Merge branch 'release-1.0.0' into stable

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/openldap
-VERSION = 0.10.2
+VERSION = 1.0.0
 
 .PHONY: all build test tag_latest release
 
@@ -16,6 +16,5 @@ tag_latest:
 
 release: build test tag_latest
  @if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
- @if ! head -n 1 CHANGELOG.md | grep -q 'release date'; then echo 'Please note the release date in Changelog.md.' && false; fi
  docker push $(NAME)
  @echo "*** Don't forget to run 'twgit release/hotfix finish' :)"

README.md

@@ -1,17 +1,19 @@
 # osixia/openldap
 
+[![](https://badge.imagelayers.io/osixia/openldap:latest.svg)](https://imagelayers.io/?images=osixia/openldap:latest 'Get your own badge on imagelayers.io')
+
 A docker image to run OpenLDAP.
 > [www.openldap.org](http://www.openldap.org/)
 
 Fork of Nick Stenning docker-slapd :
 https:/nickstenning/docker-slapd
 
-Add support of TLS and multi master replication.
+Add support of TLS, multi master replication and easy bootstrap.
 
 ## Quick start
 Run OpenLDAP docker image :
 
- docker run -h ldap.example.org -d osixia/openldap
+ docker run -d osixia/openldap
 
 This start a new container with a OpenLDAP server running inside.
 The odd string printed by this command is the `CONTAINER_ID`.
@@ -25,7 +27,7 @@ make sure to replace `CONTAINER_ID` by your container id :
 You should now be in the container terminal,
 and we can search on the ldap server :
 
- ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
+ ldapsearch -x -h localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
 
 This should output :
 
@@ -56,15 +58,13 @@ It will create an empty ldap for the compagny **Example Inc.** and the domain **
 
 By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example :
 
- docker run -h ldap.example.org -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
+ docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
  -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap
 
 #### Data persitance
 
 The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d` (LDAP config files) has been declared as volumes, so your ldap files are saved outside the container in data volumes.
 
-Be careful, if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container.
-
 For more information about docker data volume, please refer to :
 
 > [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/)
@@ -77,7 +77,7 @@ Assuming you have a LDAP database on your docker host in the directory `/data/sl
 and the corresponding LDAP config files on your docker host in the directory `/data/slapd/config`
 simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slapd.d`:
 
- docker run -h ldap.example.org -v /data/slapd/database:/var/lib/ldap \
+ docker run -v /data/slapd/database:/var/lib/ldap \
  -v /data/slapd/config:/etc/ldap/slapd.d
  -d osixia/openldap
 
@@ -87,17 +87,17 @@ You can also use data volume containers. Please refer to :
 ### Using TLS
 
 #### Use autogenerated certificate
-By default TLS is enable, a certificate is created with the container hostname (set by -h option eg: ldap.example.org).
+By default TLS is enable, a certificate is created with the container hostname (it can be set by docker run -h option eg: ldap.example.org).
 
- docker run -h ldap.example.org -e SERVER_NAME=ldap.my-compagny.com -d osixia/openldap
+ docker run -h ldap.my-compagny.com -d osixia/openldap
 
 #### Use your own certificate
 
-Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yml** and rebuild the image ([see manual build](#manual-build)).
+Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yaml** and rebuild the image ([see manual build](#manual-build)).
 
-Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/osixia/slapd/assets/ssl** and adjust there name with the following environment variables :
+Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/container/service/slapd/assets/ssl** and adjust there name with the following environment variables :
 
- docker run -h ldap.example.org -v /path/to/certifates:/osixia/slapd/assets/ssl \
+ docker run -h ldap.example.org -v /path/to/certifates:/container/service/slapd/assets/ssl \
  -e SSL_CRT_FILENAME=my-ldap.crt \
  -e SSL_KEY_FILENAME=my-ldap.key \
  -e SSL_CA_CRT_FILENAME=the-ca.crt \
@@ -106,37 +106,30 @@ Or you can set your custom certificate at run time, by mouting a directory conta
 #### Disable TLS
 Add -e USE_TLS=false to the run command :
 
- docker run -h ldap.example.org -e USE_TLS=false -d osixia/openldap
+ docker run -e USE_TLS=false -d osixia/openldap
 
 ### Multi master replication
 Quick example, with the default config.
 
-Create the first ldap server, save the container id in LDAP_CID and get its IP:
-
+ #Create the first ldap server, save the container id in LDAP_CID and get its IP:
  LDAP_CID=$(docker run -h ldap.example.org -e USE_REPLICATION=true -d osixia/openldap)
  LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
-Create the second ldap server, save the container id in LDAP2_CID and get its IP:
-
+ #Create the second ldap server, save the container id in LDAP2_CID and get its IP:
  LDAP2_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -d osixia/openldap)
  LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
 
-Add the pair "ip hostname" to /etc/hosts on each containers,
-beacause ldap.example.org and ldap2.example.org are fake hostnames
+ #Add the pair "ip hostname" to /etc/hosts on each containers,
+ #beacause ldap.example.org and ldap2.example.org are fake hostnames
+ docker exec $LDAP_CID /sbin/add-host $LDAP2_IP ldap2.example.org
+ docker exec $LDAP2_CID /sbin/add-host $LDAP_IP ldap.example.org
 
- docker exec $LDAP_CID /osixia/test/add-host.sh $LDAP2_IP ldap2.example.org
- docker exec $LDAP2_CID /osixia/test/add-host.sh $LDAP_IP ldap.example.org
-
-We reload slapd to let him take into consideration /etc/hosts changes
-
- docker exec $LDAP_CID pkill slapd
- docker exec $LDAP2_CID pkill slapd
 
 That's it ! But a litle test to be sure :
 
 Add a new user "billy" on the first ldap server
 
- docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/test/new-user.ldif -h ldap.example.org -ZZ
+ docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/new-user.ldif -h ldap.example.org -ZZ
 
 Search on the second ldap server, and billy should show up !
 
@@ -154,22 +147,26 @@ Search on the second ldap server, and billy should show up !
  objectClass: inetOrgPerson
  [...]
 
-
 ## Administrate your ldap server
 If you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image :
 > [osixia/phpldapadmin](https:/osixia/docker-phpLDAPadmin)
 
+## Backups
+A simple solution to backup your ldap server, our openldap-backup docker image :
+> [osixia/openldap-backup](https:/osixia/docker-openldap-backup)
+
 ## Environment Variables
 
-Environement variables defaults are set in **image/env.yml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yml file as a docker volume to `/etc/env.yml`. See examples below.
+Environement variables defaults are set in **image/env.yaml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yaml file as a docker volume to `/etc/env.yaml`. See examples below.
 
 General container configuration :
-- **LDAP_LOG_LEVEL**: Slap log level. defaults to `-1`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
+- **LDAP_LOG_LEVEL**: Slap log level. defaults to `256`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
 
 Required and used for new ldap server only :
 - **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.`
 - **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org`
-- **LDAP_ADMIN_PASSWORD** Admin password. Defaults to `admin`
+- **LDAP_ADMIN_PASSWORD** Ldap Admin password. Defaults to `admin`
+- **LDAP_CONFIG_PASSWORD** Ldap Config password. Defaults to `config`
 
 TLS options :
 - **USE_TLS**: Add openldap TLS capabilities. Defaults to `true`
@@ -187,12 +184,12 @@ Replication options :
 
 Environment variable can be set directly by adding the -e argument in the command line, for example :
 
- docker run -h ldap.example.org -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
+ docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
  -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap
 
-Or by setting your own `env.yml` file as a docker volume to `/etc/env.yml`
+Or by setting your own `env.yaml` file as a docker volume to `/etc/env.yaml`
 
- docker run -h ldap.example.org -v /data/my-ldap-env.yml:/etc/env.yml \
+ docker run -v /data/my-env.yaml:/etc/env.yaml \
  -d osixia/openldap
 
 ## Manual build
@@ -205,7 +202,7 @@ Clone this project :
 Adapt Makefile, set your image NAME and VERSION, for example :
 
  NAME = osixia/openldap
- VERSION = 0.10.0
+ VERSION = 1.0.0
 
  becomes :
  NAME = billy-the-king/openldap
@@ -217,7 +214,7 @@ Build your image :
 
 Run your image :
 
- docker run -h ldap.example.org -d billy-the-king/openldap:0.1.0
+ docker run -d billy-the-king/openldap:0.1.0
 
 ## Tests
 

image/Dockerfile

@@ -1,26 +1,32 @@
-FROM osixia/baseimage:0.10.5
+FROM osixia/light-baseimage:0.1.0
 MAINTAINER Bertrand Gouny <[email protected]>
 
-# Use baseimage-docker's init system.
-CMD ["/sbin/my_init"]
+# Use baseimage's init system.
+# https:/osixia/docker-light-baseimage/blob/stable/image/tool/run
+CMD ["/container/tool/run"]
 
 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 RUN groupadd -r openldap && useradd -r -g openldap openldap
 
-# Install OpenLDAP, ldap-utils and ssl-kit from baseimage, remove default ldap db
-RUN apt-get -y update && /sbin/enable-service ssl-kit \
- && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
- slapd ldap-utils ntp \
- && rm -rf /var/lib/ldap /etc/ldap/slapd.d
+# Install OpenLDAP, ldap-utils and ssl-helper from baseimage and remove default ldap db
+# https:/osixia/docker-light-baseimage/blob/stable/image/tool/install-service-available
+RUN apt-get -y update \
+ && /container/tool/install-service-available ssl-helper-gnutls \
+ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
+ slapd ldap-utils \
+ && rm -rf /var/lib/ldap /etc/ldap/slapd.d
 
-# Add service directory to /osixia
-ADD service /osixia
+# Add service directory to /container/service
+ADD service /container/service
 
-# Use baseimage service auto-install script and clean all
-RUN ./sbin/auto-install && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+# Use baseimage install-service script and clean all
+# https:/osixia/docker-light-baseimage/blob/stable/image/tool/install-service
+RUN /container/tool/install-service \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add default env variables
-ADD env.yml /etc/env.yml
+ADD env.yaml /etc/env.yaml
 
 # Set OpenLDAP data and config directories in a data volume
 VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]

image/env.yml → image/env.yaml

@@ -4,7 +4,7 @@ LDAP_ADMIN_PASSWORD: admin
 LDAP_CONFIG_PASSWORD: config
 
 #See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
-LDAP_LOG_LEVEL: -1
+LDAP_LOG_LEVEL: 256
 
 USE_TLS: true
 SSL_CRT_FILENAME: ldap.crt
@@ -13,7 +13,7 @@ SSL_CA_CRT_FILENAME: ca.crt
 
 
 USE_REPLICATION: false
-# variables $BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD and $SSL_*
+# variables $BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
 # are automaticaly replaced at run time
 
 # if you want to add replication to an existing ldap

image/service/slapd/assets/config/bootstrap/ldif/03-memberOf.ldif

@@ -0,0 +1,5 @@
+# Load memberof module
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof

image/service/slapd/assets/config/bootstrap/ldif/index.ldif → image/service/slapd/assets/config/bootstrap/ldif/04-index.ldif

@@ -2,5 +2,7 @@
 dn: olcDatabase={1}hdb,cn=config
 changetype: modify
 replace: olcDbIndex
+olcDbIndex: uid eq
+olcDbIndex: memberOf eq
 olcDbIndex: entryCSN eq
 olcDbIndex: entryUUID eq

image/service/slapd/assets/config/tls/tls-enable.ldif

@@ -4,16 +4,16 @@ replace: olcTLSCipherSuite
 olcTLSCipherSuite: SECURE256:-VERS-SSL3.0
 -
 replace: olcTLSCACertificateFile
-olcTLSCACertificateFile: /osixia/slapd/assets/ssl/ca.crt
+olcTLSCACertificateFile: /container/service/slapd/assets/ssl/ca.crt
 -
 replace: olcTLSCertificateFile
-olcTLSCertificateFile: /osixia/slapd/assets/ssl/ldap.crt
+olcTLSCertificateFile: /container/service/slapd/assets/ssl/ldap.crt
 -
 replace: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: /osixia/slapd/assets/ssl/ldap.key
+olcTLSCertificateKeyFile: /container/service/slapd/assets/ssl/ldap.key
 -
 replace: olcTLSDHParamFile
-olcTLSDHParamFile: /osixia/slapd/assets/ssl/dhparam.pem
+olcTLSDHParamFile: /container/service/slapd/assets/ssl/dhparam.pem
 -
 replace: olcTLSVerifyClient
 olcTLSVerifyClient: demand

image/service/slapd/assets/ssl/README.md

@@ -1,2 +1,2 @@
 Add your ssl crt, key and ca crt here
-or during docker run mount a data volume with thoses files to /osixia/slapd/assets/ssl
+or during docker run mount a data volume with thoses files to /container/service/slapd/assets/ssl