From 311ed00e2934d1fd7576963039e86913a4e140a2 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 15 Jul 2015 16:59:12 +0200 Subject: [PATCH 01/33] [twgit] Init release 'release-1.0.0'. From fae922569488b7183df1a9d035d1db8c0a9d0c72 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 15 Jul 2015 18:04:43 +0200 Subject: [PATCH 02/33] new baseimage --- image/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/image/Dockerfile b/image/Dockerfile index 7ef0d63f..2430a335 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,14 +1,14 @@ -FROM osixia/baseimage:0.10.5 +FROM osixia/light-baseimage:0.1.0 MAINTAINER Bertrand Gouny # Use baseimage-docker's init system. -CMD ["/sbin/my_init"] +CMD ["/sbin/auto_init"] # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r openldap && useradd -r -g openldap openldap # Install OpenLDAP, ldap-utils and ssl-kit from baseimage, remove default ldap db -RUN apt-get -y update && /sbin/enable-service ssl-kit \ +RUN apt-get -y update && /sbin/install-service-available ssl-helper-gnutls \ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ slapd ldap-utils ntp \ && rm -rf /var/lib/ldap /etc/ldap/slapd.d @@ -16,8 +16,8 @@ RUN apt-get -y update && /sbin/enable-service ssl-kit \ # Add service directory to /osixia ADD service /osixia -# Use baseimage service auto-install script and clean all -RUN ./sbin/auto-install && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# Use baseimage install-service script and clean all +RUN ./sbin/install-service && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Add default env variables ADD env.yml /etc/env.yml From 6c00b366a514cafccaad208ecfbb6f1bf0e84e11 Mon Sep 17 00:00:00 2001 From: ofreax Date: Wed, 15 Jul 2015 19:35:27 +0200 Subject: [PATCH 03/33] new baseimage --- Makefile | 2 +- README.md | 6 +++--- image/Dockerfile | 2 +- image/service/{ => slapd/assets}/test/add-host.sh | 0 image/service/{ => slapd/assets}/test/new-user.ldif | 0 test/test.bats | 6 +++--- 6 files changed, 8 insertions(+), 8 deletions(-) rename image/service/{ => slapd/assets}/test/add-host.sh (100%) rename image/service/{ => slapd/assets}/test/new-user.ldif (100%) diff --git a/Makefile b/Makefile index 69610f0c..16527586 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NAME = osixia/openldap -VERSION = 0.10.2 +VERSION = 1.0.0 .PHONY: all build test tag_latest release diff --git a/README.md b/README.md index 4ed1a9b1..9459ac8c 100644 --- a/README.md +++ b/README.md @@ -124,8 +124,8 @@ Create the second ldap server, save the container id in LDAP2_CID and get its IP Add the pair "ip hostname" to /etc/hosts on each containers, beacause ldap.example.org and ldap2.example.org are fake hostnames - docker exec $LDAP_CID /osixia/test/add-host.sh $LDAP2_IP ldap2.example.org - docker exec $LDAP2_CID /osixia/test/add-host.sh $LDAP_IP ldap.example.org + docker exec $LDAP_CID /osixia/service/slapd/assets/test/add-host.sh $LDAP2_IP ldap2.example.org + docker exec $LDAP2_CID /osixia/service/slapd/assets/test/add-host.sh $LDAP_IP ldap.example.org We reload slapd to let him take into consideration /etc/hosts changes @@ -136,7 +136,7 @@ That's it ! But a litle test to be sure : Add a new user "billy" on the first ldap server - docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/test/new-user.ldif -h ldap.example.org -ZZ + docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/service/slapd/assets/test/new-user.ldif -h ldap.example.org -ZZ Search on the second ldap server, and billy should show up ! diff --git a/image/Dockerfile b/image/Dockerfile index 2430a335..4419217e 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -14,7 +14,7 @@ RUN apt-get -y update && /sbin/install-service-available ssl-helper-gnutls \ && rm -rf /var/lib/ldap /etc/ldap/slapd.d # Add service directory to /osixia -ADD service /osixia +ADD service /osixia/service # Use baseimage install-service script and clean all RUN ./sbin/install-service && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/image/service/test/add-host.sh b/image/service/slapd/assets/test/add-host.sh similarity index 100% rename from image/service/test/add-host.sh rename to image/service/slapd/assets/test/add-host.sh diff --git a/image/service/test/new-user.ldif b/image/service/slapd/assets/test/new-user.ldif similarity index 100% rename from image/service/test/new-user.ldif rename to image/service/slapd/assets/test/new-user.ldif diff --git a/test/test.bats b/test/test.bats index b2d0b051..228c499d 100644 --- a/test/test.bats +++ b/test/test.bats @@ -69,8 +69,8 @@ load test_helper run_image -h ldap.example.org -e USE_REPLICATION=true # add route to hosts - docker exec $LDAP_REPL_CID /osixia/test/add-host.sh $CONTAINER_IP ldap.example.org - docker exec $CONTAINER_ID /osixia/test/add-host.sh $LDAP_REPL_IP ldap2.example.org + docker exec $LDAP_REPL_CID /osixia/service/slapd/assets/test/add-host.sh $CONTAINER_IP ldap.example.org + docker exec $CONTAINER_ID /osixia/service/slapd/assets/test/add-host.sh $LDAP_REPL_IP ldap2.example.org # wait services on both servers wait_service slapd @@ -85,7 +85,7 @@ load test_helper wait_service_by_cid $LDAP_REPL_CID slapd # add user on ldap2.example.org - docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/test/new-user.ldif -h ldap2.example.org -ZZ + docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/service/slapd/assets/test/new-user.ldif -h ldap2.example.org -ZZ sleep 5 From a4b4b2cde435e65e92ac9432b233897ea16b7cb4 Mon Sep 17 00:00:00 2001 From: ofreax Date: Wed, 15 Jul 2015 22:46:45 +0200 Subject: [PATCH 04/33] new baseimage --- README.md | 4 +- image/Dockerfile | 2 +- .../slapd/assets/config/tls/tls-enable.ldif | 8 +-- image/service/slapd/assets/ssl/README.md | 2 +- image/service/slapd/container-start.sh | 65 +++++++++--------- image/service/slapd/daemon.sh | 2 +- test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes test/test.bats | 2 +- 12 files changed, 44 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 9459ac8c..7ea03344 100644 --- a/README.md +++ b/README.md @@ -95,9 +95,9 @@ By default TLS is enable, a certificate is created with the container hostname ( Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yml** and rebuild the image ([see manual build](#manual-build)). -Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/osixia/slapd/assets/ssl** and adjust there name with the following environment variables : +Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/osixia/service/slapd/assets/ssl** and adjust there name with the following environment variables : - docker run -h ldap.example.org -v /path/to/certifates:/osixia/slapd/assets/ssl \ + docker run -h ldap.example.org -v /path/to/certifates:/osixia/service/slapd/assets/ssl \ -e SSL_CRT_FILENAME=my-ldap.crt \ -e SSL_KEY_FILENAME=my-ldap.key \ -e SSL_CA_CRT_FILENAME=the-ca.crt \ diff --git a/image/Dockerfile b/image/Dockerfile index 4419217e..d7536329 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -2,7 +2,7 @@ FROM osixia/light-baseimage:0.1.0 MAINTAINER Bertrand Gouny # Use baseimage-docker's init system. -CMD ["/sbin/auto_init"] +CMD ["/sbin/my_init"] # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r openldap && useradd -r -g openldap openldap diff --git a/image/service/slapd/assets/config/tls/tls-enable.ldif b/image/service/slapd/assets/config/tls/tls-enable.ldif index 29133a85..3f9d18ca 100644 --- a/image/service/slapd/assets/config/tls/tls-enable.ldif +++ b/image/service/slapd/assets/config/tls/tls-enable.ldif @@ -4,16 +4,16 @@ replace: olcTLSCipherSuite olcTLSCipherSuite: SECURE256:-VERS-SSL3.0 - replace: olcTLSCACertificateFile -olcTLSCACertificateFile: /osixia/slapd/assets/ssl/ca.crt +olcTLSCACertificateFile: /osixia/service/slapd/assets/ssl/ca.crt - replace: olcTLSCertificateFile -olcTLSCertificateFile: /osixia/slapd/assets/ssl/ldap.crt +olcTLSCertificateFile: /osixia/service/slapd/assets/ssl/ldap.crt - replace: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /osixia/slapd/assets/ssl/ldap.key +olcTLSCertificateKeyFile: /osixia/service/slapd/assets/ssl/ldap.key - replace: olcTLSDHParamFile -olcTLSDHParamFile: /osixia/slapd/assets/ssl/dhparam.pem +olcTLSDHParamFile: /osixia/service/slapd/assets/ssl/dhparam.pem - replace: olcTLSVerifyClient olcTLSVerifyClient: demand diff --git a/image/service/slapd/assets/ssl/README.md b/image/service/slapd/assets/ssl/README.md index 2b56f364..a06b6285 100644 --- a/image/service/slapd/assets/ssl/README.md +++ b/image/service/slapd/assets/ssl/README.md @@ -1,2 +1,2 @@ Add your ssl crt, key and ca crt here -or during docker run mount a data volume with thoses files to /osixia/slapd/assets/ssl +or during docker run mount a data volume with thoses files to /osixia/service/slapd/assets/ssl diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index fb74c506..680ca346 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -12,7 +12,7 @@ ulimit -n 1024 #fix file permissions chown -R openldap:openldap /var/lib/ldap chown -R openldap:openldap /etc/ldap -chown -R openldap:openldap /osixia/slapd +chown -R openldap:openldap /osixia/service/slapd /etc/init.d/ntp restart @@ -46,13 +46,13 @@ if [ ! -e "$FIRST_START_DONE" ]; then local LDAP_KEY=$3 # check certificat and key or create it - /sbin/ssl-kit "/osixia/slapd/assets/ssl/$LDAP_CRT" "/osixia/slapd/assets/ssl/$LDAP_KEY" --ca-crt=/osixia/slapd/assets/ssl/$CA_CRT --gnutls + /sbin/ssl-helper "/osixia/service/slapd/assets/ssl/$LDAP_CRT" "/osixia/service/slapd/assets/ssl/$LDAP_KEY" --ca-crt=/osixia/service/slapd/assets/ssl/$CA_CRT --gnutls # create DHParamFile if not found - [ -f /osixia/slapd/assets/ssl/dhparam.pem ] || openssl dhparam -out /osixia/slapd/assets/ssl/dhparam.pem 2048 + [ -f /osixia/service/slapd/assets/ssl/dhparam.pem ] || openssl dhparam -out /osixia/service/slapd/assets/ssl/dhparam.pem 2048 # fix file permissions - chown -R openldap:openldap /osixia/slapd + chown -R openldap:openldap /osixia/service/slapd } @@ -119,13 +119,13 @@ EOF # convert schemas to ldif SCHEMAS="" - for f in $(find /osixia/slapd/assets/config/bootstrap/schema -name \*.schema -type f); do + for f in $(find /osixia/service/slapd/assets/config/bootstrap/schema -name \*.schema -type f); do SCHEMAS="$SCHEMAS ${f}" done - /osixia/slapd/assets/schema-to-ldif.sh "$SCHEMAS" + /osixia/service/slapd/assets/schema-to-ldif.sh "$SCHEMAS" # add schemas - for f in $(find /osixia/slapd/assets/config/bootstrap/schema -name \*.ldif -type f); do + for f in $(find /osixia/service/slapd/assets/config/bootstrap/schema -name \*.ldif -type f); do echo "Processing file ${f}" # add schema if not already exists SCHEMA=$(basename "${f}" .ldif) @@ -140,14 +140,14 @@ EOF # set config password CONFIG_PASSWORD_ENCRYPTED=$(slappasswd -s $LDAP_CONFIG_PASSWORD) - sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /osixia/slapd/assets/config/bootstrap/ldif/config-password.ldif + sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /osixia/service/slapd/assets/config/bootstrap/ldif/config-password.ldif # adapt security config file get_base_dn - sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/slapd/assets/config/bootstrap/ldif/security.ldif + sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/service/slapd/assets/config/bootstrap/ldif/security.ldif # process config files - for f in $(find /osixia/slapd/assets/config/bootstrap/ldif -name \*.ldif -type f); do + for f in $(find /osixia/service/slapd/assets/config/bootstrap/ldif -name \*.ldif -type f); do echo "Processing file ${f}" ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f done @@ -162,11 +162,11 @@ EOF check_tls_files $SSL_CA_CRT_FILENAME $SSL_CRT_FILENAME $SSL_KEY_FILENAME # adapt tls ldif - sed -i "s,/osixia/slapd/assets/ssl/ca.crt,/osixia/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /osixia/slapd/assets/config/tls/tls-enable.ldif - sed -i "s,/osixia/slapd/assets/ssl/ldap.crt,/osixia/slapd/assets/ssl/${SSL_CRT_FILENAME},g" /osixia/slapd/assets/config/tls/tls-enable.ldif - sed -i "s,/osixia/slapd/assets/ssl/ldap.key,/osixia/slapd/assets/ssl/${SSL_KEY_FILENAME},g" /osixia/slapd/assets/config/tls/tls-enable.ldif + sed -i "s,/osixia/service/slapd/assets/ssl/ca.crt,/osixia/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /osixia/service/slapd/assets/config/tls/tls-enable.ldif + sed -i "s,/osixia/service/slapd/assets/ssl/ldap.crt,/osixia/service/slapd/assets/ssl/${SSL_CRT_FILENAME},g" /osixia/service/slapd/assets/config/tls/tls-enable.ldif + sed -i "s,/osixia/service/slapd/assets/ssl/ldap.key,/osixia/service/slapd/assets/ssl/${SSL_KEY_FILENAME},g" /osixia/service/slapd/assets/config/tls/tls-enable.ldif - ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/tls/tls-enable.ldif + ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/tls/tls-enable.ldif [[ -f "$WAS_STARTED_WITH_TLS" ]] && rm -f "$WAS_STARTED_WITH_TLS" touch $WAS_STARTED_WITH_TLS @@ -176,20 +176,20 @@ EOF chmod +x $WAS_STARTED_WITH_TLS # ldap client config - sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf + sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf echo "TLS_REQCERT demand" >> /etc/ldap/ldap.conf [[ -f "$HOME/.ldaprc" ]] && rm -f $HOME/.ldaprc touch $HOME/.ldaprc - echo "TLS_CERT /osixia/slapd/assets/ssl/${SSL_CRT_FILENAME}" >> $HOME/.ldaprc - echo "TLS_KEY /osixia/slapd/assets/ssl/${SSL_KEY_FILENAME}" >> $HOME/.ldaprc + echo "TLS_CERT /osixia/service/slapd/assets/ssl/${SSL_CRT_FILENAME}" >> $HOME/.ldaprc + echo "TLS_KEY /osixia/service/slapd/assets/ssl/${SSL_KEY_FILENAME}" >> $HOME/.ldaprc else echo "Don't use TLS" [[ -f "$WAS_STARTED_WITH_TLS" ]] && rm -f "$WAS_STARTED_WITH_TLS" - ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/tls/tls-disable.ldif || true + ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/tls/tls-disable.ldif || true fi @@ -200,7 +200,7 @@ EOF echo "Use replication" # copy template file - cp /osixia/slapd/assets/config/replication/replication-enable-template.ldif /osixia/slapd/assets/config/replication/replication-enable.ldif + cp /osixia/service/slapd/assets/config/replication/replication-enable-template.ldif /osixia/service/slapd/assets/config/replication/replication-enable.ldif REPLICATION_HOSTS=($REPLICATION_HOSTS) i=1 @@ -210,36 +210,39 @@ EOF #host var contain a variable name, we access to the variable value and cast it to a table host=${!host} - sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /osixia/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /osixia/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /osixia/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif ((i++)) done get_base_dn - sed -i "s|\$BASE_DN|$BASE_DN|g" /osixia/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /osixia/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /osixia/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$BASE_DN|$BASE_DN|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS }}/d" /osixia/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /osixia/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /osixia/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/replication/replication-enable.ldif + ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-enable.ldif touch $WAS_STARTED_WITH_REPLICATION else echo "Don't use replication" [[ -f "$WAS_STARTED_WITH_REPLICATION" ]] && rm -f "$WAS_STARTED_WITH_REPLICATION" - ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/replication/replication-disable.ldif || true + ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-disable.ldif || true fi # stop OpenLDAP - kill -INT `cat /run/slapd/slapd.pid` + SLAPD_PID=$(cat /run/slapd/slapd.pid) + echo "Kill slapd, pid: $SLAPD_PID" + kill -INT $SLAPD_PID + echo "ok" touch $FIRST_START_DONE fi diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index de70683a..8faa5520 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -5,4 +5,4 @@ # see https://github.com/docker/docker/issues/8231 ulimit -n 1024 -exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d "$LDAP_LOG_LEVEL" +exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL diff --git a/test/database/__db.001 b/test/database/__db.001 index 3f5c5c672437eeb0a9f64a3ff40c0c40781086c8..76f9683dd9de3796734171c97a52087839f3bb99 100644 GIT binary patch delta 1820 zcma)7Z)lrE7{7bpyX4-yO--7uNo_k*SGUgo3qrS)b`V;M#g;9bw$^V6Y&ZllC~AwH z3yzV2IQsI6H~rF3M^}eJMwsvB(A82Q9~`Fp;-I+I)errkkfLZc+u~jB-n1459$cP# zf6w#$?)N-*M@l!EN;jIO!VntWZ@V@i27D03_-YoOGvlyTGs_479dxM=`m%E{4fPX9 z#3dC>f9QjaW}~Ap`s><&i=zM}?OnNjZGLvdNWF1~ zEx~j502pO<;=@1OoT1jNbqsXB#Zb<0;OOUZ&QL2EIKG|Xd&%(Pa{bGS8CQMgMaO>k z21B{BsXFadfu?b{`w*{{q2H|DIj8g3$9OhpsKy7&8DiheGG?HA6aBsi9PxMH?oWeiZkyW zyd}0uEJ;g0yQw~*RrFX(H`SCI>k2$ z2^(w|cDx<3_H^yiiBAAA9|x|)tc?+Lb+;CfSGd}`Hi4d3V729*M9aIMwsE^}8Fm(Y zTx}OND&&F8Fk7Y3n3<$}{#rKnZDSVg?1i{1hc&MY4USw&d}BHjA)YYS>;;9m$ zG`WaQRBG`w+AH&ddihK20Vl7^Y35$VczHaBpDc*26MUQXb}%c%^_wbsVAzgbB?d+|uaV#&K9&M$XEfq8sBL z8W}|-xV9wtY~3EooBKo{2CKiAW1NFR6LcN=#w zWNRHq9-$$c7aGQ-lr?$PV%IAgu!nI)=(mXVGF%jJgh70`=@ADLc+!bmD*^+O>U>f3 zoy*|6)0`8B>qevyZg{=7+2kWZ>j>*VJL=?C-D8{mcWwMCm~R*9C4vui%>OOKrvI98M{A?ktzH`0edwQe2?0TnhPm{{X_@7z05QxUvy z=ezei=YHqhGiRoCeOv4Lwn7RECjrcXQ@)f=6+TKH^V3TtZ)HiZ@s`6VN&*)SkZ5Iw zlnAb>G>##S2DYp$DGFg8T0^=q;9SbgMy-+-QdgGD>;u^FQwaA-mx}?h@LDTc2l1NO zU6mxHN%-p@6y+IaI`-2GQ!2x-WzvI#TsgsZqrsma^>J2Fa&AP9FRe`voB5Y-v8D1{ zgPmsh{t*jQ^#2K#1@AAspbmfHCdMy+`2aIB_lLE1!(wG%L zpE6h~N~_g6t5mY*TY*ZhkV&&gquVY~q7U9L3#GW|sIZ5}T`*KJtkPbm!a+{+8}i{Z zvz?e8B6>bCMC`T`$5V(vV%xhbn zK2q`AN$9kf=e2P)68lBin@xdZzv7E^?Y_GmXX;wg;})UXXRi*!Cp(NLh^7qK*G|Jx zl?3eI1l-(#sS<>6@mUD@(n3+0Jb{rC?8NeE(EHsQm05lH7<*8l`^+2{r}*3AGs7E( zjjMR|Y1nEPOYkPa3scaJ$tf_<7=aEH25*+IMm-G(~;ghqlH{?nz2gOk=&O$fBSI}iI&ho5o%>5&) z!ko-XE&B1y92~Lte*wn_uyKF@HVFmNj#min(66!PWKB72X1h5bGTOzJm4MUf*rn10 z?w^48Zs!Z*Mp><-COiwWs(;(jROuc)Eor-^(jG!`xT4WrZ6S7Mke|yxkHxcQb~6qD zeFUpO^;qMLJ5pLeQ|_?Deb}401aG0N>k3?3%fn^R2%!D{8yCnpF%#jF0d;1PNsN)(srz~8yRDgujAt$+J&!s zX>XhV+HWFIRhCMMDjVf?;$edxCd7Wnpcjc&U2o<0`6-(oHof*fzdrZWUm5cLoB#j- diff --git a/test/database/__db.002 b/test/database/__db.002 index 482329e8008f08153bbd0b785bcc946e5f059d33..88cbb9d23a49e0c2b11bca63a6daddf44d52f4d9 100644 GIT binary patch delta 1805 zcmezWpX2|3jtvQnjFFQQ8Kqh0F)=ViZf;~WXOz@ufP(An-P7w~90mr_>4w^j!V`Z8 zOrD_UqX<{U&fSKriXE!q&SXYD?a2qkY#8+?9u#L(n0Qc_k#n-+o@iaTPBimbpgLhR zh|4*-Q7;;&T_R8&8j~AY({ZX2gsK9XMQ2q)MA=B3D*C&A)J76h&SpkFe_lrR$rJhF zH*b)BkO^Y8wlfNEPL!D~fXE7L@T`EyYG|2AX!6FH(CmU!4clZ!Hjo;88H9_d48jdn z#RbcV(kEWv*))Fw)8-G$XD}i%B3cILfa;Oi+&FJJ3qfT{sJRD+ zVPZhTrZW>ZY;)oq4yMUF7mIIRvC@H!p!#G~%hBRT8R`>WScoBF3C)>Gh?oQygp(!M zc_yCWfE0x|bumxgxET_+-jf?P3E))6Iq{<~qd003Kyv^e)T!b?r`Av2u~}ns0h0w0 zhE6;v4^(M0dBYYBaFP}$QXi;@NAoF43MJ^gfIS{K{R<2iP`*HOTWk5`h8-M}HD>Zm Wp286ppjQxGV<0qRaN`qnV32)H+5soMgyFdw zF=H5+3$Yx&2VkZ;1_e3C0C?_*U@!%ud=j*zG6)~?u_65j7t%u*j^u-0jc+ghQ2hT; zrKp&D`lf1ub1gO5v^b7YQKMOHsZ6+@cdT&qs1)@#J-S{}(`w0K>2 z+iej;jJD*$_CGIEaj@_zELhUYPS5+3Pny_mqt7{EGY;EUp zJUQ0599%SKTlAfSb>qOM?*VL06i6Ts4Vvys3NJIL7i0re6Dy!Rwk$_6i)>AwanomNLyq$jmQFMtS diff --git a/test/database/__db.003 b/test/database/__db.003 index dc4d943dc3e13e5f3aea972c0ade4f2f09b1375c..c40c9a23a036ab7f53177d7c7a57251313fc7494 100644 GIT binary patch delta 129 zcmezWpY8vDwhapy88s&_WSqB7LLghjs}w-G%J7< fZWd_aU}RL^EZN#FFqwl}uzBOu?Hi{u`e^|G9z`2aJ=gJd%;b<`VL9+rQ$7aSB bamL9%*abFgv{nc(sx~j2x_#kP#yBkiHmEN! diff --git a/test/database/alock b/test/database/alock index d494d2008049e75ea10e25e81b7eef99af184443..c0eca35794171589952dfa495bf9cb082c33882b 100644 GIT binary patch delta 30 fcmZorXi(U|!6L}S00H?2mW6^?`kN(Lo^t~LTKonp delta 30 ecmZorXi(U|!6L{21$jT0go2p1n_M06TCyf%LVKABwMzg_aQ7~E(j+TU@CE;jEI9d{pmV~1vA?-^- GQGEcAowddQ delta 3216 zcmezW|3AxrAl~rt;bv3Dx%QhK7$=PqqhTJNjO>(j+TU@ LB_ZugLS{n%bnbR( diff --git a/test/test.bats b/test/test.bats index 228c499d..e01091e1 100644 --- a/test/test.bats +++ b/test/test.bats @@ -32,7 +32,7 @@ load test_helper @test "ldapsearch new database with strict TLS and custom ca/crt" { - run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/osixia/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt + run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/osixia/service/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin clear_container From 233d17147992dbf302757946fae912a47b76c998 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 16 Jul 2015 12:08:19 +0200 Subject: [PATCH 05/33] new baseimage --- image/Dockerfile | 4 ++-- image/service/slapd/container-start.sh | 9 --------- image/service/slapd/daemon.sh | 8 ++++++++ 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/image/Dockerfile b/image/Dockerfile index d7536329..4c4ce55e 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -2,7 +2,7 @@ FROM osixia/light-baseimage:0.1.0 MAINTAINER Bertrand Gouny # Use baseimage-docker's init system. -CMD ["/sbin/my_init"] +CMD ["/osixia/tool/run"] # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r openldap && useradd -r -g openldap openldap @@ -10,7 +10,7 @@ RUN groupadd -r openldap && useradd -r -g openldap openldap # Install OpenLDAP, ldap-utils and ssl-kit from baseimage, remove default ldap db RUN apt-get -y update && /sbin/install-service-available ssl-helper-gnutls \ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ - slapd ldap-utils ntp \ + slapd ldap-utils \ && rm -rf /var/lib/ldap /etc/ldap/slapd.d # Add service directory to /osixia diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 680ca346..37972bf0 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -14,8 +14,6 @@ chown -R openldap:openldap /var/lib/ldap chown -R openldap:openldap /etc/ldap chown -R openldap:openldap /osixia/service/slapd -/etc/init.d/ntp restart - # container first start if [ ! -e "$FIRST_START_DONE" ]; then @@ -237,13 +235,6 @@ EOF fi - - # stop OpenLDAP - SLAPD_PID=$(cat /run/slapd/slapd.pid) - echo "Kill slapd, pid: $SLAPD_PID" - kill -INT $SLAPD_PID - echo "ok" - touch $FIRST_START_DONE fi diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index 8faa5520..1b3a29c0 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -5,4 +5,12 @@ # see https://github.com/docker/docker/issues/8231 ulimit -n 1024 +# stop OpenLDAP +SLAPD_PID=$(cat /run/slapd/slapd.pid) +echo "Kill slapd, pid: $SLAPD_PID" +kill -INT $SLAPD_PID +echo "ok" + +sleep 2 + exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL From b7d3d378c0cc13c8fa7e58791bed9ca4c96da596 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 16 Jul 2015 15:35:51 +0200 Subject: [PATCH 06/33] tests --- image/env.yml | 2 ++ image/service/slapd/daemon.sh | 8 +++++++- test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes test/test.bats | 20 ++++++-------------- test/test_helper.bash | 22 +++++++++++++++------- 9 files changed, 30 insertions(+), 22 deletions(-) diff --git a/image/env.yml b/image/env.yml index be51c1e3..52324200 100644 --- a/image/env.yml +++ b/image/env.yml @@ -24,3 +24,5 @@ REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$BASE_DN" bindmethod=simple credentia REPLICATION_HOSTS: - ldap://ldap.example.org # The order must be the same on all ldap servers - ldap://ldap2.example.org + +IS_REPLICATION_TEST: false diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index 1b3a29c0..d22554a2 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -11,6 +11,12 @@ echo "Kill slapd, pid: $SLAPD_PID" kill -INT $SLAPD_PID echo "ok" -sleep 2 +sleep 5 + +# special replication test config +if [ "${IS_REPLICATION_TEST,,}" == "true" ]; then + echo "test wait 10 seconds" + sleep 10 +fi exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL diff --git a/test/database/__db.001 b/test/database/__db.001 index 76f9683dd9de3796734171c97a52087839f3bb99..3f3ee31071907545e2b17490048010194911d33e 100644 GIT binary patch delta 2094 zcmc&#Z%kWN6n}rtZC_gog)-=*bA^$KgRwfN7RO98TrxGmW(|l7CUjvFCjusD#zfbR zB@(m5)-E~COiV>Hki>+A#Fv@rDo(~ekiaC9q%o=A$i7%*3Jz<%_ubdhvAD0^r0?AK zyXXAQ@1A?!ZRToa=4xfAbkk4suX->4y6bg;j`W4m7G~S=bT8P$js0eiLKq;#4B@XY zipL`XvDVb9A%akZk0m7gze{ zumh780@k9e3(yJ9?-%VKfr1W+)I{81111Lp38_2MCxhf)4hJ66W);hkTQFX{lV*6C z27dp}6Ne;fArdAB_p!Wn^eyqmnODpV6@*|`53|z8qb+RDbSivHeOsw*Z~m}>F_1`^ z;XuP}o#B%M11ZKpE1)qjd?SPRPtLG9eR4seMh#C|yD7}1z29CttHUwUV4b3{ zhr&HiAB$Te0om?h2;*dXG3F_wkT%%b!X55YvCL11saI)Pj8$r1LRzg{f3B5Af@eqmN{@8Y7~z50!-E&`t)=^@1Ww zSS*oR4N$M7rE~uEO!-;!=Y613l8*b7ai5fxv!Cq+7y6n+MXhTR_f$O~uhxAMYsYQ5 zfObD#IZXSczZIN0u=H(p__}N}6i07rdl&lVxn069X63ExJQeEFtlTG+IDY5rsT8+e zckuX}{BXYG*qrP(WQ!E9S65qLsZ5mAU%J6B5!Ns!EFOe%)z=FhW>X5ZU;)(21JpqT z)j9}?Z8@Aa!eJ;k`*=QK_$ZddU^`9>fTDFD!zbwJu+g=X+w8NWlSi?BV80HQosLU* z=_S~zMq_YRr02C|gqFnA2Ic4*foC;|PEDfdz=jcc@vF}uC}MmX93>|n<=kyE+%6td z$3KVNO!m(g;f0F-l6|lV4^2V6Ll=-!ykzA(7@dM@gzMl`7pFF=3SGNLl@zt$$!pN8 zdVhdns$ab^%?c-}TW-LRS(MdJe`J-G=|=TR+it;m+L8N3z?4WpG~$;cDOW1!1;aj{ zaG;vuiiw4=VZ`s!QaSHBr$p+|I|#04w9lC>>*aOp?jiPl(2-l`uL6ZRWbE;Na4HI1t5=d~Z$9$4yFq#}JS@(T3ju zdAyJ*xSzl^reRcu&QPOUM;?b8qlDDpY5^%OO5fESSQMLJk`Rw}KV!9l^cS*5eL$9p ze>iE{IH1`Dm;&NwJc*?k5G@VrF?AiTV zXZ?}RBRUY&*W)}a_w?yJ+4XF^G1~@Dy}6gQK^5yO1w$tKXfqKvx(W!rKTV_y>Ba2D sWC8tCWJiw^W>QnQFGGyLp#+{b0&&F9;s5{u delta 2442 zcmbtWeQXp(6rb6hx$fTenrpAL*DttY`LfWSB-kUgNz+1X#K6&7tciczk*cUD7Y*1Z z#a?JgFENrXOPt1kEVTj>O-cx^l?au9)4?Ywj5H{An>7K^ae$^D? z^TT+*8N;QzDILn#NDcO%IEs6)XFCyo35BxnYH*PmS4rNDafC2;p87#XZ~?lo5%Zfp zs!zEwZp4XmUEBV{0*Yyo<&?1y@IDy?vi0B{ zFCgTYIj#+BcXKTuRMdYQ1B4uj0Q&g|-%5mMt`)qfm@(CF9&tVHo#t9#)|IEfDzrUx zt#=btf@@EYU*GQm-!Mc2B4jd`7gyN>Y?m$zpZrnLIpA*bqFkx8#wZ@LpAFbd>}@F+ z>m+tqI4R{mAtQT<>F?N}^HQKxD%DO-#5z*xo=}!B*JY6t8~5#scqYeHJ6`)y<%*Lf zRu9Em)e6}hhe zt>N`bbn$;*$l?oG4Z2INPJ|ZRi=z_XPpJi)}Tu?ietf47k zo}85OSN8I-x^Rx4F|0n}Dh-rDBtmg1`^&|<77{YJO30Q~m=|x&LXYMbil`qHC!^MM zBbmry$v)zed7Dqsp)bT1kU~Gc0c#x%SATj^3$wKkp)p z&sGT;v6&&%-^{Xl$WqqdO0+7cI>IHDIto4F!+8%sFW!MA{G!r+oX?51r-!_caT+V? zC57yGFWJnJy(E1RfEMx}3};mbaQK%QR@z3E_?rF{s<@Oa-b(_Xen1jDOS9d_}M)-tqhD^yl>+r!+L24FGsQo4>+ZzWoAVnpCMBz+Qh=slq^cr`22Xf``aX&@Mda6TOG35ja6<$5+o zX;|5aS-y+DRg}#&bMx5p5Dt-H!J$b~nUEhq^wcZ|>f>0|>`Ov(Gs81NUCmW6yljh$ z6Wo(VOG8mxgHS+1bz8!0h2 zpQZJ4LI^E8OR2nqmL6&sWNCvNcqKZ2q_QHYgb|aQ!Zyz<-GQ-w+ z=&pa*7u$a?T(FzQ(%Au>ZgOvzZRozse$we_d%qMUWMOAX-4Xer26g`RDlXao^Zc;# EFMpE)W&i*H diff --git a/test/database/__db.002 b/test/database/__db.002 index 88cbb9d23a49e0c2b11bca63a6daddf44d52f4d9..63155fc899031e4f3dd414bf878c34827640070f 100644 GIT binary patch delta 1794 zcmezWpX2|3jtvQnjFOWR8Kqg*GBGfCZEj>VXPo$eQ<6Q;p{t$&4n(1>$&3@Wk-BD4HtgPjtS7w{NNe84mL0}~4;3sh2J;z8lb2WE*NEP_PdBMC7Odx|mL4%a{Iba5DcAQlXDjZlq8FusE z<=u>+P}?+Lf*FhTFkM{GoB|GTxTehqW^sV+LMubibrE!n0J>u*Gfo%YY_n<&D>z0E z%qqa+HWeJXSQ+MH96{#;4LT)wNd+(M;8ExeRRfE1Q)pCsOgzBJ0rhp@!a)ig4!GSGkLG6HUB+mxjYJAHNH%WWSq+S31+=8V4~<1&y#@x%lP6A# SpLju_dB(2oGj=hiw*mla9)|V+ delta 2003 zcmezWpX2|3jtvQnjFFQQ8Kqh0F)=ViZf;~WXOz@ufP(An-P7w~90mr_>4w^j!V`Z8 zOrD_UqX<{U&fSKriXE!q&SXYD?a2qkY#8+?9u#L(n0Qclvc+be$v%4maN58!`QaRh zsvf-noHmF+ZP1w9$eNBY3(XyZlMOekPcC5cpoR*ZZV`mKMF`{;;#5(?J)>rT!<|}j z+`hSiZv_u8KQuBM+Ot_TC-0S(W@Mi{kuRS24OE<=JXrYY=D)401vUp5O9V|`z#{?F zc!3S4Moa^RHz&%>7Jz4q$tza!OgzJZnK953v(V&?GqGeJG*xVq4QCO~K3q`W;LkqX zlN}eUPY&4Qp$gCFXvG09)Er>J!N35_Y{HX!^kODn;Mp{P0u!$-RFYwO+N2qqbLVw4 zA~FY>IUG=>GMgLcEoUL9ObIoo;V?`LXxMaS;ta#$SVZvEsPn>B!?tOXHQ$(3@1oFn|MY9k6Yt4QF1m?`hbaZL&Jy@Sbz}gGf+ex*ytgM kp7x?AFWjU*Il$NhwIG^Yy2BWlK_i-H?AktK7h`%W0MOTMaR2}S diff --git a/test/database/__db.003 b/test/database/__db.003 index c40c9a23a036ab7f53177d7c7a57251313fc7494..4c0598c6527f4888e61ddd0dd63f0949e2748066 100644 GIT binary patch delta 123 zcmezWpY8vDwhapy83iUUWSl&COKZ&J2}~Z00-J9#?Y5nKfSF_Rfo7J;7R?fqcQ`~a za!eL<3u(lOHrIFmh~WY!PQ;M1& delta 134 zcmezWpY8vDwhapy88s&_WSqB7LLghjs}w-G%J7< kZWd_aU}RL^EZN#FFqwl}aP!8g75EdT%j delta 40 pcmZorXi(U|!6L}S00H?2mW6^?`kN(Lo-=P0_`p0-KwuFM3jnQI2|54( diff --git a/test/database/log.0000000001 b/test/database/log.0000000001 index d29f40bcbcd6befc1be60e7e368878a59dc9308b..7c3dff1568a7f382479a49173d65a15bca353a7e 100644 GIT binary patch delta 5277 zcmeH{e@v8h9LEm==??K2Fx(*1$hkR%4JNmPiQFv3CUS|Pb~~h|Xl;PYO&t-An5+B| zlHVZ)PC@3djXy-pv<;&3Vhc-PLg3vQndXlx2@snL=={9D->>7lr@#I0VUx%2i~GFx zem~E1pFkiG5}<$QhHuYnzHKnPZ7>+FI;tNA(^dTmWglN(K5v*lv61l5fV6f7sUO4C}4`<&WjZT0$hzPF7_BZEU+S9fc_A2`1Lb^6YGUq^?sf&&X zuq2CB4A?XLbX-cu$#!FkiLPX*fCU^^)%4mQBAGioB?ZZXS-WqQbth36!dOcV4D=Un z0M{CRkcRSs5Bpj5%^3EM*J2tYh(vLA*5I{AWZf0b`i_ORie?}%p^2KOfj9z{}Xox1U5{o zwynf5xc?$c_Sr4q3;q(LpOv{C7@aLg z!L_4%h+*`aPw8-)Afmjnns<0YM|=fcNv#KYhs7W;A@dw1$ohw3u)F2mO1y1mX7#Pf zI6!nMowj`Y^?Bqm%RJz))F_7Ei6PID@6rP>MDq7_&WJE9sNdWJL!>l-YYp3o!QlH< zX;e)RjmloCU_t{mPv+lZu<1%MUj_Nup>3 z0uvh4DR~md#9;fa@?FRi%NrFEMI-lbk!z4AR^|bRWq#Gn7qNpF8jbwYQ3%6a-pDTv zHA7)u80Ja?xYl4B7ltP;rBM+DxPb zl^7Qhm=HZo=4nd~YRqi21s&CY>Gwc?5A?5rz6$hBsBc1j6Y85#--P-m)HmVt--M0v FPXUpcz+3JNjO>(j+TU@ LB_ZugLQ#DHtdDkS diff --git a/test/test.bats b/test/test.bats index e01091e1..d5419ce3 100644 --- a/test/test.bats +++ b/test/test.bats @@ -9,7 +9,7 @@ load test_helper } @test "ldapsearch new database" { - +skip run_image -h ldap.example.org -e USE_TLS=false wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin @@ -20,7 +20,7 @@ load test_helper } @test "ldapsearch new database with strict TLS" { - +skip run_image -h ldap.example.org wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin @@ -31,7 +31,7 @@ load test_helper } @test "ldapsearch new database with strict TLS and custom ca/crt" { - +skip run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/osixia/service/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin @@ -44,7 +44,7 @@ load test_helper } @test "ldapsearch existing database and config" { - +skip run_image -h ldap.example.org -e USE_TLS=false -v $BATS_TEST_DIRNAME/database:/var/lib/ldap -v $BATS_TEST_DIRNAME/config:/etc/ldap/slapd.d wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=osixia,dc=net -D "cn=admin,dc=osixia,dc=net" -w admin @@ -62,11 +62,11 @@ load test_helper tmp_file="$BATS_TMPDIR/docker-test" # replication ldap server - LDAP_REPL_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -d $IMAGE_NAME) + LDAP_REPL_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true -d $NAME:$VERSION) LDAP_REPL_IP=$(get_container_ip_by_cid $LDAP_REPL_CID) # ldap server - run_image -h ldap.example.org -e USE_REPLICATION=true + run_image -h ldap.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true # add route to hosts docker exec $LDAP_REPL_CID /osixia/service/slapd/assets/test/add-host.sh $CONTAINER_IP ldap.example.org @@ -76,14 +76,6 @@ load test_helper wait_service slapd wait_service_by_cid $LDAP_REPL_CID slapd - # restart slapd - docker exec $LDAP_REPL_CID pkill slapd - docker exec $CONTAINER_ID pkill slapd - - # wait services on both servers - wait_service slapd - wait_service_by_cid $LDAP_REPL_CID slapd - # add user on ldap2.example.org docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/service/slapd/assets/test/new-user.ldif -h ldap2.example.org -ZZ diff --git a/test/test_helper.bash b/test/test_helper.bash index 31bdd438..4816d273 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -2,7 +2,7 @@ setup() { IMAGE_NAME="$NAME:$VERSION" } -# function relative to the current container / image +# function relative to the current container / image build_image() { #disable outputs docker build -t $IMAGE_NAME $BATS_TEST_DIRNAME/../image &> /dev/null @@ -34,12 +34,16 @@ is_service_running() { is_service_running_by_cid $CONTAINER_ID $1 } +is_file_exists() { + is_file_exists_by_cid $CONTAINER_ID $1 +} + wait_service() { wait_service_by_cid $CONTAINER_ID $@ } -# generic functions +# generic functions get_container_ip_by_cid() { local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1) echo "$IP" @@ -50,7 +54,7 @@ start_containers_by_cid() { do #disable outputs docker start $cid &> /dev/null - done + done } stop_containers_by_cid() { @@ -58,7 +62,7 @@ stop_containers_by_cid() { do #disable outputs docker stop $cid &> /dev/null - done + done } remove_containers_by_cid() { @@ -66,7 +70,7 @@ remove_containers_by_cid() { do #disable outputs docker rm $cid &> /dev/null - done + done } clear_containers_by_cid() { @@ -78,12 +82,16 @@ is_service_running_by_cid() { docker exec $1 ps cax | grep $2 > /dev/null } +is_file_exists_by_cid() { + docker exec $1 cat "/etc/my_init_startup_files_completed" > /dev/null 2>&1 +} + wait_service_by_cid() { cid=$1 # first wait image init end - while ! is_service_running_by_cid $cid syslog-ng + while ! is_file_exists_by_cid $cid /etc/my_init_startup_files_completed do sleep 1 done @@ -98,4 +106,4 @@ wait_service_by_cid() { done sleep 5 -} \ No newline at end of file +} From d3c0d6a214b7055079254b7f566e4786e88ac506 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 16 Jul 2015 15:36:25 +0200 Subject: [PATCH 07/33] tests --- test/test.bats | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/test.bats b/test/test.bats index d5419ce3..d81c3f8f 100644 --- a/test/test.bats +++ b/test/test.bats @@ -9,7 +9,7 @@ load test_helper } @test "ldapsearch new database" { -skip + run_image -h ldap.example.org -e USE_TLS=false wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin @@ -20,7 +20,7 @@ skip } @test "ldapsearch new database with strict TLS" { -skip + run_image -h ldap.example.org wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin @@ -31,7 +31,7 @@ skip } @test "ldapsearch new database with strict TLS and custom ca/crt" { -skip + run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/osixia/service/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin @@ -44,7 +44,7 @@ skip } @test "ldapsearch existing database and config" { -skip + run_image -h ldap.example.org -e USE_TLS=false -v $BATS_TEST_DIRNAME/database:/var/lib/ldap -v $BATS_TEST_DIRNAME/config:/etc/ldap/slapd.d wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=osixia,dc=net -D "cn=admin,dc=osixia,dc=net" -w admin From b03b895a1b9c4e5d983d3453805a79f2e7324595 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 16 Jul 2015 15:40:40 +0200 Subject: [PATCH 08/33] tests --- test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes test/test.bats | 2 +- 6 files changed, 1 insertion(+), 1 deletion(-) diff --git a/test/database/__db.001 b/test/database/__db.001 index 3f3ee31071907545e2b17490048010194911d33e..5a0800c3fea87e40a593819a869ef20d8122bb0a 100644 GIT binary patch delta 1196 zcmb_bQAkr^6u$r6|6lK&+t`?F#WJQvMUEOFX|!N$3VVo}NRkhMvq3Aue5xeLiA5`V z=yt>3haQ&9>LI~cc#9;>OpR6~LJCohdg~z;NTg|Y{(Cn}eeJ+@&i%e~zW<#2pSwI< zwme)m(1cK%5H8>yHaZqL4gtJlAy0y1ShXCnD@lWucPz@0opdCC zu+5!Mc_HcnQGOVlh{%!cX)g{VTW+4?8i8`A>H<9YVnrsQ15DWiPsfF~my8VMxOm}2 z<_FUEj?7G*@I%OTLT&^2%qe@4DVP+8P`kH3ukhgexRWWE@(K)Jt6=!8D?ELz$ihMM zZg^xZjn!4W;psydTUiqJnJ)ue4RDp|yr)=+80;2?FfBI2U^*Qwn!A8Z>Bg?Z!%}`) zPNdIkcqg?65vG{{s$3!Dh>M1UNW9_+BGnV*Q)oR0I5Kss?`rs_@)dSPQU%GOdP#sD zm;g-ldgL|0wn&tags#53KUo*y_sM z7*y&V&5lDykXrf*cNvkO-kAn5!bZt=Xnl`wS0D@RN5m<9f>%8Vmo7)P(i|e9tuV8N z4Gt!ha7QGA1041uu*H^A%XbRFd-pifrVX7sz86GjrYz}t&!qfLCdu8+28gwfW*<=VF_u=UBB=uL?nGRBtlV|sqlZxVS% j{S8=j#s3t#(7ktVK?}HggE~dfj8DxHH2I(Y`+R=^<%VZp delta 1129 zcmbtST}YEr82--LIs3kCIwzB9IALmpq=m*xErT@^Btl0c(NJiz%EDYhRHBgPMG--+ z1+QSFNq;wiFyZTBq?wt9MG{mnh(&i^EvPh5>^=MQC%WofocEmPeV^xh&-*>A{&=C+^gw~3I(1}5cp;V$FI1;(saPDJ)GW- zSJBe7=Hj;$<_+8&SkYFdPa<4_aL3-06NZ3CV>SvzXo)w-gF&zSql;*RO?~y_FySN$ zn8MT)8v(p`5(fP~#?+fDG~`wzoXk|M?a%Bnf{KL3f;HGwo?_d;RZSGNq?*_Z{wWS~ zPGTn%dVQ=gRp0D}&@mkOg$8C#fms*T>#sG94+&Mjwlg>7VsJXh>}J`j%g5UE5FKJB zb*7UYq=c#I-RxT-3V$DB^+-7|%)$h(c_ZvnjA@NCM@QIa0+DuP4m?06+!~1lU;VI$SN-la% zMl<+5TOmrgq7#K;$?#%@W~b)Iz()CHqc-6JN$zmmxZ?M06SHJ=Mgt25eh91@zHCIV z#r|rt#sXE0j|u7~IHcuOs*CelVnlasOsbg7B1(=3se_9{ses~eZ=cl_QX+_!GYNlN+oed2iq;{6Kr>u_t-@lvp*@f?Wg qcpIPt9S}+5HaN#HJF4eJ#?5pKEbIB0`h}A>>&&{|xc_r*A%6hTVM#^+ diff --git a/test/database/__db.002 b/test/database/__db.002 index 63155fc899031e4f3dd414bf878c34827640070f..f17342a90d101473c34f5b23b8a7c1e5a93522da 100644 GIT binary patch delta 1226 zcmdUuy)Oe{9LGKG=$)6kMkQAaO$-d8qzhXU13{uSNi6Lk7NR2)jh6@#y?&)FiI+wU zOji$4jiDwh8xye;|A5pzJlAkJCW~9{$?xU!eV*S-u_zUbk{%|ckw!?Ecv27A=3H6n zYv8AQqP;XC-Z7*-%Bm&C!DH4C5uy@zs)&d_%nPH5R41b4A#0MGCp9Bh5mhWi7cxiF zhSDF{(=#>@TjO6T{(DX<4f>^8ye_rjt|<(?sg0`3amBEzBiOG|>Adr%vg9_xh(aUH z8;a5GQkzBI-b((jhAS1tbGbtnxW%ho)uXWOW?3@tzlUHo)nPX-RXodMH!cR;(aJa? zK1fu*JDx`H&<=|a<&iQlOEGB2y)SfLNY*xaC^qKF=V=i zp=Et`g?94V)PXqXkfVXGzz{MgJ_P;!&`;TLs3>Gh$PrTwH)k>HORU)0k5*y){NQuO qPQ9{OS{Yi>$5cN<-g1i)FW#6bpU8W$lJg>XIl7R}pQrO=V(A?heriYn delta 1288 zcmezWpX2|3jtvQnjFOuZ850;K+4CH_>KWib6v~>+IPsm-iw8(9me zFUgM2SiF)na?pq|b~7WNKQANGpElLgr; zV8%feGH^o~ETF{90!pcym(J8-p1f0fZj10zK8@A7U&u#*KAC^DlP2GhU= zN@*Y?Hgl|KfG9sOOOT16ax@!3CNOeLW@O6;+qhws1uKX#`NP~wTt=y2OXJEge}Mc5 z3l$$|kSR@m$PCZ3-jf$@(x3cbb091e2To?(*#P7CPoB6DoTJfg=Yv|nIhm2Ke)5ZL zm7r3A(QER>t@@J_gghp1*rEZ7-D&!h12$U1ObY^<);{^d)<%M+fkS?B>h{IpBvL-P zVF$-#gMmwr%2S>ku*au)#;)x%b}^>6 F0s#3*_GthB diff --git a/test/database/__db.003 b/test/database/__db.003 index 4c0598c6527f4888e61ddd0dd63f0949e2748066..1fde4957307ba81c5a2574e6d687085d43934118 100644 GIT binary patch delta 89 zcmV-f0H*){{|5j62C$$30U(p10h0tk0001!VL%^~P?kB9kOD{nAhX#5H$DLpvk^gW v0Ra=UfkG!i0Sc25K{vDDgE#?`cm@!&D1~?s0UxuWm4`r+Xb2FqIM&DMbsisT delta 80 zcmV-W0I&c5{|5j62C$$30T7d+0h5!og-Al5kWVz;Da~;0R*!dg@+IU53`|_hd`6K1Q4@0*2n4mEFSCt diff --git a/test/database/alock b/test/database/alock index 87b84b96f716f2c664fa0f95a5472a7b0d46dd71..e0ebdb6be108c7241e19782c974aa9eb6fffbd26 100644 GIT binary patch delta 15 WcmZorXi(T7z{0d)^JXEIciaFdZv`v> delta 15 WcmZorXi(T7z{12dd$SPBJ8l3Y9Ry|o diff --git a/test/database/log.0000000001 b/test/database/log.0000000001 index 7c3dff1568a7f382479a49173d65a15bca353a7e..a10c4f59609f223e46d047940460232188f8e55c 100644 GIT binary patch delta 3691 zcmezW|3AxrAl?xColE*V14ASO1H;eO$roPun*{^8Iza9WQ+o$4AkD$R(7*_!LE<2K z_2%WF*Dt0!0GSMHfMQ`l`cUWOhc|sJZ$Pz1>Y7~!Y2}1!1&O0;)%yX_y7i!RI@9EX zlY}R~eQCxU1r!Cj#fX_R7b1H8mL=~7pr{2wZfb0%xD)*By-wNR~V-W?MMY2|@x z1&O0;W&RD(y8ASeAM}BOAg3G&1pA>C$OZYqoTowu><1B$2*@Omo3}w7ve}Svq5WnD r#z~{ZXc&y9gVAg-S`>_ygrgJNl5#W@SYd|lf45x delta 651 zcmWN=XIG5@007`~xww&}xFnURq=96VO4n=~O&V54R@tMhTwEEISyBB0ADrXI`O-PB z=Q-yIf*>6Dr|n-nx{!!2gk0oe!!B{D%Z!-ha#xt_N>f~As;f;i-8HT?>N?k(;RZ9^ zXqMULxXD~MyTv^7EpV%aZnMZ@ODuJ}JKSlRyDWFNd)(_jE39f zh(|qUo%J@@Xp_yhc-#}7^pvf(*=~oOc6r(}cH3jGeV+B4=e^)X`@Q64uXxn~uX)`Y z-t?A(4td)<-u0gMec(eM`Pe58JK|HH`P>)2bktYIeeE0Hn(&=tzW0M4{p7e4PWss| Ze)XH*{o$0;&iK<`&N}D(-&p8( Date: Thu, 16 Jul 2015 15:42:17 +0200 Subject: [PATCH 09/33] tests --- test/test.bats | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/test.bats b/test/test.bats index d8206801..42d456d9 100644 --- a/test/test.bats +++ b/test/test.bats @@ -50,7 +50,7 @@ load test_helper run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=osixia,dc=net -D "cn=admin,dc=osixia,dc=net" -w admin clear_container - chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true + chown -R $USER:$USER $BATS_TEST_DIRNAME || true [ "$status" -eq 0 ] @@ -76,10 +76,12 @@ load test_helper wait_service slapd wait_service_by_cid $LDAP_REPL_CID slapd + sleep 10 + # add user on ldap2.example.org docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/service/slapd/assets/test/new-user.ldif -h ldap2.example.org -ZZ - sleep 5 + sleep 10 # search user on ldap.example.org docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin -ZZ >> $tmp_file From 0e311d221027d80ddb8b2a20b4f2ce3636a829e3 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 16 Jul 2015 17:34:53 +0200 Subject: [PATCH 10/33] test --- image/env.yml | 2 +- test/config/cn=config.ldif | 0 test/config/cn=config/cn=module{0}.ldif | 0 test/config/cn=config/cn=schema.ldif | 0 .../cn=config/cn=schema/cn={0}core.ldif | 0 .../cn=config/cn=schema/cn={10}radius.ldif | 0 .../cn=config/cn=schema/cn={11}quota.ldif | 0 .../cn=config/cn=schema/cn={12}dnszone.ldif | 0 .../cn=config/cn=schema/cn={13}mmc.ldif | 0 .../cn=config/cn=schema/cn={1}cosine.ldif | 0 .../config/cn=config/cn=schema/cn={2}nis.ldif | 0 .../cn=schema/cn={3}inetorgperson.ldif | 0 .../cn=config/cn=schema/cn={4}ppolicy.ldif | 0 .../cn=config/cn=schema/cn={5}dhcp.ldif | 0 .../cn=config/cn=schema/cn={6}zarafa.ldif | 0 .../cn=config/cn=schema/cn={7}samba.ldif | 0 .../cn=config/cn=schema/cn={8}mail.ldif | 0 .../cn=schema/cn={9}openssh-lpk.ldif | 0 test/config/cn=config/olcBackend={0}hdb.ldif | 0 .../cn=config/olcDatabase={-1}frontend.ldif | 0 .../cn=config/olcDatabase={0}config.ldif | 0 test/config/cn=config/olcDatabase={1}hdb.ldif | 0 test/database/DB_CONFIG | 0 test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/dn2id.bdb | Bin test/database/id2entry.bdb | Bin test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes test/database/objectClass.bdb | Bin test/ssl/ca-test.crt | 0 test/ssl/dhparam.pem | 0 test/ssl/ldap-test.crt | 0 test/ssl/ldap-test.key | 0 test/test.bats | 10 +++++----- 36 files changed, 6 insertions(+), 6 deletions(-) mode change 100644 => 100755 test/config/cn=config.ldif mode change 100644 => 100755 test/config/cn=config/cn=module{0}.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={0}core.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={10}radius.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={11}quota.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={12}dnszone.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={13}mmc.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={1}cosine.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={2}nis.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={4}ppolicy.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={5}dhcp.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={6}zarafa.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={7}samba.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={8}mail.ldif mode change 100644 => 100755 test/config/cn=config/cn=schema/cn={9}openssh-lpk.ldif mode change 100644 => 100755 test/config/cn=config/olcBackend={0}hdb.ldif mode change 100644 => 100755 test/config/cn=config/olcDatabase={-1}frontend.ldif mode change 100644 => 100755 test/config/cn=config/olcDatabase={0}config.ldif mode change 100644 => 100755 test/config/cn=config/olcDatabase={1}hdb.ldif mode change 100644 => 100755 test/database/DB_CONFIG mode change 100644 => 100755 test/database/__db.001 mode change 100644 => 100755 test/database/__db.002 mode change 100644 => 100755 test/database/__db.003 mode change 100644 => 100755 test/database/alock mode change 100644 => 100755 test/database/dn2id.bdb mode change 100644 => 100755 test/database/id2entry.bdb mode change 100644 => 100755 test/database/log.0000000001 mode change 100644 => 100755 test/database/objectClass.bdb mode change 100644 => 100755 test/ssl/ca-test.crt mode change 100644 => 100755 test/ssl/dhparam.pem mode change 100644 => 100755 test/ssl/ldap-test.crt mode change 100644 => 100755 test/ssl/ldap-test.key diff --git a/image/env.yml b/image/env.yml index 52324200..d78bb14d 100644 --- a/image/env.yml +++ b/image/env.yml @@ -4,7 +4,7 @@ LDAP_ADMIN_PASSWORD: admin LDAP_CONFIG_PASSWORD: config #See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels. -LDAP_LOG_LEVEL: -1 +LDAP_LOG_LEVEL: 256 USE_TLS: true SSL_CRT_FILENAME: ldap.crt diff --git a/test/config/cn=config.ldif b/test/config/cn=config.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=module{0}.ldif b/test/config/cn=config/cn=module{0}.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema.ldif b/test/config/cn=config/cn=schema.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={0}core.ldif b/test/config/cn=config/cn=schema/cn={0}core.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={10}radius.ldif b/test/config/cn=config/cn=schema/cn={10}radius.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={11}quota.ldif b/test/config/cn=config/cn=schema/cn={11}quota.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={12}dnszone.ldif b/test/config/cn=config/cn=schema/cn={12}dnszone.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={13}mmc.ldif b/test/config/cn=config/cn=schema/cn={13}mmc.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={1}cosine.ldif b/test/config/cn=config/cn=schema/cn={1}cosine.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={2}nis.ldif b/test/config/cn=config/cn=schema/cn={2}nis.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif b/test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif b/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={5}dhcp.ldif b/test/config/cn=config/cn=schema/cn={5}dhcp.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={6}zarafa.ldif b/test/config/cn=config/cn=schema/cn={6}zarafa.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={7}samba.ldif b/test/config/cn=config/cn=schema/cn={7}samba.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={8}mail.ldif b/test/config/cn=config/cn=schema/cn={8}mail.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/cn=schema/cn={9}openssh-lpk.ldif b/test/config/cn=config/cn=schema/cn={9}openssh-lpk.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/olcBackend={0}hdb.ldif b/test/config/cn=config/olcBackend={0}hdb.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/olcDatabase={-1}frontend.ldif b/test/config/cn=config/olcDatabase={-1}frontend.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/olcDatabase={0}config.ldif b/test/config/cn=config/olcDatabase={0}config.ldif old mode 100644 new mode 100755 diff --git a/test/config/cn=config/olcDatabase={1}hdb.ldif b/test/config/cn=config/olcDatabase={1}hdb.ldif old mode 100644 new mode 100755 diff --git a/test/database/DB_CONFIG b/test/database/DB_CONFIG old mode 100644 new mode 100755 diff --git a/test/database/__db.001 b/test/database/__db.001 old mode 100644 new mode 100755 index 5a0800c3fea87e40a593819a869ef20d8122bb0a..3f0c735d66e4c95c214f75a94d293a48a605cabb GIT binary patch delta 957 zcmah|QAkr!7{32@&fMMFaQEt_EwR}!NFNGxXl$-F0-thVNkT#wf_hN$sVIdEi`nDl zLdS<76KlPc!h%CkSR#p#k{A|^VAVr!q0mE+VgI@J4sr`RaPEK3_y6B_zMpgM&U|EN zJ~DR>;ESO_i~LQpMwYFmK+QjbH&73CAOXT^P<*W+unt{QjVWif1L|0$k2LDTURLx{ z61Zg-J&9V28e_{Df*M^rm_JN15Gd4w)Q_nlwRYWsF>dIzJ0av-ao7KA_L@hak~CI2 zR>Z<;?)3Y$3&(IN4PtE{#*OaTA)$~kg02&tleWU7n)3;TgsmX(a)s}pceXVRyfy8Zfyx}>u;-4flq5o`^7Q~HZ0jEB!TRG< zqyV^Wm?l?D+CGamH%&eOmfxPSXrCUE-Z0i3Suklg7A)Gp;%?gJqM#{!`L&=aykVJ) zdmzm3uM1nkylty`gWPR_Bzp`rJF5;OxoQ>&1+_FQ$YBB2mJ~D zHq3}ilyV=Bp1iJWK^7#T&TB$-` zjuY1h!C0d8!9w7qizozZXem}PC@P3r^<7f%!JkN-&E0`X1s9gt{bs&zX4u)KLfcZI zEq@qbz|!Sl;jc=+_(E18x2G;B^N zTZ5Yr7Nr&YV$U4-x6&27gm5Rq+X83fepB~^HGv3C(aV%&9c}n_9s*YXaBrc>=~{9v zMpYMKj}x%N>%yv`H?vd{)X{hncswcRV7U)*2wd|LSHk58yrcbpss2ejnD#1;obtEa ziqrh^tmnXOApFxwl9s7pds%3ZM0x5IIqn0MKNvs<+TbAhvIYoSyh(a7epi;f1H873 zlQUJ?N}HA+CvO46ujFjn`#U7vjB#70tF)nMn|7#JODh)zjqte{K_k3njtu)i;kRCj zvPAJtS&gsBjTmTb5@=NYfG;wIGh*m#SsADra=X-=Zq@2Dvlj`JY?bME(8Q34N0it{ zsGG`*e!%9EHZIHN%VO{)mh_|VCXtOe+jf>23O+DK~R zGZwETjT|&$jNQ!0=g-S1Gnn&gcP@ z=ogr5Fg=1(iV>0;6ecTfs+jziiG6Ycive#=#_ z`~}S9=mfc_kr9WnW}6LHZD$1s?1#CP=y@CFY#ByG-bQzVGR)(k;DKd)A81@CO@7E+ z0n6XslNWB%pZs8RAWR@|GULt$7{`C|#EtscB8LxZf#qaIzWT{8wpD`SmeFhS#jX02 z6NEe_Z`cA(4Ab-{2W+&2nHB^zt$p%^t&Ql;#V`#Vqmxs&F9xTm^2rT5I5<_HR;o^( v2r(9-=tWD9r@DGGJc}HYOcdeS$aKFbn_nhw*i(;`TCjG?RMbvpRM;wQ*^dMxa zd>!oXnb6NJymo;PR)ozNR#DYH3aY(6A_|t>>!34 diff --git a/test/database/dn2id.bdb b/test/database/dn2id.bdb old mode 100644 new mode 100755 diff --git a/test/database/id2entry.bdb b/test/database/id2entry.bdb old mode 100644 new mode 100755 diff --git a/test/database/log.0000000001 b/test/database/log.0000000001 old mode 100644 new mode 100755 index a10c4f59609f223e46d047940460232188f8e55c..6455ffbfa030a9b461e85ba2eca5f8f0670b6c01 GIT binary patch delta 3663 zcmZ9OdsNP60LR}hNEfPCQADY{C`IX2&71q&D@^1vvMHCE`+YN^$ZdFyB$pY&4BIix ztvTj6wq%Xk*~w@e!`X0R?(g>Q`+c70tmnLce9qhRJ?HtJ@8|dHX1Cj2?ck`t&FAJD zgCX5uF!VW}T<}84Qs)rPxcI+?g5-OPuh@oSzSll??x-BC9*TG)zO5 zhR=P66YXs9ws!ifPy9C3u;$+JO>FR14a^-IYE?u3vW3^JJ?=NLj;}Vm2mK?5Js)8m z@<)o-EF9y}6IT-UyNC7sMq_IxY@&g_r%YW;t+3`kPO-TDD^=?4>YK+QzG?__UVo&i zj73J3f}$<;sbUl=1*#!!by71n7*zvv$A(*~A*)qphEty=UQVV} zj~&<85F(U%AZ5cfk3A3A5TY8GJ2q@l4bf&z=>kFyYkNp41vHRKrZ=viOC=_(qCy*O z&`jjKX*=-EP!0+cN(Yg0(4z~<3Tp zvLReGFn4UoQw^4QP3bFy95!mVRBF&rDxJ@Dag$0+SVaYW(0Js$d1w83XAUw6r9z|} zRJpL~CI^|+Am(gw`mRo?78!p%c;63AWJ6n_6yz=&(u)?oVMANhz}&H67BV*cn5Zf3 zM95*YcS)sZIP+KC#Gf}Cr4kcXQK7yzDA_~aygav}CkI6crF^7Rsveg7oP#3NAm(hT zD63Ptg^Yu~KGJV18zQNc;NdA7#w~d2%LcS9;Z5d_4H?MT@H#Fq%b9;;tPdZUz1AY7 z)7=+tIWqm}WrEioq%_NH(kWM%h4D5UX`=7y>Lpv3TeJr?8zD<~mdFS71J10=+xK#V zd{9hS$Lo4sXd`)ZTjp<1s2L?5)M%u9Q29G=B~mj=X)HA)}`4WXUczM2mM{ zqZ$^KTo*s%(W-&DV}rS|Y*^P#Q<{K~N(FnR(n*}DRMdM#YpKM9RaCg44f64pH@_V7 zQ2czw2&Mi=sWhQW%{eN?s6ouxVlJ{9231=z| zs+#&rDluUd6?$lc9;%xo-5Q2+P=ZhjZz7dS@=Y%|C_xQk&Xy{zVKFi)g`}ruvLR6@ z9aIfZ&b3&@hD6oC+_AynCmT+NYf6y_sdTASDlNsCN{vmo?@A>mtfGQGs9N33G5U$W zRb7RW(O)X1zd5pygSx6g%-K?{DP<$0QdPer;(rp0P%2ang~k#uHds^xbH|29sv)h7 zrWDvzD%GBqO4D(s(iWRJNhmd9BC4QJQ@+g8w!+iq1e}2ja0T^1eb4~7frh{xcmPk} z1sZ|Iz#I4gUtk1HfFJM&O+hmd00KdC&;kU3mY@{~1|gs|2nAsv9JB!@&=#}H z1RX#Whz1=&ClCW-L1z#L%%BU12MHh%yal=f3rGUpKzGms^aQ;?Z_o$44f=w9pg$M@ z27*CgFh~X|AQcP&L%}fc4j2y7zz8rBq=QjlG#CTMf_K3*1btOpywMqmY-z^7m{*a8Z{R!{`Cfnu=zgr{wX+x`ClGXNIt delta 3216 zcmezW|3AxrAl@MMXR|5eT>H%qjFU!*(J&ZI2cy|wv?v%Y2}eu9(UNeqBpfXXM@z!d Ll92W#;XN?`5T|x& diff --git a/test/database/objectClass.bdb b/test/database/objectClass.bdb old mode 100644 new mode 100755 diff --git a/test/ssl/ca-test.crt b/test/ssl/ca-test.crt old mode 100644 new mode 100755 diff --git a/test/ssl/dhparam.pem b/test/ssl/dhparam.pem old mode 100644 new mode 100755 diff --git a/test/ssl/ldap-test.crt b/test/ssl/ldap-test.crt old mode 100644 new mode 100755 diff --git a/test/ssl/ldap-test.key b/test/ssl/ldap-test.key old mode 100644 new mode 100755 diff --git a/test/test.bats b/test/test.bats index 42d456d9..10edb34e 100644 --- a/test/test.bats +++ b/test/test.bats @@ -37,7 +37,7 @@ load test_helper run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin clear_container - chown -R $USER:$USER $BATS_TEST_DIRNAME || true + chmod 777 -R test/config/ test/database/ test/ssl/ [ "$status" -eq 0 ] @@ -50,7 +50,7 @@ load test_helper run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=osixia,dc=net -D "cn=admin,dc=osixia,dc=net" -w admin clear_container - chown -R $USER:$USER $BATS_TEST_DIRNAME || true + chmod 777 -R test/config/ test/database/ test/ssl/ [ "$status" -eq 0 ] @@ -65,6 +65,8 @@ load test_helper LDAP_REPL_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true -d $NAME:$VERSION) LDAP_REPL_IP=$(get_container_ip_by_cid $LDAP_REPL_CID) + sleep 2 + # ldap server run_image -h ldap.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true @@ -76,12 +78,10 @@ load test_helper wait_service slapd wait_service_by_cid $LDAP_REPL_CID slapd - sleep 10 - # add user on ldap2.example.org docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/service/slapd/assets/test/new-user.ldif -h ldap2.example.org -ZZ - sleep 10 + sleep 5 # search user on ldap.example.org docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin -ZZ >> $tmp_file From dc1e25cf4c82bce30c2138d3fb439b5340b2054c Mon Sep 17 00:00:00 2001 From: ofreax Date: Thu, 16 Jul 2015 21:01:42 +0200 Subject: [PATCH 11/33] test --- image/Dockerfile | 2 +- image/env.yml | 2 -- image/service/slapd/container-start.sh | 6 ++++++ image/service/slapd/daemon.sh | 14 +------------- test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes 9 files changed, 8 insertions(+), 16 deletions(-) diff --git a/image/Dockerfile b/image/Dockerfile index 4c4ce55e..72a57f63 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -13,7 +13,7 @@ RUN apt-get -y update && /sbin/install-service-available ssl-helper-gnutls \ slapd ldap-utils \ && rm -rf /var/lib/ldap /etc/ldap/slapd.d -# Add service directory to /osixia +# Add service directory to /osixia/service ADD service /osixia/service # Use baseimage install-service script and clean all diff --git a/image/env.yml b/image/env.yml index d78bb14d..f4206f2f 100644 --- a/image/env.yml +++ b/image/env.yml @@ -24,5 +24,3 @@ REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$BASE_DN" bindmethod=simple credentia REPLICATION_HOSTS: - ldap://ldap.example.org # The order must be the same on all ldap servers - ldap://ldap2.example.org - -IS_REPLICATION_TEST: false diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 37972bf0..0b0f8449 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -234,6 +234,12 @@ EOF ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-disable.ldif || true fi + + # stop OpenLDAP + SLAPD_PID=$(cat /run/slapd/slapd.pid) + echo "Kill slapd, pid: $SLAPD_PID" + kill -INT $SLAPD_PID + echo "ok" touch $FIRST_START_DONE fi diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index d22554a2..f0de01dc 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -5,18 +5,6 @@ # see https://github.com/docker/docker/issues/8231 ulimit -n 1024 -# stop OpenLDAP -SLAPD_PID=$(cat /run/slapd/slapd.pid) -echo "Kill slapd, pid: $SLAPD_PID" -kill -INT $SLAPD_PID -echo "ok" - -sleep 5 - -# special replication test config -if [ "${IS_REPLICATION_TEST,,}" == "true" ]; then - echo "test wait 10 seconds" - sleep 10 -fi +sleep 3 exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL diff --git a/test/database/__db.001 b/test/database/__db.001 index 3f0c735d66e4c95c214f75a94d293a48a605cabb..8e36175f658f886ceeeb6fce11d1c93b74ab6ada 100755 GIT binary patch delta 922 zcmaJ=Z%9*76o2RK-nqB6;n>4bn=@V1(ou;b{aH|(iXQ|AmL(PRB4{6i>WdLc83rq` z=<#4TB5H~K`4T9rE!XiM_2Q^ZLegs2}7q{dxd-ycLSGxJ$DLJ zl7`A@g*{PxeDHJO)IMBF+XEo=p>2$`d=d)nMvc9r?Fgbm;m4huAA~}?r6BN1g$YYR zX)<(sw|gG9qNKKo#?7S9!Zfi%$`4TN?(#A*07r^lAV5$O$JT=R5^c4gY69m}t#E#?JHucjpo@j;mJ;|OxnM~P2@M4Gp|oE`C1hAw z(9bZ?^CQT_vY%4e;1Lv(NG6mdf<;TP)klA!&_|GB_sz^gx60H;&K<#{G>EbNXxF-DhJ-@Ws`egBjJpcs`gBkzBwYo8?^gKXD)cv5 zrne`!C+w88@pAt=nXLqSIs>p*>>VwWkm+nD{H?0qK?zE`Hd zKy5*fctmOX)8XUSOrx5$6Z%X|l)x{%w4J9Z?FO}Vx09pu2B;nGknPZFVdFkJQsQgk mJqo=8DpqEXwzN3V>g3<_WB%Q6;~4%?xV^Z`cp>0xIPnMX=h<)o diff --git a/test/database/__db.002 b/test/database/__db.002 index d2741ea7807f59bde657535963fe93c6dd4a05af..cbc013f8f9e174c07b0ae7ceec96cc9e3a9d2521 100755 GIT binary patch delta 1364 zcmezWpX2|3jtvQnjLe%8850;K!+ZZeuV;V*Q7DU(W#T)j$p;jCCO+VlKvTmGRZ}@R zk+}dS$pRG=g3|1h1*exYN=#;)u0OeeDG;U%D$5`OWyDQxWQCgnlN5w9Bxob4htF8N zk~DJAh%t6EBcDGnqsZimeDRYvNNX@^Y)+J6&z!8lD>1o&uVC_rRt=D3Ydd2AP@-R8 zaszXq05tJQGC~ps%Vfcg6&z4OsmV8)8z#SHVxQbG-2huMLwfp+iW&mwVf3lydUOPqGxrO%dHu4XLV(m-$6kH3w5u_oEzOICv38W33yLt-02Rq z#$fV?X#$KslP_-72SpuB+JExIjaUl-KB(#TlNtHyC-2zofNW^sSkC51rh|T7WJo2$dA2jie?%WARGT z$U!5<*v*W5{=AGrlPB`UPu?J{!Kku1QHDKpvI4Kfg4QCdxfKun? zr89MyC633MB4+{)s4|t!fwLPJ(Gx06)?;(yybUb4WTU|L<1pA`^ThcJn90%#brTMQ z%{CjZ+Rh3N+YfUq(K9#9H|bA) zusIMW5IC7}X9JAmKY8LteQfc=2Q}YvG9zF8g3ezi@|BCd~(AM4o(%Qm8z2`LX3qd`n#ir m0~(CcVAlezpR`MXQwXYD7?@&}CkO2DX`Zob`;1+T>8$|ES|Mrx diff --git a/test/database/__db.003 b/test/database/__db.003 index 16c81976d41699d393198ae4ec7f9b6bca6e899c..43618c5f0ef79fdea8d6164c6093c04989f2da63 100755 GIT binary patch delta 89 zcmV-f0H*){{|5j62C$$30icti0h0tk0RRA#VL%^~P?kB9kOD{nptIQmH$DMkvk^gW v0RfYm4`r+Xe1D`IM&DM^9~|Y delta 89 zcmV-f0H*){{|5j62C$$30g#iS0h0tE0RRA#VL%^~P?kB9kOD{nkh9qWH$DMavk^gW v0Re-vfkG!i0W^~lK{vDDgE#?`C?62BD1~?s0gtnxm4`r+=pYcYIM&DM($OK@ diff --git a/test/database/alock b/test/database/alock index 50627e3934aead1f7978202809475bde3d951d92..68d5b27fb9b34bfd19ba911ec038d40b796802fb 100755 GIT binary patch delta 15 WcmZorXi(T7z`~UDf3pzFJ8l3d6$L5) delta 15 WcmZorXi(T7z`}I<+-4z`ciaFfJ_T|B diff --git a/test/database/log.0000000001 b/test/database/log.0000000001 index 6455ffbfa030a9b461e85ba2eca5f8f0670b6c01..3854ed708a8de495d45ded20fc5ff0f4dfa26a30 100755 GIT binary patch delta 3710 zcmezW|3AxrAa2;g$S5IrQk;rch6^Oj zz|g=5q(R~!I{yFi(CZh|fx-+7Q9!XUAYEg580GBNsay@#5|vU$27C!;^Fs}#f}tFy`NV3RaKA|R7MI+0D9 z2NVYdlHqy1!yq3zLjvgO$Qcl5n&n94!e)OTy8TaI_>GEeUB_5*{)I E0E{~5*#H0l delta 3213 zcmezW|3AxrAa2;g$SASdlyR>8W(USeqr_+!jHZLpY%p3BjFyC>CE;jEI9d{pmV~1v N;b=)n(~_{&3IHc^bNc`Q From 956f6d8b68de2b4abc5be7ee3bc44a8789d96f9f Mon Sep 17 00:00:00 2001 From: ofreax Date: Fri, 17 Jul 2015 09:22:36 +0200 Subject: [PATCH 12/33] new test helper --- test/test_helper.bash | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/test_helper.bash b/test/test_helper.bash index 4816d273..21217c52 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -90,6 +90,8 @@ wait_service_by_cid() { cid=$1 + sleep 1 + # first wait image init end while ! is_file_exists_by_cid $cid /etc/my_init_startup_files_completed do From ac92d01222062e230c5ec38ed9eb79e1b6a49974 Mon Sep 17 00:00:00 2001 From: ofreax Date: Fri, 17 Jul 2015 11:40:39 +0200 Subject: [PATCH 13/33] yml -> yaml --- image/Dockerfile | 2 +- image/{env.yml => env.yaml} | 0 test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes 7 files changed, 1 insertion(+), 1 deletion(-) rename image/{env.yml => env.yaml} (100%) diff --git a/image/Dockerfile b/image/Dockerfile index 72a57f63..77ac4703 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -7,7 +7,7 @@ CMD ["/osixia/tool/run"] # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r openldap && useradd -r -g openldap openldap -# Install OpenLDAP, ldap-utils and ssl-kit from baseimage, remove default ldap db +# Install OpenLDAP, ldap-utils and ssl-helper from baseimage, remove default ldap db RUN apt-get -y update && /sbin/install-service-available ssl-helper-gnutls \ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ slapd ldap-utils \ diff --git a/image/env.yml b/image/env.yaml similarity index 100% rename from image/env.yml rename to image/env.yaml diff --git a/test/database/__db.001 b/test/database/__db.001 index 8e36175f658f886ceeeb6fce11d1c93b74ab6ada..0d947d1648daa67631bb19bc3f8970a046b2a836 100755 GIT binary patch delta 946 zcmah|?@Lor7{2e_IdebS+F0DBrt?}P*ocA=7DjF(6gP3Ol%yYYgQyQdeTYI5S{SUN zKHM&J41$(u?Mq;6aEJs^tS}53{U!pVe?SeQ4~4yF_YQIf9XPz_eV+3?@B4D@U71o> zrqqdJAWL8zhgK&Asl3KnDF%T;9_FDotAZrpJ0Xk2v%uPPEnwtqJ~^v0wV#Cavu?KF zro{iy^pGOk%|o5BWD7!_uC)|)kQDeeG#Wta+0*WVjIrC$Y1dw1AI40H9)0H$s3c`7 zWkq~j%=djLo$SD)w2XKAF*a`GdxS&6Q0)76H8z6c zq$h`|Xen{M^_9#@ZW=It+jo0@Al!y<>hWZ!+t6%*^#T!IVunw}eBngR_lpoK3=H>9 z)r#)LszfuxiP&@u_BktXSl8-VDh`fpI1W4A_}9}UEmNU(GXD?>^3)k}$^~KmWDp6Ao+0vWGbn879_hvV z(H!{mASA>l?Xl4z! nl_#C_26(ZvOu2q%&rP%bFBjIYhMTkaKjF6HuHg%AN9e#GU6T*4^9`HcYrrcJ--#3;OZ1>+e;$s;n142(eGYf>N* z0zhIG6BC6eFJKm6IwCV&F^oliVgdK`2i&YIg43Xi3N;}N@yQ>V#TmsXCaP~XU05-4SOUhgmykanItk=4T%WV{ZLS626SD;G$VfuR9rEr?F~zdZE%#dHTClR;ma zks%C7YiSr?0h!=3S&YrqEE*^ZGU3UrzDpnzT%aa^#L-RI2sMFId-6m!AKtq_F33q{ z8@0|dO~1&^Dm?iwnZqBb)vA zOKJecK>$WWcnl08(+@f^+H=B$H6|uXPY-ZrZSX<*Eh_=`xsM1F&hxGZ-2neAs+$&@1Wwy diff --git a/test/database/__db.002 b/test/database/__db.002 index cbc013f8f9e174c07b0ae7ceec96cc9e3a9d2521..adf61b4cfffd36bdc740c986eaebc36fc99dc634 100755 GIT binary patch delta 1341 zcmezWpX2|3jtvQnOp=V7lNjR}CDl(&s;p;#15qf;pJn1ZsmTWvd?r5N6hKqMK7C>- zqwwS$=G4h=nbC(d8MOqN!tn{XKH zwApagc2;n(ewbT{p0{Bxk77jRZFEN{!~6~kB3NkqOy=C^4m8yOSQx;>yeBW*q(Aw= zW_bJrPG;N*k01ZZ6E|Yb{(MmLT_-d0)lYu0trAp(FnUeCxK)30f{@4L4O_q|VVeHr zfQ^R0S(4z iuxo+VPuiuxDF#(84os}dlLPknG|$+zea0@v^i}{i;2@;{ delta 1355 zcmezWpX2|3jtvQnOw0_MlNjR}CBu9FKCfqh15qf8lV##NsmT-cd?r5Nlt5F%4pmb* zIgz=511iZfxpR8Md4-7wg(n}FB{I2yDG=QV5vUPylN(tJ&?N<-k`lC$ z)Wc^iUP&4`Xv7%1nUT+*mr-Q$M85dR8>BTDH8v;8uxCzQz#}oafv;flhgJ=cWNSNP z08pY|U~&U-o5O}3xR$X7pk$7Tm)0|O^7+@wD_z}RE*hArUKFijs>ItXUp zm4`r+Xe1D`IM&DM^9~|Y diff --git a/test/database/alock b/test/database/alock index 68d5b27fb9b34bfd19ba911ec038d40b796802fb..101f700dda23c9291bd585fabca2d3d14381ee42 100755 GIT binary patch delta 16 XcmZorXi(T7z`}fG%ZkmyEN{61F#84i delta 16 XcmZorXi(T7z`~sLfB9x%mbcshFLDLa diff --git a/test/database/log.0000000001 b/test/database/log.0000000001 index 3854ed708a8de495d45ded20fc5ff0f4dfa26a30..47c0b26e7303e5a9687012163220788eaace4140 100755 GIT binary patch delta 3710 zcmezW|3AxrAa2;gctl39M~0Chl7WFif2kca6OeYF{*jT`EJ-q!B7f6_a zp@9)dgTz7f#VspBuU|}e05Tb5Wf>X5fb^Ufk;Wh+JSH2yakcaWih@k&d>FwGGQk6C z0!SR)g!xbtSX89anI<2cBs}@;OEccnKv9s>7C+<2g@|7GVacl~$H-s-6s^s4u;d1* zRRZY-nF#UC$ZfM zWP~>;kj&&1ASTR+W(EhdH`D}>IJyZXKrxUBX9OVLSpejN9Oc~w@y<6O9~3YF8~3<_ zy(0n=0ht1F{!OS`HXAZ7wBPK&IBAp^4TI5iFq#cUi-OUTaI_>GEeS_U!qJj&v?LrY L329mq{x<*s=d|hI delta 656 zcmWm7=Qq%k*8`(rMo7uwB zx0O`3kw%DgwzGqs>>`8R>>-mZvf0Z%_LIW_aydvI`4mvdAr5ndqZDzB;}lauDP@#% zf(lM@ib_sXMKxzQ%Q?<-fs52oOC9wz&`1-_v~Y>bT;VF$xK1lKxXCSU)5aaz>EJG% z+@p*8Jm4XZcuY4>cuEh?=;b+m^z(uN1{q?Q5k`5*7~@P3<`u7*@3lV8mJ4TpaBF8(PAECl}p5NY{3 From 176d1a0ff08eb3acc10a7c854e841aa99ca4baaf Mon Sep 17 00:00:00 2001 From: ofreax Date: Fri, 17 Jul 2015 11:44:29 +0200 Subject: [PATCH 14/33] yml -> yaml --- image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/Dockerfile b/image/Dockerfile index 77ac4703..b9f766d6 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -20,7 +20,7 @@ ADD service /osixia/service RUN ./sbin/install-service && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Add default env variables -ADD env.yml /etc/env.yml +ADD env.yaml /etc/env.yaml # Set OpenLDAP data and config directories in a data volume VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"] From 7da159cc2893f29ea2205425c6693b5fce97bb15 Mon Sep 17 00:00:00 2001 From: ofreax Date: Fri, 17 Jul 2015 21:46:06 +0200 Subject: [PATCH 15/33] refacto --- image/env.yaml | 2 +- image/service/slapd/container-start.sh | 58 ++++++++++++++------------ 2 files changed, 33 insertions(+), 27 deletions(-) diff --git a/image/env.yaml b/image/env.yaml index f4206f2f..1e08d203 100644 --- a/image/env.yaml +++ b/image/env.yaml @@ -13,7 +13,7 @@ SSL_CA_CRT_FILENAME: ca.crt USE_REPLICATION: false -# variables $BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD and $SSL_* +# variables $BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD # are automaticaly replaced at run time # if you want to add replication to an existing ldap diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 0b0f8449..54aca658 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -104,7 +104,7 @@ EOF # start OpenLDAP echo "Starting openldap..." slapd -h "ldapi:///" -u openldap -g openldap - echo "ok" + echo "[ok]" # set bootstrap config part 2 if $BOOTSTRAP; then @@ -195,37 +195,41 @@ EOF # replication config if [ "${USE_REPLICATION,,}" == "true" ]; then - echo "Use replication" + if [ -e "$WAS_STARTED_WITH_REPLICATION" ]; then + echo "Replication already set" + else + echo "Use replication" - # copy template file - cp /osixia/service/slapd/assets/config/replication/replication-enable-template.ldif /osixia/service/slapd/assets/config/replication/replication-enable.ldif + # copy template file + cp /osixia/service/slapd/assets/config/replication/replication-enable-template.ldif /osixia/service/slapd/assets/config/replication/replication-enable.ldif - REPLICATION_HOSTS=($REPLICATION_HOSTS) - i=1 - for host in "${REPLICATION_HOSTS[@]}" - do + REPLICATION_HOSTS=($REPLICATION_HOSTS) + i=1 + for host in "${REPLICATION_HOSTS[@]}" + do - #host var contain a variable name, we access to the variable value and cast it to a table - host=${!host} + #host var contain a variable name, we access to the variable value and cast it to a table + host=${!host} - sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - ((i++)) - done + ((i++)) + done - get_base_dn - sed -i "s|\$BASE_DN|$BASE_DN|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + get_base_dn + sed -i "s|\$BASE_DN|$BASE_DN|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-enable.ldif - touch $WAS_STARTED_WITH_REPLICATION + ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-enable.ldif + touch $WAS_STARTED_WITH_REPLICATION + fi else @@ -233,13 +237,15 @@ EOF [[ -f "$WAS_STARTED_WITH_REPLICATION" ]] && rm -f "$WAS_STARTED_WITH_REPLICATION" ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-disable.ldif || true + rm -f $WAS_STARTED_WITH_REPLICATION + fi - + # stop OpenLDAP SLAPD_PID=$(cat /run/slapd/slapd.pid) echo "Kill slapd, pid: $SLAPD_PID" kill -INT $SLAPD_PID - echo "ok" + echo "[ok]" touch $FIRST_START_DONE fi From ed0569b297185f65a4356c2e32ef971be5145238 Mon Sep 17 00:00:00 2001 From: ofreax Date: Sat, 18 Jul 2015 21:22:06 +0200 Subject: [PATCH 16/33] yml->yaml --- README.md | 8 ++++---- image/service/slapd/daemon.sh | 2 -- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7ea03344..0b626d0b 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,7 @@ By default TLS is enable, a certificate is created with the container hostname ( #### Use your own certificate -Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yml** and rebuild the image ([see manual build](#manual-build)). +Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yaml** and rebuild the image ([see manual build](#manual-build)). Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/osixia/service/slapd/assets/ssl** and adjust there name with the following environment variables : @@ -161,7 +161,7 @@ If you are looking for a simple solution to administrate your ldap server you ca ## Environment Variables -Environement variables defaults are set in **image/env.yml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yml file as a docker volume to `/etc/env.yml`. See examples below. +Environement variables defaults are set in **image/env.yaml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yaml file as a docker volume to `/etc/env.yaml`. See examples below. General container configuration : - **LDAP_LOG_LEVEL**: Slap log level. defaults to `-1`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels. @@ -190,9 +190,9 @@ Environment variable can be set directly by adding the -e argument in the comman docker run -h ldap.example.org -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap -Or by setting your own `env.yml` file as a docker volume to `/etc/env.yml` +Or by setting your own `env.yaml` file as a docker volume to `/etc/env.yaml` - docker run -h ldap.example.org -v /data/my-ldap-env.yml:/etc/env.yml \ + docker run -h ldap.example.org -v /data/my-ldap-env.yaml:/etc/env.yaml \ -d osixia/openldap ## Manual build diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index f0de01dc..8faa5520 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -5,6 +5,4 @@ # see https://github.com/docker/docker/issues/8231 ulimit -n 1024 -sleep 3 - exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL From 54ff5f0cacfd26ef578859a556d947f8f7d4701e Mon Sep 17 00:00:00 2001 From: ofreax Date: Sun, 19 Jul 2015 21:06:36 +0200 Subject: [PATCH 17/33] readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0b626d0b..37e4d2fd 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ You can also use data volume containers. Please refer to : #### Use autogenerated certificate By default TLS is enable, a certificate is created with the container hostname (set by -h option eg: ldap.example.org). - docker run -h ldap.example.org -e SERVER_NAME=ldap.my-compagny.com -d osixia/openldap + docker run -h ldap.my-compagny.com -d osixia/openldap #### Use your own certificate From ead3be26353e952337f9489eeb0f777b964bc806 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 20 Jul 2015 10:09:53 +0200 Subject: [PATCH 18/33] add sleep at first start --- image/service/slapd/container-start.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 54aca658..1ba2d5d3 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -247,6 +247,8 @@ EOF kill -INT $SLAPD_PID echo "[ok]" + sleep 3 + touch $FIRST_START_DONE fi From 6e7d1138990a732bb1ce1cd8ea9e8b5aae1e661e Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 20 Jul 2015 13:21:25 +0200 Subject: [PATCH 19/33] update documentation --- README.md | 18 ++++++------------ image/service/slapd/assets/test/add-host.sh | 2 -- test/test.bats | 4 ++-- 3 files changed, 8 insertions(+), 16 deletions(-) delete mode 100755 image/service/slapd/assets/test/add-host.sh diff --git a/README.md b/README.md index 37e4d2fd..dfac366c 100644 --- a/README.md +++ b/README.md @@ -111,26 +111,20 @@ Add -e USE_TLS=false to the run command : ### Multi master replication Quick example, with the default config. -Create the first ldap server, save the container id in LDAP_CID and get its IP: - + #Create the first ldap server, save the container id in LDAP_CID and get its IP: LDAP_CID=$(docker run -h ldap.example.org -e USE_REPLICATION=true -d osixia/openldap) LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID) -Create the second ldap server, save the container id in LDAP2_CID and get its IP: - + #Create the second ldap server, save the container id in LDAP2_CID and get its IP: LDAP2_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -d osixia/openldap) LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID) -Add the pair "ip hostname" to /etc/hosts on each containers, -beacause ldap.example.org and ldap2.example.org are fake hostnames - - docker exec $LDAP_CID /osixia/service/slapd/assets/test/add-host.sh $LDAP2_IP ldap2.example.org - docker exec $LDAP2_CID /osixia/service/slapd/assets/test/add-host.sh $LDAP_IP ldap.example.org + #Add the pair "ip hostname" to /etc/hosts on each containers, + #beacause ldap.example.org and ldap2.example.org are fake hostnames -We reload slapd to let him take into consideration /etc/hosts changes + docker exec $LDAP_CID /sbin/add-host $LDAP2_IP ldap2.example.org + docker exec $LDAP2_CID /sbin/add-host $LDAP_IP ldap.example.org - docker exec $LDAP_CID pkill slapd - docker exec $LDAP2_CID pkill slapd That's it ! But a litle test to be sure : diff --git a/image/service/slapd/assets/test/add-host.sh b/image/service/slapd/assets/test/add-host.sh deleted file mode 100755 index 779daa7b..00000000 --- a/image/service/slapd/assets/test/add-host.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -e -echo $@ >> /etc/hosts diff --git a/test/test.bats b/test/test.bats index 10edb34e..4451ced3 100644 --- a/test/test.bats +++ b/test/test.bats @@ -71,8 +71,8 @@ load test_helper run_image -h ldap.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true # add route to hosts - docker exec $LDAP_REPL_CID /osixia/service/slapd/assets/test/add-host.sh $CONTAINER_IP ldap.example.org - docker exec $CONTAINER_ID /osixia/service/slapd/assets/test/add-host.sh $LDAP_REPL_IP ldap2.example.org + docker exec $LDAP_REPL_CID /sbin/add-host $CONTAINER_IP ldap.example.org + docker exec $CONTAINER_ID /sbin/add-host $LDAP_REPL_IP ldap2.example.org # wait services on both servers wait_service slapd From 1087b645f4282558620d044250bfcbd876d71883 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 20 Jul 2015 14:11:33 +0200 Subject: [PATCH 20/33] README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index dfac366c..fccb3310 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,6 @@ Quick example, with the default config. #Add the pair "ip hostname" to /etc/hosts on each containers, #beacause ldap.example.org and ldap2.example.org are fake hostnames - docker exec $LDAP_CID /sbin/add-host $LDAP2_IP ldap2.example.org docker exec $LDAP2_CID /sbin/add-host $LDAP_IP ldap.example.org From 28af217e8063c09dfc08db75b55c14c5a267d2e9 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 20 Jul 2015 17:59:19 +0200 Subject: [PATCH 21/33] update documentation --- README.md | 9 +++++---- image/service/slapd/container-start.sh | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index fccb3310..284409d9 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ It will create an empty ldap for the compagny **Example Inc.** and the domain ** By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example : - docker run -h ldap.example.org -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ + docker run -h ldap.my-compagny.com -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap #### Data persitance @@ -157,12 +157,13 @@ If you are looking for a simple solution to administrate your ldap server you ca Environement variables defaults are set in **image/env.yaml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yaml file as a docker volume to `/etc/env.yaml`. See examples below. General container configuration : -- **LDAP_LOG_LEVEL**: Slap log level. defaults to `-1`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels. +- **LDAP_LOG_LEVEL**: Slap log level. defaults to `256`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels. Required and used for new ldap server only : - **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.` - **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org` -- **LDAP_ADMIN_PASSWORD** Admin password. Defaults to `admin` +- **LDAP_ADMIN_PASSWORD** Ldap Admin password. Defaults to `admin` +- **LDAP_CONFIG_PASSWORD** Ldap Config password. Defaults to `config` TLS options : - **USE_TLS**: Add openldap TLS capabilities. Defaults to `true` @@ -198,7 +199,7 @@ Clone this project : Adapt Makefile, set your image NAME and VERSION, for example : NAME = osixia/openldap - VERSION = 0.10.0 + VERSION = 1.0.0 becomes : NAME = billy-the-king/openldap diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 1ba2d5d3..8a4bb816 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -208,7 +208,7 @@ EOF for host in "${REPLICATION_HOSTS[@]}" do - #host var contain a variable name, we access to the variable value and cast it to a table + #host var contain a variable name, we access to the variable value host=${!host} sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif From 2b9bfde57426800f11bcbd5af2ac4f66d5e41820 Mon Sep 17 00:00:00 2001 From: osixia Date: Mon, 20 Jul 2015 21:11:24 +0200 Subject: [PATCH 22/33] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 284409d9..219b9d2f 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ A docker image to run OpenLDAP. Fork of Nick Stenning docker-slapd : https://github.com/nickstenning/docker-slapd -Add support of TLS and multi master replication. +Add support of TLS, multi master replication and easy bootstrap. ## Quick start Run OpenLDAP docker image : From bbce5f8cc32b56f2e671a3b76c47f41f5ee6b349 Mon Sep 17 00:00:00 2001 From: osixia Date: Mon, 20 Jul 2015 21:19:26 +0200 Subject: [PATCH 23/33] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 219b9d2f..72db9e4e 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,7 @@ Environment variable can be set directly by adding the -e argument in the comman Or by setting your own `env.yaml` file as a docker volume to `/etc/env.yaml` - docker run -h ldap.example.org -v /data/my-ldap-env.yaml:/etc/env.yaml \ + docker run -h ldap.example.org -v /data/my-env.yaml:/etc/env.yaml \ -d osixia/openldap ## Manual build From 8dba0d996b583953f00d28cb8922e4850a9bdcdb Mon Sep 17 00:00:00 2001 From: ofreax Date: Mon, 20 Jul 2015 21:42:38 +0200 Subject: [PATCH 24/33] listen on localhost --- README.md | 18 +++++++++--------- image/service/slapd/daemon.sh | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 72db9e4e..b816064a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Add support of TLS, multi master replication and easy bootstrap. ## Quick start Run OpenLDAP docker image : - docker run -h ldap.example.org -d osixia/openldap + docker run -d osixia/openldap This start a new container with a OpenLDAP server running inside. The odd string printed by this command is the `CONTAINER_ID`. @@ -25,7 +25,7 @@ make sure to replace `CONTAINER_ID` by your container id : You should now be in the container terminal, and we can search on the ldap server : - ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin + ldapsearch -x -h localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin This should output : @@ -56,7 +56,7 @@ It will create an empty ldap for the compagny **Example Inc.** and the domain ** By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example : - docker run -h ldap.my-compagny.com -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ + docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap #### Data persitance @@ -77,7 +77,7 @@ Assuming you have a LDAP database on your docker host in the directory `/data/sl and the corresponding LDAP config files on your docker host in the directory `/data/slapd/config` simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slapd.d`: - docker run -h ldap.example.org -v /data/slapd/database:/var/lib/ldap \ + docker run -v /data/slapd/database:/var/lib/ldap \ -v /data/slapd/config:/etc/ldap/slapd.d -d osixia/openldap @@ -87,7 +87,7 @@ You can also use data volume containers. Please refer to : ### Using TLS #### Use autogenerated certificate -By default TLS is enable, a certificate is created with the container hostname (set by -h option eg: ldap.example.org). +By default TLS is enable, a certificate is created with the container hostname (it can be set by docker run -h option eg: ldap.example.org). docker run -h ldap.my-compagny.com -d osixia/openldap @@ -106,7 +106,7 @@ Or you can set your custom certificate at run time, by mouting a directory conta #### Disable TLS Add -e USE_TLS=false to the run command : - docker run -h ldap.example.org -e USE_TLS=false -d osixia/openldap + docker run -e USE_TLS=false -d osixia/openldap ### Multi master replication Quick example, with the default config. @@ -181,12 +181,12 @@ Replication options : Environment variable can be set directly by adding the -e argument in the command line, for example : - docker run -h ldap.example.org -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ + docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap Or by setting your own `env.yaml` file as a docker volume to `/etc/env.yaml` - docker run -h ldap.example.org -v /data/my-env.yaml:/etc/env.yaml \ + docker run -v /data/my-env.yaml:/etc/env.yaml \ -d osixia/openldap ## Manual build @@ -211,7 +211,7 @@ Build your image : Run your image : - docker run -h ldap.example.org -d billy-the-king/openldap:0.1.0 + docker run -d billy-the-king/openldap:0.1.0 ## Tests diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index 8faa5520..1064a824 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -5,4 +5,4 @@ # see https://github.com/docker/docker/issues/8231 ulimit -n 1024 -exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL +exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldap://localhost ldaps://localhost ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL From 7b09165350e10d226b63a2577327a27f96a6d1ab Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 21 Jul 2015 18:01:57 +0200 Subject: [PATCH 25/33] bootstrap --- .../ldif/{config-password.ldif => 01-config-password.ldif} | 0 .../bootstrap/ldif/{security.ldif => 02-security.ldif} | 0 .../slapd/assets/config/bootstrap/ldif/03-memberOf.ldif | 5 +++++ .../config/bootstrap/ldif/{index.ldif => 04-index.ldif} | 2 ++ .../service/slapd/assets/config/bootstrap/ldif/logging.ldif | 4 ---- 5 files changed, 7 insertions(+), 4 deletions(-) rename image/service/slapd/assets/config/bootstrap/ldif/{config-password.ldif => 01-config-password.ldif} (100%) rename image/service/slapd/assets/config/bootstrap/ldif/{security.ldif => 02-security.ldif} (100%) create mode 100644 image/service/slapd/assets/config/bootstrap/ldif/03-memberOf.ldif rename image/service/slapd/assets/config/bootstrap/ldif/{index.ldif => 04-index.ldif} (75%) delete mode 100644 image/service/slapd/assets/config/bootstrap/ldif/logging.ldif diff --git a/image/service/slapd/assets/config/bootstrap/ldif/config-password.ldif b/image/service/slapd/assets/config/bootstrap/ldif/01-config-password.ldif similarity index 100% rename from image/service/slapd/assets/config/bootstrap/ldif/config-password.ldif rename to image/service/slapd/assets/config/bootstrap/ldif/01-config-password.ldif diff --git a/image/service/slapd/assets/config/bootstrap/ldif/security.ldif b/image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif similarity index 100% rename from image/service/slapd/assets/config/bootstrap/ldif/security.ldif rename to image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif diff --git a/image/service/slapd/assets/config/bootstrap/ldif/03-memberOf.ldif b/image/service/slapd/assets/config/bootstrap/ldif/03-memberOf.ldif new file mode 100644 index 00000000..1be0a273 --- /dev/null +++ b/image/service/slapd/assets/config/bootstrap/ldif/03-memberOf.ldif @@ -0,0 +1,5 @@ +# Load memberof module +dn: cn=module{0},cn=config +changetype: modify +add: olcModuleLoad +olcModuleLoad: memberof diff --git a/image/service/slapd/assets/config/bootstrap/ldif/index.ldif b/image/service/slapd/assets/config/bootstrap/ldif/04-index.ldif similarity index 75% rename from image/service/slapd/assets/config/bootstrap/ldif/index.ldif rename to image/service/slapd/assets/config/bootstrap/ldif/04-index.ldif index 2105e61b..072604c0 100644 --- a/image/service/slapd/assets/config/bootstrap/ldif/index.ldif +++ b/image/service/slapd/assets/config/bootstrap/ldif/04-index.ldif @@ -2,5 +2,7 @@ dn: olcDatabase={1}hdb,cn=config changetype: modify replace: olcDbIndex +olcDbIndex: uid eq +olcDbIndex: memberOf eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq diff --git a/image/service/slapd/assets/config/bootstrap/ldif/logging.ldif b/image/service/slapd/assets/config/bootstrap/ldif/logging.ldif deleted file mode 100644 index 5494c101..00000000 --- a/image/service/slapd/assets/config/bootstrap/ldif/logging.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=config -changetype: modify -replace: olcLogLevel -olcLogLevel: stats From bc79aef48805629a9443765ce21186d946f1cafb Mon Sep 17 00:00:00 2001 From: ofreax Date: Tue, 21 Jul 2015 21:04:29 +0200 Subject: [PATCH 26/33] rename ldif files --- ...tion-enable-template.ldif => replication-enable.ldif} | 0 image/service/slapd/container-start.sh | 9 +++------ 2 files changed, 3 insertions(+), 6 deletions(-) rename image/service/slapd/assets/config/replication/{replication-enable-template.ldif => replication-enable.ldif} (100%) diff --git a/image/service/slapd/assets/config/replication/replication-enable-template.ldif b/image/service/slapd/assets/config/replication/replication-enable.ldif similarity index 100% rename from image/service/slapd/assets/config/replication/replication-enable-template.ldif rename to image/service/slapd/assets/config/replication/replication-enable.ldif diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 8a4bb816..3cc83d7b 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -138,14 +138,14 @@ EOF # set config password CONFIG_PASSWORD_ENCRYPTED=$(slappasswd -s $LDAP_CONFIG_PASSWORD) - sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /osixia/service/slapd/assets/config/bootstrap/ldif/config-password.ldif + sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /osixia/service/slapd/assets/config/bootstrap/ldif/01-config-password.ldif # adapt security config file get_base_dn - sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/service/slapd/assets/config/bootstrap/ldif/security.ldif + sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/service/slapd/assets/config/bootstrap/ldif/02-security.ldif # process config files - for f in $(find /osixia/service/slapd/assets/config/bootstrap/ldif -name \*.ldif -type f); do + for f in $(find /osixia/service/slapd/assets/config/bootstrap/ldif -name \*.ldif -type f | sort); do echo "Processing file ${f}" ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f done @@ -200,9 +200,6 @@ EOF else echo "Use replication" - # copy template file - cp /osixia/service/slapd/assets/config/replication/replication-enable-template.ldif /osixia/service/slapd/assets/config/replication/replication-enable.ldif - REPLICATION_HOSTS=($REPLICATION_HOSTS) i=1 for host in "${REPLICATION_HOSTS[@]}" From e29a92bd0f1b8532f238d8793d760407cb226407 Mon Sep 17 00:00:00 2001 From: ofreax Date: Wed, 22 Jul 2015 21:52:58 +0200 Subject: [PATCH 27/33] modify baseimage tool --- image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/Dockerfile b/image/Dockerfile index b9f766d6..d3603689 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -8,7 +8,7 @@ CMD ["/osixia/tool/run"] RUN groupadd -r openldap && useradd -r -g openldap openldap # Install OpenLDAP, ldap-utils and ssl-helper from baseimage, remove default ldap db -RUN apt-get -y update && /sbin/install-service-available ssl-helper-gnutls \ +RUN apt-get -y update && /sbin/add-service-available ssl-helper-gnutls \ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ slapd ldap-utils \ && rm -rf /var/lib/ldap /etc/ldap/slapd.d From 18abe3cfc05888c95c62fcce9b7398cd94a75d71 Mon Sep 17 00:00:00 2001 From: ofreax Date: Wed, 22 Jul 2015 23:02:52 +0200 Subject: [PATCH 28/33] new baseimage --- image/Dockerfile | 37 +++++++++++++++++--------- image/service/slapd/container-start.sh | 7 ++--- image/service/slapd/install.sh | 11 ++++++++ test/test.bats | 2 +- 4 files changed, 39 insertions(+), 18 deletions(-) create mode 100644 image/service/slapd/install.sh diff --git a/image/Dockerfile b/image/Dockerfile index d3603689..3ab934aa 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,23 +1,36 @@ FROM osixia/light-baseimage:0.1.0 MAINTAINER Bertrand Gouny -# Use baseimage-docker's init system. +# Use osixia/light-baseimage's init system. CMD ["/osixia/tool/run"] -# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r openldap && useradd -r -g openldap openldap - -# Install OpenLDAP, ldap-utils and ssl-helper from baseimage, remove default ldap db -RUN apt-get -y update && /sbin/add-service-available ssl-helper-gnutls \ - && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ - slapd ldap-utils \ - && rm -rf /var/lib/ldap /etc/ldap/slapd.d - # Add service directory to /osixia/service ADD service /osixia/service -# Use baseimage install-service script and clean all -RUN ./sbin/install-service && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# Scripts /sbin/add-service-available +# /sbin/install-service and /sbin/clean-container +# are tools from osixia/light-baseimage +RUN /sbin/add-service-available ssl-helper-gnutls \ + && /sbin/install-service \ + && /sbin/clean-container + +# /sbin/add-service-available ssl-helper-gnutls +# Add ssl-helper-gnutls, used to generate TLS default certificates + +# /sbin/install-service +# make an apt-get update +# run /osixia/service/*/install.sh +# link /osixia/service/*/container-start.sh to /etc/my_init.d/* +# link /osixia/service/*/daemon.sh to /etc/service/*/run + +# Files in /etc/my_init.d will be run during container start, +# Files in /etc/service/*/run are the process run by the docker image + +# /sbin/clean-container remove unnecessary files + +# More information : +# https://github.com/osixia/docker-light-baseimage + # Add default env variables ADD env.yaml /etc/env.yaml diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 3cc83d7b..4efcc714 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -109,11 +109,8 @@ EOF # set bootstrap config part 2 if $BOOTSTRAP; then - # add ppolicy schema if not already exists - ADD_PPOLICY=$(is_new_schema ppolicy) - if [ "$ADD_PPOLICY" -eq 1 ]; then - ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif - fi + # add ppolicy schema + ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif # convert schemas to ldif SCHEMAS="" diff --git a/image/service/slapd/install.sh b/image/service/slapd/install.sh new file mode 100644 index 00000000..e00f794e --- /dev/null +++ b/image/service/slapd/install.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e + +# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added +RUN groupadd -r openldap && useradd -r -g openldap openldap + +# Install OpenLDAP, ldap-utils +LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ +slapd ldap-utils + +# Remove default ldap db +rm -rf /var/lib/ldap /etc/ldap/slapd.d diff --git a/test/test.bats b/test/test.bats index 4451ced3..5e30cdac 100644 --- a/test/test.bats +++ b/test/test.bats @@ -65,7 +65,7 @@ load test_helper LDAP_REPL_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true -d $NAME:$VERSION) LDAP_REPL_IP=$(get_container_ip_by_cid $LDAP_REPL_CID) - sleep 2 + sleep 1 # ldap server run_image -h ldap.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true From 6ded468cd7cb238f3a9df3cdb46d95811bfafa74 Mon Sep 17 00:00:00 2001 From: ofreax Date: Wed, 22 Jul 2015 23:04:31 +0200 Subject: [PATCH 29/33] delete RUN --- image/service/slapd/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/service/slapd/install.sh b/image/service/slapd/install.sh index e00f794e..640e0ac5 100644 --- a/image/service/slapd/install.sh +++ b/image/service/slapd/install.sh @@ -1,7 +1,7 @@ #!/bin/bash -e # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r openldap && useradd -r -g openldap openldap +groupadd -r openldap && useradd -r -g openldap openldap # Install OpenLDAP, ldap-utils LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ From a4c85cd70975a3090a5158aec482e403874daffd Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 23 Jul 2015 10:44:57 +0200 Subject: [PATCH 30/33] new baseimage --- README.md | 6 +- image/Dockerfile | 53 ++++++++--------- .../slapd/assets/config/tls/tls-enable.ldif | 8 +-- image/service/slapd/assets/ssl/README.md | 2 +- image/service/slapd/container-start.sh | 58 +++++++++---------- image/service/slapd/install.sh | 11 ---- test/test.bats | 4 +- 7 files changed, 62 insertions(+), 80 deletions(-) delete mode 100644 image/service/slapd/install.sh diff --git a/README.md b/README.md index b816064a..bdf44550 100644 --- a/README.md +++ b/README.md @@ -95,9 +95,9 @@ By default TLS is enable, a certificate is created with the container hostname ( Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yaml** and rebuild the image ([see manual build](#manual-build)). -Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/osixia/service/slapd/assets/ssl** and adjust there name with the following environment variables : +Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/container/service/slapd/assets/ssl** and adjust there name with the following environment variables : - docker run -h ldap.example.org -v /path/to/certifates:/osixia/service/slapd/assets/ssl \ + docker run -h ldap.example.org -v /path/to/certifates:/container/service/slapd/assets/ssl \ -e SSL_CRT_FILENAME=my-ldap.crt \ -e SSL_KEY_FILENAME=my-ldap.key \ -e SSL_CA_CRT_FILENAME=the-ca.crt \ @@ -129,7 +129,7 @@ That's it ! But a litle test to be sure : Add a new user "billy" on the first ldap server - docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/service/slapd/assets/test/new-user.ldif -h ldap.example.org -ZZ + docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/new-user.ldif -h ldap.example.org -ZZ Search on the second ldap server, and billy should show up ! diff --git a/image/Dockerfile b/image/Dockerfile index 3ab934aa..ef9947f3 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,36 +1,29 @@ FROM osixia/light-baseimage:0.1.0 MAINTAINER Bertrand Gouny -# Use osixia/light-baseimage's init system. -CMD ["/osixia/tool/run"] - -# Add service directory to /osixia/service -ADD service /osixia/service - -# Scripts /sbin/add-service-available -# /sbin/install-service and /sbin/clean-container -# are tools from osixia/light-baseimage -RUN /sbin/add-service-available ssl-helper-gnutls \ - && /sbin/install-service \ - && /sbin/clean-container - -# /sbin/add-service-available ssl-helper-gnutls -# Add ssl-helper-gnutls, used to generate TLS default certificates - -# /sbin/install-service -# make an apt-get update -# run /osixia/service/*/install.sh -# link /osixia/service/*/container-start.sh to /etc/my_init.d/* -# link /osixia/service/*/daemon.sh to /etc/service/*/run - -# Files in /etc/my_init.d will be run during container start, -# Files in /etc/service/*/run are the process run by the docker image - -# /sbin/clean-container remove unnecessary files - -# More information : -# https://github.com/osixia/docker-light-baseimage - +# Use baseimage's init system. +# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/run +CMD ["/container/tool/run"] + +# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added +RUN groupadd -r openldap && useradd -r -g openldap openldap + +# Install OpenLDAP, ldap-utils and ssl-helper from baseimage and remove default ldap db +# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service-available +RUN apt-get -y update \ + && /container/tool/install-service-available ssl-helper-gnutls \ + && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ + slapd ldap-utils \ + && rm -rf /var/lib/ldap /etc/ldap/slapd.d + +# Add service directory to /container/service +ADD service /container/service + +# Use baseimage install-service script and clean all +# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service +RUN /container/tool/install-service \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Add default env variables ADD env.yaml /etc/env.yaml diff --git a/image/service/slapd/assets/config/tls/tls-enable.ldif b/image/service/slapd/assets/config/tls/tls-enable.ldif index 3f9d18ca..8735f28c 100644 --- a/image/service/slapd/assets/config/tls/tls-enable.ldif +++ b/image/service/slapd/assets/config/tls/tls-enable.ldif @@ -4,16 +4,16 @@ replace: olcTLSCipherSuite olcTLSCipherSuite: SECURE256:-VERS-SSL3.0 - replace: olcTLSCACertificateFile -olcTLSCACertificateFile: /osixia/service/slapd/assets/ssl/ca.crt +olcTLSCACertificateFile: /container/service/slapd/assets/ssl/ca.crt - replace: olcTLSCertificateFile -olcTLSCertificateFile: /osixia/service/slapd/assets/ssl/ldap.crt +olcTLSCertificateFile: /container/service/slapd/assets/ssl/ldap.crt - replace: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /osixia/service/slapd/assets/ssl/ldap.key +olcTLSCertificateKeyFile: /container/service/slapd/assets/ssl/ldap.key - replace: olcTLSDHParamFile -olcTLSDHParamFile: /osixia/service/slapd/assets/ssl/dhparam.pem +olcTLSDHParamFile: /container/service/slapd/assets/ssl/dhparam.pem - replace: olcTLSVerifyClient olcTLSVerifyClient: demand diff --git a/image/service/slapd/assets/ssl/README.md b/image/service/slapd/assets/ssl/README.md index a06b6285..ea3a627f 100644 --- a/image/service/slapd/assets/ssl/README.md +++ b/image/service/slapd/assets/ssl/README.md @@ -1,2 +1,2 @@ Add your ssl crt, key and ca crt here -or during docker run mount a data volume with thoses files to /osixia/service/slapd/assets/ssl +or during docker run mount a data volume with thoses files to /container/service/slapd/assets/ssl diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 4efcc714..1e344c11 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -12,7 +12,7 @@ ulimit -n 1024 #fix file permissions chown -R openldap:openldap /var/lib/ldap chown -R openldap:openldap /etc/ldap -chown -R openldap:openldap /osixia/service/slapd +chown -R openldap:openldap /container/service/slapd # container first start if [ ! -e "$FIRST_START_DONE" ]; then @@ -44,13 +44,13 @@ if [ ! -e "$FIRST_START_DONE" ]; then local LDAP_KEY=$3 # check certificat and key or create it - /sbin/ssl-helper "/osixia/service/slapd/assets/ssl/$LDAP_CRT" "/osixia/service/slapd/assets/ssl/$LDAP_KEY" --ca-crt=/osixia/service/slapd/assets/ssl/$CA_CRT --gnutls + /sbin/ssl-helper "/container/service/slapd/assets/ssl/$LDAP_CRT" "/container/service/slapd/assets/ssl/$LDAP_KEY" --ca-crt=/container/service/slapd/assets/ssl/$CA_CRT --gnutls # create DHParamFile if not found - [ -f /osixia/service/slapd/assets/ssl/dhparam.pem ] || openssl dhparam -out /osixia/service/slapd/assets/ssl/dhparam.pem 2048 + [ -f /container/service/slapd/assets/ssl/dhparam.pem ] || openssl dhparam -out /container/service/slapd/assets/ssl/dhparam.pem 2048 # fix file permissions - chown -R openldap:openldap /osixia/service/slapd + chown -R openldap:openldap /container/service/slapd } @@ -114,13 +114,13 @@ EOF # convert schemas to ldif SCHEMAS="" - for f in $(find /osixia/service/slapd/assets/config/bootstrap/schema -name \*.schema -type f); do + for f in $(find /container/service/slapd/assets/config/bootstrap/schema -name \*.schema -type f); do SCHEMAS="$SCHEMAS ${f}" done - /osixia/service/slapd/assets/schema-to-ldif.sh "$SCHEMAS" + /container/service/slapd/assets/schema-to-ldif.sh "$SCHEMAS" # add schemas - for f in $(find /osixia/service/slapd/assets/config/bootstrap/schema -name \*.ldif -type f); do + for f in $(find /container/service/slapd/assets/config/bootstrap/schema -name \*.ldif -type f); do echo "Processing file ${f}" # add schema if not already exists SCHEMA=$(basename "${f}" .ldif) @@ -135,14 +135,14 @@ EOF # set config password CONFIG_PASSWORD_ENCRYPTED=$(slappasswd -s $LDAP_CONFIG_PASSWORD) - sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /osixia/service/slapd/assets/config/bootstrap/ldif/01-config-password.ldif + sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /container/service/slapd/assets/config/bootstrap/ldif/01-config-password.ldif # adapt security config file get_base_dn - sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/service/slapd/assets/config/bootstrap/ldif/02-security.ldif + sed -i "s|dc=example,dc=org|$BASE_DN|g" /container/service/slapd/assets/config/bootstrap/ldif/02-security.ldif # process config files - for f in $(find /osixia/service/slapd/assets/config/bootstrap/ldif -name \*.ldif -type f | sort); do + for f in $(find /container/service/slapd/assets/config/bootstrap/ldif -name \*.ldif -type f | sort); do echo "Processing file ${f}" ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f done @@ -157,11 +157,11 @@ EOF check_tls_files $SSL_CA_CRT_FILENAME $SSL_CRT_FILENAME $SSL_KEY_FILENAME # adapt tls ldif - sed -i "s,/osixia/service/slapd/assets/ssl/ca.crt,/osixia/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /osixia/service/slapd/assets/config/tls/tls-enable.ldif - sed -i "s,/osixia/service/slapd/assets/ssl/ldap.crt,/osixia/service/slapd/assets/ssl/${SSL_CRT_FILENAME},g" /osixia/service/slapd/assets/config/tls/tls-enable.ldif - sed -i "s,/osixia/service/slapd/assets/ssl/ldap.key,/osixia/service/slapd/assets/ssl/${SSL_KEY_FILENAME},g" /osixia/service/slapd/assets/config/tls/tls-enable.ldif + sed -i "s,/container/service/slapd/assets/ssl/ca.crt,/container/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /container/service/slapd/assets/config/tls/tls-enable.ldif + sed -i "s,/container/service/slapd/assets/ssl/ldap.crt,/container/service/slapd/assets/ssl/${SSL_CRT_FILENAME},g" /container/service/slapd/assets/config/tls/tls-enable.ldif + sed -i "s,/container/service/slapd/assets/ssl/ldap.key,/container/service/slapd/assets/ssl/${SSL_KEY_FILENAME},g" /container/service/slapd/assets/config/tls/tls-enable.ldif - ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/tls/tls-enable.ldif + ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/tls/tls-enable.ldif [[ -f "$WAS_STARTED_WITH_TLS" ]] && rm -f "$WAS_STARTED_WITH_TLS" touch $WAS_STARTED_WITH_TLS @@ -171,20 +171,20 @@ EOF chmod +x $WAS_STARTED_WITH_TLS # ldap client config - sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf + sed -i "s,TLS_CACERT.*,TLS_CACERT /container/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf echo "TLS_REQCERT demand" >> /etc/ldap/ldap.conf [[ -f "$HOME/.ldaprc" ]] && rm -f $HOME/.ldaprc touch $HOME/.ldaprc - echo "TLS_CERT /osixia/service/slapd/assets/ssl/${SSL_CRT_FILENAME}" >> $HOME/.ldaprc - echo "TLS_KEY /osixia/service/slapd/assets/ssl/${SSL_KEY_FILENAME}" >> $HOME/.ldaprc + echo "TLS_CERT /container/service/slapd/assets/ssl/${SSL_CRT_FILENAME}" >> $HOME/.ldaprc + echo "TLS_KEY /container/service/slapd/assets/ssl/${SSL_KEY_FILENAME}" >> $HOME/.ldaprc else echo "Don't use TLS" [[ -f "$WAS_STARTED_WITH_TLS" ]] && rm -f "$WAS_STARTED_WITH_TLS" - ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/tls/tls-disable.ldif || true + ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/tls/tls-disable.ldif || true fi @@ -205,23 +205,23 @@ EOF #host var contain a variable name, we access to the variable value host=${!host} - sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /container/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /container/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /container/service/slapd/assets/config/replication/replication-enable.ldif ((i++)) done get_base_dn - sed -i "s|\$BASE_DN|$BASE_DN|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$BASE_DN|$BASE_DN|g" /container/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /container/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /container/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif - sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /osixia/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS }}/d" /container/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /container/service/slapd/assets/config/replication/replication-enable.ldif + sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /container/service/slapd/assets/config/replication/replication-enable.ldif - ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-enable.ldif + ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/replication/replication-enable.ldif touch $WAS_STARTED_WITH_REPLICATION fi @@ -229,7 +229,7 @@ EOF echo "Don't use replication" [[ -f "$WAS_STARTED_WITH_REPLICATION" ]] && rm -f "$WAS_STARTED_WITH_REPLICATION" - ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/service/slapd/assets/config/replication/replication-disable.ldif || true + ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/replication/replication-disable.ldif || true rm -f $WAS_STARTED_WITH_REPLICATION diff --git a/image/service/slapd/install.sh b/image/service/slapd/install.sh deleted file mode 100644 index 640e0ac5..00000000 --- a/image/service/slapd/install.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -e - -# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -groupadd -r openldap && useradd -r -g openldap openldap - -# Install OpenLDAP, ldap-utils -LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \ -slapd ldap-utils - -# Remove default ldap db -rm -rf /var/lib/ldap /etc/ldap/slapd.d diff --git a/test/test.bats b/test/test.bats index 5e30cdac..96689d24 100644 --- a/test/test.bats +++ b/test/test.bats @@ -32,7 +32,7 @@ load test_helper @test "ldapsearch new database with strict TLS and custom ca/crt" { - run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/osixia/service/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt + run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/container/service/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt wait_service slapd run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin clear_container @@ -79,7 +79,7 @@ load test_helper wait_service_by_cid $LDAP_REPL_CID slapd # add user on ldap2.example.org - docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/service/slapd/assets/test/new-user.ldif -h ldap2.example.org -ZZ + docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/new-user.ldif -h ldap2.example.org -ZZ sleep 5 From dbf8f4a9328ff3d2323dd2c79001c80b3bcc1f96 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 23 Jul 2015 10:48:19 +0200 Subject: [PATCH 31/33] sleep 1 -> 2 --- test/test.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test.bats b/test/test.bats index 96689d24..d1600058 100644 --- a/test/test.bats +++ b/test/test.bats @@ -65,7 +65,7 @@ load test_helper LDAP_REPL_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true -d $NAME:$VERSION) LDAP_REPL_IP=$(get_container_ip_by_cid $LDAP_REPL_CID) - sleep 1 + sleep 2 # ldap server run_image -h ldap.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true From a0590365bcd37445e445700b4eee2b12d21bb67f Mon Sep 17 00:00:00 2001 From: ofreax Date: Fri, 24 Jul 2015 17:10:03 +0200 Subject: [PATCH 32/33] README --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index bdf44550..273a19b5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # osixia/openldap +[![](https://badge.imagelayers.io/osixia/openldap:latest.svg)](https://imagelayers.io/?images=osixia/openldap:latest 'Get your own badge on imagelayers.io') + A docker image to run OpenLDAP. > [www.openldap.org](http://www.openldap.org/) @@ -63,8 +65,6 @@ By default the admin has the password **admin**. All those default settings can The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d` (LDAP config files) has been declared as volumes, so your ldap files are saved outside the container in data volumes. -Be careful, if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container. - For more information about docker data volume, please refer to : > [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/) @@ -147,11 +147,14 @@ Search on the second ldap server, and billy should show up ! objectClass: inetOrgPerson [...] - ## Administrate your ldap server If you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image : > [osixia/phpldapadmin](https://github.com/osixia/docker-phpLDAPadmin) +## Backups +A simple solution to backup your ldap server, our openldap-backup docker image : +> [osixia/openldap-backup](https://github.com/osixia/docker-openldap-backup) + ## Environment Variables Environement variables defaults are set in **image/env.yaml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yaml file as a docker volume to `/etc/env.yaml`. See examples below. From 3f8cf10cbeb9a23256fceca29deccefe3dcdb8ae Mon Sep 17 00:00:00 2001 From: ofreax Date: Fri, 24 Jul 2015 17:14:30 +0200 Subject: [PATCH 33/33] Makefile --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 16527586..d7e33e75 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,5 @@ tag_latest: release: build test tag_latest @if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi - @if ! head -n 1 CHANGELOG.md | grep -q 'release date'; then echo 'Please note the release date in Changelog.md.' && false; fi docker push $(NAME) @echo "*** Don't forget to run 'twgit release/hotfix finish' :)"