From 6071acc906e4feef4ad8dab403eb68d9a7a1fce3 Mon Sep 17 00:00:00 2001
From: Albert Bertram <bertrama@umich.edu>
Date: Tue, 5 Nov 2024 09:45:30 -0500
Subject: [PATCH] Cleanup and adding mild documentation.

---
 Dockerfile         |  4 ++--
 README.md          | 12 ++++++++++++
 bin/update-ldap    | 31 ++++++++++++++++++++++---------
 docker-compose.yml |  2 +-
 example.env        |  2 +-
 5 files changed, 38 insertions(+), 13 deletions(-)
 create mode 100644 README.md

diff --git a/Dockerfile b/Dockerfile
index d6a8337..e46f21f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,14 +2,14 @@ FROM php:8.3-apache
 
 RUN apt-get update \
  && apt-get upgrade -y \
- && apt-get install -y jq ldap-utils libapache2-mod-authnz-external libapache2-mod-auth-openidc git \
+ && apt-get install -y jq ldap-utils libapache2-mod-authnz-external libapache2-mod-auth-openidc git unzip \
  && apt-get clean \
  && (apt-get distclean || rm -rf  /var/cache/apt/archives /var/lib/apt/lists/*) \
  && a2enmod authnz_ldap \
  && mkdir -p /var/cache/apache2/mod_auth_openidc/oidc-sessions /var/cache/apache2/twig /var/www/lib \
  && chown www-data:www-data /var/cache/apache2/mod_auth_openidc/oidc-sessions /var/cache/apache2/twig \
  && docker-php-ext-install pdo_mysql \
- && php -r "copy('https://getcomposer.org/download/2.7.9/composer.phar', '/usr/local/bin/composer');" \
+ && php -r "copy('https://getcomposer.org/download/latest-stable/composer.phar', '/usr/local/bin/composer');" \
  && chmod +x /usr/local/bin/composer
 
 COPY auth_openidc.conf /etc/apache2/mods-enabled/auth_openidc.conf
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..cfe3e59
--- /dev/null
+++ b/README.md
@@ -0,0 +1,12 @@
+Check example.env for environment variables to set.
+
+
+```
+docker-compose build
+
+# Start the webserver and database server
+docker-compose up -d
+
+# Optional:  Load data
+docker-compose exec -T db bash -c 'mysql -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$MARIADB_DATABASE"' < data.sql
+```
diff --git a/bin/update-ldap b/bin/update-ldap
index fa5f85c..47a9558 100755
--- a/bin/update-ldap
+++ b/bin/update-ldap
@@ -3,13 +3,13 @@
 TMPFILE=$(mktemp -p /tmp "update.ldif.XXXXXXXX")
 
 username="$1"
-directory_file="$2"
+directory_file="https://cms.lib.umich.edu/api/solr/staff"
+ldap_host="ldap://ldap.umich.edu"
 
 if [ x"$username" = x"" ] ; then
-  echo "usage: $0 <username> <staff-directory-json-file>"
+  echo "usage: $0 <username>"
   echo
   echo "<username> is your uniqname"
-  echo "<staff-directory-json-file> is https://staff.lib.umich.edu/staff-directory.json"
   exit 1
 fi
 
@@ -19,14 +19,27 @@ changetype: modify
 replace: member
 EOF
 
-for i in $(jq '.[] | .uniqname' "${directory_file}" | sed -e 's/"//g') ; do
+
+for i in $(curl -s $directory_file| jq '.[].name[].value' | sed -e 's/"//g') ; do
   echo "member: uid=$i,ou=People,dc=umich,dc=edu" >> $TMPFILE
 done
 
-ldapmodify \
-  -H ldap://ldap.umich.edu \
-  -f  "${TMPFILE}"\
-  -D "uid=${username},ou=People,dc=umich,dc=edu" \
-  -W
+echo "Check the line count below before entering your password."
+echo
+echo -n "      "
+wc -l "${TMPFILE}"
+echo
+
+if [ x"$(wc -l "${TMPFILE}" | awk '{print $1}')" = x"3" ] ; then
+  echo "No members in '${TMPFILE}'"
+  echo "Cowardly not updating the acls group due to uncertainty."
+  exit 2
+else
+  ldapmodify \
+    -H "${ldap_host}" \
+    -f  "${TMPFILE}" \
+    -D "uid=${username},ou=People,dc=umich,dc=edu" \
+    -W
+fi
 
 rm "${TMPFILE}"
diff --git a/docker-compose.yml b/docker-compose.yml
index 369ba44..267484c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,7 +19,7 @@ services:
     - .env
     volumes:
     - "db:/var/lib/mysql"
-    - "./db/init-data.sql:/docker-entrypoint-initdb.d/init-data.sql"
+    - "./db/init-data-tables.sql:/docker-entrypoint-initdb.d/init-data.sql"
 
 volumes:
   db:
diff --git a/example.env b/example.env
index 370033a..00cde8b 100644
--- a/example.env
+++ b/example.env
@@ -1,4 +1,5 @@
 # These get picked up by the apache configuration.
+# Get them from A&E or ITS as appropriate.
 OIDC_REDIRECT_URI=
 OIDC_PROVIDER_METADATA_URL=
 OIDC_CLIENT_ID=
@@ -8,7 +9,6 @@ OIDC_CRYPTO_PASSPHRASE=
 # The DB_DRIVER is used to decide which variables to look at for the DB_HOST DB_USER
 # values, etc. 
 DB_DRIVER=MARIADB
-# MARIADB_HOST 
 MARIADB_HOST=db
 MARIADB_USER=callnumber
 MARIADB_PASSWORD=callnumber