e PUID=<uid>  \
+  -p 1234:1234 \
+  <image-name>
+```
+
+&nbsp;
+
+## Parameters
+
+The parameters are split into two halves, separated by a colon, the left hand side representing the host and the right the container side. 
+For example with a port -p external:internal - what this shows is the port mapping from internal to external of the container.
+So -p 8080:80 would expose port 80 from inside the container to be accessible from the host's IP on port 8080
+http://192.168.x.x:8080 would show you what's running INSIDE the container on port 80.
+
+
+
+| Parameter | Function |
+| :---: | --- |
+| `-p 1234` | the port(s) |
+| `-v /config` | explain what lives here |
+| `-e PGID` | for GroupID, see below for explanation |
+| `-e PUID` | for UserID, see below for explanation |
+
+&nbsp;
+
+## User / Group Identifiers
+
+Sometimes when using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
+
+Ensure any volume directories on the host are owned by the same user you specify and it will "just work" &trade;.
+
+In this instance `PUID=1001` and `PGID=1001`, to find yours use `id user` as below:
+
+```
+  $ id <dockeruser>
+    uid=1001(dockeruser) gid=1001(dockergroup) groups=1001(dockergroup)
+```
+
+&nbsp;
+
+## Setting up the application
+
+Insert a basic user guide here to get a n00b up and running with the software inside the container. DELETE ME
+
+
+&nbsp;
+
+## Container access and information.
+
+| Function | Command |
+| :--- | :--- |
+| Shell access (live container) | `docker exec -it <container-name> /bin/bash` |
+| Realtime container logs | `docker logs -f <container-name>` |
+| Container version | `docker inspect -f '{{ index .Config.Labels "build_version" }}' <container-name>` |
+| Image version |  `docker inspect -f '{{ index .Config.Labels "build_version" }}' <image-name>` |
+| Dockerfile | [Dockerfile][dockerfileurl] |
+
+&nbsp;
+
+## Changelog
+
+|  Date | Changes |
+| :---: | --- |
+| dd.MM.yy |  Initial Release. |

root/app/fernet-key.py

@@ -0,0 +1,8 @@
+#!/bin/sh
+''''which python2 >/dev/null && exec python2 "$0" "$@" # '''
+''''which python  >/dev/null && exec python  "$0" "$@" # '''
+
+from cryptography.fernet import Fernet
+
+key = Fernet.generate_key()
+print key

root/app/ldap-backend-app.py

@@ -0,0 +1,153 @@
+#!/bin/sh
+''''which python2 >/dev/null && exec python2 "$0" "$@" # '''
+''''which python  >/dev/null && exec python  "$0" "$@" # '''
+
+# Copyright (C) 2014-2015 Nginx, Inc.
+# Copyright (C) 2018 LinuxServer.io
+
+# Example of an application working on port 9000
+# To interact with nginx-ldap-auth-daemon this application
+# 1) accepts GET  requests on /login and responds with a login form
+# 2) accepts POST requests on /login, sets a cookie, and responds with redirect
+
+import sys, os, signal, base64, Cookie, cgi, urlparse
+from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+from cryptography.fernet import Fernet
+
+Listen = ('localhost', 9000)
+
+import threading
+from SocketServer import ThreadingMixIn
+class AuthHTTPServer(ThreadingMixIn, HTTPServer):
+    pass
+
+class AppHandler(BaseHTTPRequestHandler):
+
+    def do_GET(self):
+
+        url = urlparse.urlparse(self.path)
+
+        if url.path.startswith("/login"):
+            return self.auth_form()
+
+        self.send_response(200)
+        self.end_headers()
+        self.wfile.write('Hello, world! Requested URL: ' + self.path + '\n')
+
+
+    # send login form html
+    def auth_form(self, target = None):
+
+        # try to get target location from header
+        if target == None:
+            target = self.headers.get('X-Target')
+
+        # form cannot be generated if target is unknown
+        if target == None:
+            self.log_error('target url is not passed')
+            self.send_response(500)
+            return
+
+        html="""
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+    <head>
+        <meta http-equiv=Content-Type content="text/html;charset=UTF-8">
+        <title>Log In</title>
+        <style type="text/css" rel="stylesheet">
+            body { background-color: #f1f1f1; font-family: sans-serif,-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif; }
+            .log-in { width: 400px; height: 500px; position: absolute; top: 0; bottom: 0; left: 0; right: 0; margin: auto; background-color: #fff; border-radius: 3px; overflow: hidden; -webkit-box-shadow: 0px 0px 2px 0px rgba(222,222,222,1); -moz-box-shadow: 0px 0px 2px 0px rgba(222,222,222,1); box-shadow: 0px 0px 2px 0px rgba(222,222,222,1); }
+            .log-in > div { position: relative; }
+            .log-in .content { margin-top: 50px; padding: 20px; text-align: center; }
+            h1, h2 { text-align: center; }
+            h1 {  margin-top: 20px; margin-bottom: 20px; letter-spacing: -0.05rem; color: #565656; font-size: 1.6rem; }
+            form { margin-top: 50px; }
+            input[type="text"], input[type="password"] { width: 80%; padding: 10px; border-top: 0; border-left: 0; border-right: 0; outline: none; }
+            input[type="text"]:focus, input[type="password"]:focus { border-bottom: 2px solid #666; }
+            button { width: 80%; padding: 10px; background-color: #3468e2; border: none; color: #fff; cursor: pointer; margin-top: 50px; }
+            button:hover { background-color: #5581e8; }
+        </style>
+    </head>
+    <body>
+        <div class="log-in">
+            <div class="content">
+                <h1>Log in to your account</h1>
+                <form action="/login" method="post">
+                    <p>
+                        <input type="text" name="username" placeholder="Username" aria-label="Username" />
+                    </p>
+                    <p>
+                        <input type="password" name="password" placeholder="Password" aria-label="Password" />
+                    </p>
+                    <!-- <p>
+                        <input type="text" name="token" placeholder="2FA Token" aria-label="2FA Token" />
+                    </p> -->
+                    <input type="hidden" name="target" value="/">
+                    <button type="submit" class="submit btn btn-primary">Log In</button>
+                </form>
+            </div>
+        </div>
+    </body>
+</html>"""
+
+        self.send_response(200)
+        self.end_headers()
+        self.wfile.write(html.replace('TARGET', target))
+
+
+    # processes posted form and sets the cookie with login/password
+    def do_POST(self):
+
+        # prepare arguments for cgi module to read posted form
+        env = {'REQUEST_METHOD':'POST',
+               'CONTENT_TYPE': self.headers['Content-Type'],}
+
+        # read the form contents
+        form = cgi.FieldStorage(fp = self.rfile, headers = self.headers,
+                                environ = env)
+
+        # extract required fields
+        user = form.getvalue('username')
+        passwd = form.getvalue('password')
+        target = form.getvalue('target')
+
+        if user != None and passwd != None and target != None:
+
+            # form is filled, set the cookie and redirect to target
+            # so that auth daemon will be able to use information from cookie
+
+            self.send_response(302)
+
+            cipher_suite = Fernet('REPLACEWITHFERNETKEY')
+            enc = cipher_suite.encrypt(user + ':' + passwd)
+            self.send_header('Set-Cookie', 'nginxauth=' + enc + '; httponly')
+
+            self.send_header('Location', target)
+            self.end_headers()
+
+            return
+
+        self.log_error('some form fields are not provided')
+        self.auth_form(target)
+
+
+    def log_message(self, format, *args):
+        if len(self.client_address) > 0:
+            addr = BaseHTTPRequestHandler.address_string(self)
+        else:
+            addr = "-"
+
+        sys.stdout.write("%s - - [%s] %s\n" % (addr,
+                         self.log_date_time_string(), format % args))
+
+    def log_error(self, format, *args):
+        self.log_message(format, *args)
+
+
+def exit_handler(signal, frame):
+    sys.exit(0)
+
+if __name__ == '__main__':
+    server = AuthHTTPServer(Listen, AppHandler)
+    signal.signal(signal.SIGINT, exit_handler)
+    server.serve_forever()