Merge branch 'stable' of https://github.com/eduardosan/docker-openldap into eduardosan-stable
diff --git a/.gitignore b/.gitignore
index fa85192..6b3fce7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
/.*
-!/.git*
\ No newline at end of file
+!/.git*
+/VOLUMES
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2ecf27a..e0c2a69 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,26 @@
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+## [1.2.4] - 2019-03-14
+### Fixed
+ - Excessive RAM usage on 1.2.2, increased 10x from 1.2.1 #242
+ - Startup issue with 1.2.3 #283
+
+## [1.2.3] - 2019-01-21
+10M+ docker pulls 🎉🎉🎉 thanks to all contributors 💕
+
+### Added
+ - GCE statefulset #241
+ - Custom dhparam.pem via environment. #254
+
+### Changed
+ - Update openldap 2.4.44 to 2.4.47 #247
+ - Upgrade baseimage to light-baseimage:1.1.2
+
+### Fixed
+ - Ldaps port numbers in readme #281
+ - Replication after restart container #264
+
## [1.2.2] - 2018-09-04
### Added
- Environment variable LDAP_NOFILE to setup a custom ulimit value #237
@@ -214,6 +234,9 @@
## [0.10.0] - 2015-03-03
New version initial release, no changelog before this sorry.
+[1.2.4]: https://github.com/osixia/docker-openldap/compare/v1.2.3...v1.2.4
+[1.2.3]: https://github.com/osixia/docker-openldap/compare/v1.2.2...v1.2.3
+[1.2.2]: https://github.com/osixia/docker-openldap/compare/v1.2.1...v1.2.2
[1.2.1]: https://github.com/osixia/docker-openldap/compare/v1.2.0...v1.2.1
[1.2.0]: https://github.com/osixia/docker-openldap/compare/v1.1.11...v1.2.0
[1.1.11]: https://github.com/osixia/docker-openldap/compare/v1.1.10...v1.1.11
diff --git a/Makefile b/Makefile
index 0f3cd49..340ca13 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
NAME = osixia/openldap
-VERSION = 1.2.2
+VERSION = 1.2.4
.PHONY: build build-nocache test tag-latest push push-latest release git-tag-version
diff --git a/README.md b/README.md
index 599f50e..db27128 100644
--- a/README.md
+++ b/README.md
@@ -4,45 +4,47 @@
-Latest release: 1.2.2 - OpenLDAP 2.4.44 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/)
+Latest release: 1.2.4 - OpenLDAP 2.4.47 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/)
**A docker image to run OpenLDAP.**
> OpenLDAP website : [www.openldap.org](http://www.openldap.org/)
-- [Contributing](#contributing)
-- [Quick Start](#quick-start)
-- [Beginner Guide](#beginner-guide)
- - [Create new ldap server](#create-new-ldap-server)
- - [Data persistence](#data-persistence)
- - [Edit your server configuration](#)
- - [Use an existing ldap database](#use-an-existing-ldap-database)
- - [Backup](#backup)
- - [Administrate your ldap server](#administrate-your-ldap-server)
- - [TLS](#tls)
- - [Use auto-generated certificate](#use-auto-generated-certificate)
- - [Use your own certificate](#use-your-own-certificate)
- - [Disable TLS](#disable-tls)
- - [Multi master replication](#multi-master-replication)
- - [Fix docker mounted file problems](#fix-docker-mounted-file-problems)
- - [Debug](#debug)
-- [Environment Variables](#environment-variables)
- - [Default.yaml](#defaultyaml)
- - [Default.startup.yaml](#defaultyamlstartup)
- - [Set your own environment variables](#set-your-own-environment-variables)
- - [Use command line argument](#use-command-line-argument)
- - [Link environment file](#link-environment-file)
- - [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
-- [Advanced User Guide](#advanced-user-guide)
- - [Extend osixia/openldap:1.2.2 image](#extend-osixiaopenldap122-image)
- - [Make your own openldap image](#make-your-own-openldap-image)
- - [Tests](#tests)
- - [Kubernetes](#kubernetes)
- - [Under the hood: osixia/light-baseimage](#under-the-hood-osixialight-baseimage)
-- [Security](#security)
- - [Known security issues](#known-security-issues)
-- [Changelog](#changelog)
+- [osixia/openldap](#osixiaopenldap)
+ - [Contributing](#contributing)
+ - [Quick Start](#quick-start)
+ - [Beginner Guide](#beginner-guide)
+ - [Create new ldap server](#create-new-ldap-server)
+ - [Data persistence](#data-persistence)
+ - [Edit your server configuration](#edit-your-server-configuration)
+ - [Seed ldap database with ldif](#seed-ldap-database-with-ldif)
+ - [Use an existing ldap database](#use-an-existing-ldap-database)
+ - [Backup](#backup)
+ - [Administrate your ldap server](#administrate-your-ldap-server)
+ - [TLS](#tls)
+ - [Use auto-generated certificate](#use-auto-generated-certificate)
+ - [Use your own certificate](#use-your-own-certificate)
+ - [Disable TLS](#disable-tls)
+ - [Multi master replication](#multi-master-replication)
+ - [Fix docker mounted file problems](#fix-docker-mounted-file-problems)
+ - [Debug](#debug)
+ - [Environment Variables](#environment-variables)
+ - [Default.yaml](#defaultyaml)
+ - [Default.startup.yaml](#defaultstartupyaml)
+ - [Set your own environment variables](#set-your-own-environment-variables)
+ - [Use command line argument](#use-command-line-argument)
+ - [Link environment file](#link-environment-file)
+ - [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
+ - [Advanced User Guide](#advanced-user-guide)
+ - [Extend osixia/openldap:1.2.4 image](#extend-osixiaopenldap124-image)
+ - [Make your own openldap image](#make-your-own-openldap-image)
+ - [Tests](#tests)
+ - [Kubernetes](#kubernetes)
+ - [Under the hood: osixia/light-baseimage](#under-the-hood-osixialight-baseimage)
+ - [Security](#security)
+ - [Known security issues](#known-security-issues)
+ - [Changelog](#changelog)
## Contributing
@@ -55,9 +57,13 @@
## Quick Start
Run OpenLDAP docker image:
- docker run --name my-openldap-container --detach osixia/openldap:1.2.2
+ docker run --name my-openldap-container --detach osixia/openldap:1.2.4
-This start a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:
+Do not forget to add the port mapping for both port 389 and 636 if you wish to access the ldap server from another machine.
+
+ docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.2.4
+
+Either command starts a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:
docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
@@ -76,7 +82,7 @@
# numResponses: 3
# numEntries: 2
-If you have the following error, OpenLDAP is not started yet, maybe you are too fast or maybe your computer is to slow, as you want... but wait some time before retrying.
+If you have the following error, OpenLDAP is not started yet, maybe you are too fast or maybe your computer is too slow, as you want... but wait for some time before retrying.
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
@@ -91,7 +97,7 @@
By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example:
docker run --env LDAP_ORGANISATION="My Company" --env LDAP_DOMAIN="my-company.com" \
- --env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.2
+ --env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.4
#### Data persistence
@@ -129,6 +135,7 @@
- `{{ LDAP_BASE_DN }}`
- `{{ LDAP_BACKEND }}`
+- `{{ LDAP_DOMAIN }}`
- `{{ LDAP_READONLY_USER_USERNAME }}`
- `{{ LDAP_READONLY_USER_PASSWORD_ENCRYPTED }}`
@@ -141,12 +148,12 @@
# single file example:
docker run \
--volume ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif \
- osixia/openldap:1.2.2 --copy-service
+ osixia/openldap:1.2.4 --copy-service
#directory example:
docker run \
--volume ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \
- osixia/openldap:1.2.2 --copy-service
+ osixia/openldap:1.2.4 --copy-service
### Use an existing ldap database
@@ -157,7 +164,7 @@
docker run --volume /data/slapd/database:/var/lib/ldap \
--volume /data/slapd/config:/etc/ldap/slapd.d \
- --detach osixia/openldap:1.2.2
+ --detach osixia/openldap:1.2.4
You can also use data volume containers. Please refer to:
> [https://docs.docker.com/engine/tutorials/dockervolumes/](https://docs.docker.com/engine/tutorials/dockervolumes/)
@@ -177,7 +184,7 @@
#### Use auto-generated certificate
By default, TLS is already configured and enabled, certificate is created using container hostname (it can be set by docker run --hostname option eg: ldap.example.org).
- docker run --hostname ldap.my-company.com --detach osixia/openldap:1.2.2
+ docker run --hostname ldap.my-company.com --detach osixia/openldap:1.2.4
#### Use your own certificate
@@ -187,24 +194,24 @@
--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \
--env LDAP_TLS_KEY_FILENAME=my-ldap.key \
--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \
- --detach osixia/openldap:1.2.2
+ --detach osixia/openldap:1.2.4
Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
#### Disable TLS
Add --env LDAP_TLS=false to the run command:
- docker run --env LDAP_TLS=false --detach osixia/openldap:1.2.2
+ docker run --env LDAP_TLS=false --detach osixia/openldap:1.2.4
### Multi master replication
Quick example, with the default config.
#Create the first ldap server, save the container id in LDAP_CID and get its IP:
- LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.2)
+ LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.4)
LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
- LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.2)
+ LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.4)
LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
#Add the pair "ip hostname" to /etc/hosts on each containers,
@@ -240,7 +247,7 @@
To fix that run the container with `--copy-service` argument :
- docker run [your options] osixia/openldap:1.2.2 --copy-service
+ docker run [your options] osixia/openldap:1.2.4 --copy-service
### Debug
@@ -249,11 +256,11 @@
Example command to run the container in `debug` mode:
- docker run --detach osixia/openldap:1.2.2 --loglevel debug
+ docker run --detach osixia/openldap:1.2.4 --loglevel debug
See all command line options:
- docker run osixia/openldap:1.2.2 --help
+ docker run osixia/openldap:1.2.4 --help
## Environment Variables
@@ -296,6 +303,7 @@
- **LDAP_TLS**: Add openldap TLS capabilities. Can't be removed once set to true. Defaults to `true`.
- **LDAP_TLS_CRT_FILENAME**: Ldap ssl certificate filename. Defaults to `ldap.crt`
- **LDAP_TLS_KEY_FILENAME**: Ldap ssl certificate private key filename. Defaults to `ldap.key`
+- **LDAP_TLS_DH_PARAM_FILENAME**: Ldap ssl certificate dh param file. Defaults to `dhparam.pem`
- **LDAP_TLS_CA_CRT_FILENAME**: Ldap ssl CA certificate filename. Defaults to `ca.crt`
- **LDAP_TLS_ENFORCE**: Enforce TLS but except ldapi connections. Can't be disabled once set to true. Defaults to `false`.
- **LDAP_TLS_CIPHER_SUITE**: TLS cipher suite. Defaults to `SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC`, based on Red Hat's [TLS hardening guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Hardening_TLS_Configuration.html)
@@ -318,7 +326,7 @@
If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
- docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.2.2
+ docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.2.4
To convert yaml to python online: http://yaml-online-parser.appspot.com/
@@ -338,7 +346,7 @@
Environment variables can be set by adding the --env argument in the command line, for example:
docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \
- --env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.2
+ --env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.4
Be aware that environment variable added in command line will be available at any time
in the container. In this example if someone manage to open a terminal in this container
@@ -349,14 +357,14 @@
For example if your environment files **my-env.yaml** and **my-env.startup.yaml** are in /data/ldap/environment
docker run --volume /data/ldap/environment:/container/environment/01-custom \
- --detach osixia/openldap:1.2.2
+ --detach osixia/openldap:1.2.4
Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
Note: the container will try to delete the **\*.startup.yaml** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.startup.yaml**:
docker run --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
- --detach osixia/openldap:1.2.2
+ --detach osixia/openldap:1.2.4
#### Make your own image or extend this image
@@ -364,13 +372,13 @@
## Advanced User Guide
-### Extend osixia/openldap:1.2.2 image
+### Extend osixia/openldap:1.2.4 image
If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
Dockerfile example:
- FROM osixia/openldap:1.2.2
+ FROM osixia/openldap:1.2.4
MAINTAINER Your Name <your@name.com>
ADD bootstrap /container/service/slapd/assets/config/bootstrap
diff --git a/example/docker-compose.yml b/example/docker-compose.yml
index c6c0520..ba646e7 100644
--- a/example/docker-compose.yml
+++ b/example/docker-compose.yml
@@ -1,7 +1,7 @@
version: '2'
services:
openldap:
- image: osixia/openldap:1.2.2
+ image: osixia/openldap:1.2.4
container_name: openldap
environment:
LDAP_LOG_LEVEL: "256"
@@ -18,6 +18,7 @@
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "ldap.crt"
LDAP_TLS_KEY_FILENAME: "ldap.key"
+ LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
diff --git a/example/extend-osixia-openldap/Dockerfile b/example/extend-osixia-openldap/Dockerfile
index c7b97fc..645a8f7 100644
--- a/example/extend-osixia-openldap/Dockerfile
+++ b/example/extend-osixia-openldap/Dockerfile
@@ -1,4 +1,4 @@
-FROM osixia/openldap:1.2.2
+FROM osixia/openldap:1.2.4
MAINTAINER Your Name <your@name.com>
ADD bootstrap /container/service/slapd/assets/config/bootstrap
diff --git a/example/extend-osixia-openldap/environment/my-env.startup.yaml b/example/extend-osixia-openldap/environment/my-env.startup.yaml
index 411226e..336a8bf 100644
--- a/example/extend-osixia-openldap/environment/my-env.startup.yaml
+++ b/example/extend-osixia-openldap/environment/my-env.startup.yaml
@@ -20,6 +20,7 @@
LDAP_TLS: true
LDAP_TLS_CRT_FILENAME: cert.crt
LDAP_TLS_KEY_FILENAME: cert.key
+LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
LDAP_TLS_CA_CRT_FILENAME: ca.crt
LDAP_TLS_ENFORCE: false
diff --git a/example/kubernetes/simple/ldap-deployment.yaml b/example/kubernetes/simple/ldap-deployment.yaml
index 7d842e6..116735e 100644
--- a/example/kubernetes/simple/ldap-deployment.yaml
+++ b/example/kubernetes/simple/ldap-deployment.yaml
@@ -13,7 +13,7 @@
spec:
containers:
- name: ldap
- image: osixia/openldap:1.2.2
+ image: osixia/openldap:1.2.4
volumeMounts:
- name: ldap-data
mountPath: /var/lib/ldap
@@ -51,6 +51,8 @@
value: "ldap.crt"
- name: LDAP_TLS_KEY_FILENAME
value: "ldap.key"
+ - name: LDAP_TLS_DH_PARAM_FILENAME
+ value: "dhparam.pem"
- name: LDAP_TLS_CA_CRT_FILENAME
value: "ca.crt"
- name: LDAP_TLS_ENFORCE
diff --git a/example/kubernetes/using-secrets/.gitignore b/example/kubernetes/using-secrets/.gitignore
new file mode 100644
index 0000000..adc0755
--- /dev/null
+++ b/example/kubernetes/using-secrets/.gitignore
@@ -0,0 +1 @@
+ldap-secret.yaml
diff --git a/example/kubernetes/using-secrets/Makefile b/example/kubernetes/using-secrets/Makefile
new file mode 100644
index 0000000..1f98aad
--- /dev/null
+++ b/example/kubernetes/using-secrets/Makefile
@@ -0,0 +1,14 @@
+ldap-secret.yaml: example
+ $(eval PWD := $(shell pwd -P))
+ $(eval ENV_DIR := $(shell echo ${PWD}/environment))
+ ENV_YAML=$(shell ${ENV_DIR}/file-to-base64.sh ${ENV_DIR}/my-env.yaml) \
+ ENV_STARTUP_YAML=$(shell ${ENV_DIR}/file-to-base64.sh ${ENV_DIR}/my-env.startup.yaml) \
+ envsubst < ldap-secret.tpl > ldap-secret.yaml
+
+example: environment/my-env.startup.yaml environment/my-env.yaml
+
+environment/my-env.startup.yaml:
+ cd environment ; cp my-env.startup.yaml.example my-env.startup.yaml
+
+environment/my-env.yaml:
+ cd environment ; cp my-env.yaml.example my-env.yaml
diff --git a/example/kubernetes/using-secrets/README.md b/example/kubernetes/using-secrets/README.md
new file mode 100644
index 0000000..a9e916e
--- /dev/null
+++ b/example/kubernetes/using-secrets/README.md
@@ -0,0 +1,7 @@
+# Generating ldap-secret.yaml
+
+`make example`
+
+Then edit the yaml files in the environment directory to have the desired paraneters, and then make the secret file:
+
+`make ldap-secret.yaml`
diff --git a/example/kubernetes/using-secrets/environment/.gitignore b/example/kubernetes/using-secrets/environment/.gitignore
new file mode 100644
index 0000000..e33d172
--- /dev/null
+++ b/example/kubernetes/using-secrets/environment/.gitignore
@@ -0,0 +1,2 @@
+my-env.startup.yaml
+my-env.yaml
diff --git a/example/kubernetes/using-secrets/environment/my-env.startup.yaml b/example/kubernetes/using-secrets/environment/my-env.startup.yaml.example
similarity index 98%
rename from example/kubernetes/using-secrets/environment/my-env.startup.yaml
rename to example/kubernetes/using-secrets/environment/my-env.startup.yaml.example
index 8225642..12a4a78 100644
--- a/example/kubernetes/using-secrets/environment/my-env.startup.yaml
+++ b/example/kubernetes/using-secrets/environment/my-env.startup.yaml.example
@@ -27,6 +27,7 @@
LDAP_TLS: true
LDAP_TLS_CRT_FILENAME: ldap.crt
LDAP_TLS_KEY_FILENAME: ldap.key
+LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
LDAP_TLS_CA_CRT_FILENAME: ca.crt
LDAP_TLS_ENFORCE: false
diff --git a/example/kubernetes/using-secrets/environment/my-env.yaml b/example/kubernetes/using-secrets/environment/my-env.yaml.example
similarity index 100%
rename from example/kubernetes/using-secrets/environment/my-env.yaml
rename to example/kubernetes/using-secrets/environment/my-env.yaml.example
diff --git a/example/kubernetes/using-secrets/gce-statefullset.yaml b/example/kubernetes/using-secrets/gce-statefullset.yaml
new file mode 100644
index 0000000..78e43c4
--- /dev/null
+++ b/example/kubernetes/using-secrets/gce-statefullset.yaml
@@ -0,0 +1,58 @@
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+ name: ldap
+spec:
+ serviceName: "ldap"
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ pod: ldap
+ spec:
+ containers:
+ - name: azaldap
+ image: osixia/openldap:1.2.4
+ imagePullPolicy: IfNotPresent
+ #command: ["/bin/bash","-c","while [ 1 = 1 ] ; do sleep 1; date; done"]
+ ports:
+ - containerPort: 389
+ volumeMounts:
+ - mountPath: /var/lib/ldap
+ name: ldap-data
+ - mountPath: /etc/ldap/slapd.d
+ name: ldap-config
+ - mountPath: /container/service/slapd/assets/certs
+ name: ldap-certs
+ - mountPath: /container/environment/01-custom
+ name: secret-volume
+ - mountPath: /container/run
+ name: container-run
+ volumes:
+ - name: "secret-volume"
+ secret:
+ secretName: "ldap-secret"
+ - name: container-run
+ emptyDir: {}
+ volumeClaimTemplates:
+ - metadata:
+ name: ldap-data
+ spec:
+ accessModes: ["ReadWriteOnce"]
+ resources:
+ requests:
+ storage: 1Gi
+ - metadata:
+ name: ldap-config
+ spec:
+ accessModes: ["ReadWriteOnce"]
+ resources:
+ requests:
+ storage: 10Mi
+ - metadata:
+ name: ldap-certs
+ spec:
+ accessModes: ["ReadWriteOnce"]
+ resources:
+ requests:
+ storage: 10Mi
diff --git a/example/kubernetes/using-secrets/ldap-deployment.yaml b/example/kubernetes/using-secrets/ldap-deployment.yaml
index f3f8e23..9783b95 100644
--- a/example/kubernetes/using-secrets/ldap-deployment.yaml
+++ b/example/kubernetes/using-secrets/ldap-deployment.yaml
@@ -13,7 +13,7 @@
spec:
containers:
- name: ldap
- image: osixia/openldap:1.2.2
+ image: osixia/openldap:1.2.4
args: ["--copy-service"]
volumeMounts:
- name: ldap-data
diff --git a/example/kubernetes/using-secrets/ldap-secret.tpl b/example/kubernetes/using-secrets/ldap-secret.tpl
new file mode 100644
index 0000000..01f5acc
--- /dev/null
+++ b/example/kubernetes/using-secrets/ldap-secret.tpl
@@ -0,0 +1,11 @@
+apiVersion: "v1"
+kind: "List"
+items:
+ - kind: "Secret"
+ apiVersion: "v1"
+ metadata:
+ name: "ldap-secret"
+ data:
+ # files in environment/* converted into base64 with file-to-base64.sh
+ env.yaml: "$ENV_YAML"
+ env.startup.yaml: "$ENV_STARTUP_YAML"
diff --git a/example/kubernetes/using-secrets/ldap-secret.yaml b/example/kubernetes/using-secrets/ldap-secret.yaml
deleted file mode 100644
index 85a62aa..0000000
--- a/example/kubernetes/using-secrets/ldap-secret.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: "v1"
-kind: "List"
-items:
- - kind: "Secret"
- apiVersion: "v1"
- metadata:
- name: "ldap-secret"
- data:
- # files in environment/* converted into base64 with file-to-base64.sh
- env.yaml: "IyBUaGlzIGlzIHRoZSBkZWZhdWx0IGltYWdlIGNvbmZpZ3VyYXRpb24gZmlsZQojIFRoZXNlIHZhbHVlcyB3aWxsIHBlcnNpc3RzIGluIGNvbnRhaW5lciBlbnZpcm9ubWVudC4KCiPCoEFsbCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdXNlZCBhZnRlciB0aGUgY29udGFpbmVyIGZpcnN0IHN0YXJ0CiMgbXVzdCBiZSBkZWZpbmVkIGhlcmUuCiMgbW9yZSBpbmZvcm1hdGlvbiA6IGh0dHBzOi8vZ2l0aHViLmNvbS9vc2l4aWEvZG9ja2VyLWxpZ2h0LWJhc2VpbWFnZQoKIyBHZW5lcmFsIGNvbnRhaW5lciBjb25maWd1cmF0aW9uCiMgc2VlIHRhYmxlIDUuMSBpbiBodHRwOi8vd3d3Lm9wZW5sZGFwLm9yZy9kb2MvYWRtaW4yNC9zbGFwZGNvbmYyLmh0bWwgZm9yIHRoZSBhdmFpbGFibGUgbG9nIGxldmVscy4KTERBUF9MT0dfTEVWRUw6IDI1Ngo="
- env.startup.yaml: "IyBUaGlzIGlzIHRoZSBkZWZhdWx0IGltYWdlIHN0YXJ0dXAgY29uZmlndXJhdGlvbiBmaWxlCiMgdGhpcyBmaWxlIGRlZmluZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMgdXNlZCBkdXJpbmcgdGhlIGNvbnRhaW5lciAqKmZpcnN0IHN0YXJ0KiogaW4gKipzdGFydHVwIGZpbGVzKiouCgojIFRoaXMgZmlsZSBpcyBkZWxldGVkIHJpZ2h0IGFmdGVyIHN0YXJ0dXAgZmlsZXMgYXJlIHByb2Nlc3NlZCBmb3IgdGhlIGZpcnN0IHRpbWUsCiMgYWZ0ZXIgdGhhdCBhbGwgdGhlc2UgdmFsdWVzIHdpbGwgbm90IGJlIGF2YWlsYWJsZSBpbiB0aGUgY29udGFpbmVyIGVudmlyb25tZW50LgojIFRoaXMgaGVscHMgdG8ga2VlcCB5b3VyIGNvbnRhaW5lciBjb25maWd1cmF0aW9uIHNlY3JldC4KIyBtb3JlIGluZm9ybWF0aW9uIDogaHR0cHM6Ly9naXRodWIuY29tL29zaXhpYS9kb2NrZXItbGlnaHQtYmFzZWltYWdlCgojIFJlcXVpcmVkIGFuZCB1c2VkIGZvciBuZXcgbGRhcCBzZXJ2ZXIgb25seQpMREFQX09SR0FOSVNBVElPTjogRXhhbXBsZSBJbmMuCkxEQVBfRE9NQUlOOiBleGFtcGxlLm9yZwpMREFQX0JBU0VfRE46ICNpZiBlbXB0eSBhdXRvbWF0aWNhbGx5IHNldCBmcm9tIExEQVBfRE9NQUlOCgpMREFQX0FETUlOX1BBU1NXT1JEOiBhZG1pbgpMREFQX0NPTkZJR19QQVNTV09SRDogY29uZmlnCgpMREFQX1JFQURPTkxZX1VTRVI6IGZhbHNlCkxEQVBfUkVBRE9OTFlfVVNFUl9VU0VSTkFNRTogcmVhZG9ubHkKTERBUF9SRUFET05MWV9VU0VSX1BBU1NXT1JEOiByZWFkb25seQoKIyBCYWNrZW5kCkxEQVBfQkFDS0VORDogaGRiCgojIFRscwpMREFQX1RMUzogdHJ1ZQpMREFQX1RMU19DUlRfRklMRU5BTUU6IGxkYXAuY3J0CkxEQVBfVExTX0tFWV9GSUxFTkFNRTogbGRhcC5rZXkKTERBUF9UTFNfQ0FfQ1JUX0ZJTEVOQU1FOiBjYS5jcnQKCkxEQVBfVExTX0VORk9SQ0U6IGZhbHNlCkxEQVBfVExTX0NJUEhFUl9TVUlURTogU0VDVVJFMjU2Oi1WRVJTLVNTTDMuMApMREFQX1RMU19QUk9UT0NPTF9NSU46IDMuMQpMREFQX1RMU19WRVJJRllfQ0xJRU5UOiBkZW1hbmQKCiMgUmVwbGljYXRpb24KTERBUF9SRVBMSUNBVElPTjogZmFsc2UKIyB2YXJpYWJsZXMgJExEQVBfQkFTRV9ETiwgJExEQVBfQURNSU5fUEFTU1dPUkQsICRMREFQX0NPTkZJR19QQVNTV09SRAojIGFyZSBhdXRvbWF0aWNhbHkgcmVwbGFjZWQgYXQgcnVuIHRpbWUKCiMgaWYgeW91IHdhbnQgdG8gYWRkIHJlcGxpY2F0aW9uIHRvIGFuIGV4aXN0aW5nIGxkYXAKIyBhZGFwdCBMREFQX1JFUExJQ0FUSU9OX0NPTkZJR19TWU5DUFJPViBhbmQgTERBUF9SRVBMSUNBVElPTl9EQl9TWU5DUFJPViB0byB5b3VyIGNvbmZpZ3VyYXRpb24KIyBhdm9pZCB1c2luZyAkTERBUF9CQVNFX0ROLCAkTERBUF9BRE1JTl9QQVNTV09SRCBhbmQgJExEQVBfQ09ORklHX1BBU1NXT1JEIHZhcmlhYmxlcwpMREFQX1JFUExJQ0FUSU9OX0NPTkZJR19TWU5DUFJPVjogYmluZGRuPSJjbj1hZG1pbixjbj1jb25maWciIGJpbmRtZXRob2Q9c2ltcGxlIGNyZWRlbnRpYWxzPSRMREFQX0NPTkZJR19QQVNTV09SRCBzZWFyY2hiYXNlPSJjbj1jb25maWciIHR5cGU9cmVmcmVzaEFuZFBlcnNpc3QgcmV0cnk9IjYwICsiIHRpbWVvdXQ9MSBzdGFydHRscz1jcml0aWNhbApMREFQX1JFUExJQ0FUSU9OX0RCX1NZTkNQUk9WOiBiaW5kZG49ImNuPWFkbWluLCRMREFQX0JBU0VfRE4iIGJpbmRtZXRob2Q9c2ltcGxlIGNyZWRlbnRpYWxzPSRMREFQX0FETUlOX1BBU1NXT1JEIHNlYXJjaGJhc2U9IiRMREFQX0JBU0VfRE4iIHR5cGU9cmVmcmVzaEFuZFBlcnNpc3QgaW50ZXJ2YWw9MDA6MDA6MDA6MTAgcmV0cnk9IjYwICsiIHRpbWVvdXQ9MSBzdGFydHRscz1jcml0aWNhbApMREFQX1JFUExJQ0FUSU9OX0hPU1RTOgogIC0gbGRhcDovL2xkYXAuZXhhbXBsZS5vcmcgIyBUaGUgb3JkZXIgbXVzdCBiZSB0aGUgc2FtZSBvbiBhbGwgbGRhcCBzZXJ2ZXJzCiAgLSBsZGFwOi8vbGRhcDIuZXhhbXBsZS5vcmcKCgojIFJlbW92ZSBjb25maWcgYWZ0ZXIgc2V0dXAKTERBUF9SRU1PVkVfQ09ORklHX0FGVEVSX1NFVFVQOiB0cnVlCgojIGNmc3NsIGVudmlyb25tZW50IHZhcmlhYmxlcyBwcmVmaXgKTERBUF9DRlNTTF9QUkVGSVg6IGxkYXAgIyBjZnNzbC1oZWxwZXIgZmlyc3Qgc2VhcmNoIGNvbmZpZyBmcm9tIExEQVBfQ0ZTU0xfKiB2YXJpYWJsZXMsIGJlZm9yZSBDRlNTTF8qIHZhcmlhYmxlcy4K"
diff --git a/image/Dockerfile b/image/Dockerfile
index 2df26db..80f8949 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -1,7 +1,6 @@
# Use osixia/light-baseimage
# sources: https://github.com/osixia/docker-light-baseimage
-FROM osixia/light-baseimage:1.1.1
-MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.net>
+FROM osixia/light-baseimage:1.1.2
ARG LDAP_OPENLDAP_GID
ARG LDAP_OPENLDAP_UID
@@ -11,12 +10,15 @@
RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
&& if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi
-# Install OpenLDAP, ldap-utils and ssl-tools from baseimage and clean apt-get files
+# Add stretch-backports in preparation for downloading newer openldap components, especially sladp
+RUN echo "deb http://ftp.debian.org/debian stretch-backports main" >> /etc/apt/sources.list
+
+# Install OpenLDAP, ldap-utils and ssl-tools from the (backported) baseimage and clean apt-get files
# sources: https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-service-available
# https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/download.sh
RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update \
&& /container/tool/add-service-available :ssl-tools \
- && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t stretch-backports install -y --no-install-recommends \
ldap-utils \
libsasl2-modules \
libsasl2-modules-db \
diff --git a/image/environment/default.startup.yaml b/image/environment/default.startup.yaml
index 6a027d4..1036a08 100644
--- a/image/environment/default.startup.yaml
+++ b/image/environment/default.startup.yaml
@@ -27,6 +27,7 @@
LDAP_TLS: true
LDAP_TLS_CRT_FILENAME: ldap.crt
LDAP_TLS_KEY_FILENAME: ldap.key
+LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
LDAP_TLS_CA_CRT_FILENAME: ca.crt
LDAP_TLS_ENFORCE: false
@@ -56,9 +57,6 @@
# Remove config after setup
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
-# Ulimit
-LDAP_NOFILE: 1024
-
# ssl-helper environment variables prefix
LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
diff --git a/image/environment/default.yaml b/image/environment/default.yaml
index 60107de..74a88fb 100644
--- a/image/environment/default.yaml
+++ b/image/environment/default.yaml
@@ -8,3 +8,6 @@
# General container configuration
# see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
LDAP_LOG_LEVEL: 256
+
+# Ulimit
+LDAP_NOFILE: 1024
\ No newline at end of file
diff --git a/image/service/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif b/image/service/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
new file mode 100644
index 0000000..266bc06
--- /dev/null
+++ b/image/service/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
@@ -0,0 +1,14 @@
+# Change config password
+dn: cn=config
+changeType: modify
+
+dn: olcDatabase={0}config,cn=config
+replace: olcRootPW
+olcRootPW: {{ LDAP_CONFIG_PASSWORD_ENCRYPTED }}
+
+# Change schema password
+
+dn: olcDatabase={1}{{ LDAP_BACKEND }},cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: {{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}
\ No newline at end of file
diff --git a/image/service/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif b/image/service/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
new file mode 100644
index 0000000..25ba4b7
--- /dev/null
+++ b/image/service/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
@@ -0,0 +1,5 @@
+# Admin schema password
+dn: cn=admin,{{ LDAP_BASE_DN }}
+changetype: modify
+replace: userPassword
+userPassword: {{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}
\ No newline at end of file
diff --git a/image/service/slapd/assets/config/replication/replication-disable.ldif b/image/service/slapd/assets/config/replication/replication-disable.ldif
index 2c2e498..b138bcf 100644
--- a/image/service/slapd/assets/config/replication/replication-disable.ldif
+++ b/image/service/slapd/assets/config/replication/replication-disable.ldif
@@ -4,6 +4,8 @@
delete: olcSyncRepl
-
delete: olcMirrorMode
+-
+delete: olcLimits
# Delete syncprov on backend
dn: olcOverlay=syncprov,olcDatabase={1}{{ LDAP_BACKEND }},cn=config
@@ -24,3 +26,4 @@
dn: cn=config
changeType: modify
delete: olcServerID
+
diff --git a/image/service/slapd/startup.sh b/image/service/slapd/startup.sh
index 16be005..ea255f2 100755
--- a/image/service/slapd/startup.sh
+++ b/image/service/slapd/startup.sh
@@ -25,11 +25,12 @@
WAS_STARTED_WITH_TLS="/etc/ldap/slapd.d/docker-openldap-was-started-with-tls"
WAS_STARTED_WITH_TLS_ENFORCE="/etc/ldap/slapd.d/docker-openldap-was-started-with-tls-enforce"
WAS_STARTED_WITH_REPLICATION="/etc/ldap/slapd.d/docker-openldap-was-started-with-replication"
+WAS_ADMIN_PASSWORD_SET="/etc/ldap/slapd.d/docker-openldap-was-admin-password-set"
LDAP_TLS_CA_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CA_CRT_FILENAME"
LDAP_TLS_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CRT_FILENAME"
LDAP_TLS_KEY_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_KEY_FILENAME"
-LDAP_TLS_DH_PARAM_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/dhparam.pem"
+LDAP_TLS_DH_PARAM_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_DH_PARAM_FILENAME"
# CONTAINER_SERVICE_DIR and CONTAINER_STATE_DIR variables are set by
@@ -69,6 +70,7 @@
log-helper debug "Processing file ${LDIF_FILE}"
sed -i "s|{{ LDAP_BASE_DN }}|${LDAP_BASE_DN}|g" $LDIF_FILE
sed -i "s|{{ LDAP_BACKEND }}|${LDAP_BACKEND}|g" $LDIF_FILE
+ sed -i "s|{{ LDAP_DOMAIN }}|${LDAP_DOMAIN}|g" $LDIF_FILE
if [ "${LDAP_READONLY_USER,,}" == "true" ]; then
sed -i "s|{{ LDAP_READONLY_USER_USERNAME }}|${LDAP_READONLY_USER_USERNAME}|g" $LDIF_FILE
sed -i "s|{{ LDAP_READONLY_USER_PASSWORD_ENCRYPTED }}|${LDAP_READONLY_USER_PASSWORD_ENCRYPTED}|g" $LDIF_FILE
@@ -201,7 +203,7 @@
[[ -z "$PREVIOUS_LDAP_TLS_CA_CRT_PATH" ]] && PREVIOUS_LDAP_TLS_CA_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CA_CRT_FILENAME"
[[ -z "$PREVIOUS_LDAP_TLS_CRT_PATH" ]] && PREVIOUS_LDAP_TLS_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CRT_FILENAME"
[[ -z "$PREVIOUS_LDAP_TLS_KEY_PATH" ]] && PREVIOUS_LDAP_TLS_KEY_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_KEY_FILENAME"
- [[ -z "$PREVIOUS_LDAP_TLS_DH_PARAM_PATH" ]] && PREVIOUS_LDAP_TLS_DH_PARAM_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/dhparam.pem"
+ [[ -z "$PREVIOUS_LDAP_TLS_DH_PARAM_PATH" ]] && PREVIOUS_LDAP_TLS_DH_PARAM_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_DH_PARAM_FILENAME"
ssl-helper $LDAP_SSL_HELPER_PREFIX $PREVIOUS_LDAP_TLS_CRT_PATH $PREVIOUS_LDAP_TLS_KEY_PATH $PREVIOUS_LDAP_TLS_CA_CRT_PATH
[ -f ${PREVIOUS_LDAP_TLS_DH_PARAM_PATH} ] || openssl dhparam -out ${LDAP_TLS_DH_PARAM_PATH} 2048
@@ -406,6 +408,23 @@
fi
+ if [[ -f "$WAS_ADMIN_PASSWORD_SET" ]]; then
+ get_ldap_base_dn
+ LDAP_CONFIG_PASSWORD_ENCRYPTED=$(slappasswd -s "$LDAP_CONFIG_PASSWORD")
+ LDAP_ADMIN_PASSWORD_ENCRYPTED=$(slappasswd -s "$LDAP_ADMIN_PASSWORD")
+ sed -i "s|{{ LDAP_CONFIG_PASSWORD_ENCRYPTED }}|${LDAP_CONFIG_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
+ sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
+ sed -i "s|{{ LDAP_BACKEND }}|${LDAP_BACKEND}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
+ sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
+ sed -i "s|{{ LDAP_BASE_DN }}|${LDAP_BASE_DN}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
+
+ for f in $(find ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif -type f -name \*.ldif | sort); do
+ ldap_add_or_modify "$f"
+ done
+ else
+ touch "$WAS_ADMIN_PASSWORD_SET"
+ fi
+
#
# stop OpenLDAP
#
diff --git a/test/ssl/ldap-test.dhparam b/test/ssl/ldap-test.dhparam
new file mode 100644
index 0000000..eccad10
--- /dev/null
+++ b/test/ssl/ldap-test.dhparam
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA9GFVKDf67bPYjJB6ngTWhCSARE4KPg5/+LYMIA5mr137Iqatdk2K
+/QNyvW3EWmg9hSNcb8Zd7LFru/qt5te7lDBGS2uOhvxHQEJ8Lqv+KoM9TFTI1oH7
+9biVLVbUwMrD7LGTp5TQ9pbjyADW2mWf25hYmy95V0aKQBLJ10GcFaDTguO6OH3E
+E6hOl6gQzlTd/WCNrFf2ww4iveNNXbZArOf4BruqjYOkV1RSf+vdQwBlxtjjCEW4
+QUGO31rbD07R5Pv464vf18yGHttnPa0JBDq7P2alN49Of0k+qntUyUPxcrBd83qQ
+13KWi47KoR76gf4f87OZa9hXwk8AML1BCwIBAg==
+-----END DH PARAMETERS-----
diff --git a/test/test.bats b/test/test.bats
index 9256e88..cf1073b 100644
--- a/test/test.bats
+++ b/test/test.bats
@@ -19,6 +19,25 @@
}
+@test "ldapsearch database from created volumes" {
+
+ rm -rf VOLUMES && mkdir -p VOLUMES/config VOLUMES/database
+ LDAP_CID=$(docker run -h ldap.example.org -e LDAP_TLS=false --volume $PWD/VOLUMES/database:/var/lib/ldap --volume $PWD/VOLUMES/config:/etc/ldap/slapd.d -d $NAME:$VERSION)
+ wait_process_by_cid $LDAP_CID slapd
+ run docker exec $LDAP_CID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
+ docker kill $LDAP_CID
+ [ "$status" -eq 0 ]
+ LDAP_CID=$(docker run -h ldap.example.org -e LDAP_TLS=false --volume $PWD/VOLUMES/database:/var/lib/ldap --volume $PWD/VOLUMES/config:/etc/ldap/slapd.d -d $NAME:$VERSION)
+ wait_process_by_cid $LDAP_CID slapd
+ run docker exec $LDAP_CID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
+ run docker exec $LDAP_CID chown -R $UID:$UID /var/lib/ldap /etc/ldap/slapd.d
+ docker kill $LDAP_CID
+ rm -rf VOLUMES
+
+ [ "$status" -eq 0 ]
+
+}
+
@test "ldapsearch new database with strict TLS" {
run_image -h ldap.example.org
@@ -41,6 +60,17 @@
}
+@test "ldapsearch new database with strict TLS and custom ca/crt and custom dhparam" {
+
+ run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/container/service/slapd/assets/certs -e LDAP_TLS_CRT_FILENAME=ldap-test.crt -e LDAP_TLS_KEY_FILENAME=ldap-test.key -e LDAP_TLS_DH_PARAM_FILENAME=ldap-test.dhparam -e LDAP_TLS_CA_CRT_FILENAME=ca-test.crt
+ wait_process slapd
+ run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin
+ clear_container
+
+ [ "$status" -eq 0 ]
+
+}
+
@test "ldapsearch existing hdb database and config" {
run_image -h ldap.example.org -e LDAP_TLS=false -e LDAP_BACKEND=hdb -v $BATS_TEST_DIRNAME/database:/container/test/database -v $BATS_TEST_DIRNAME/config:/container/test/config
