Merge branch 'release-0.10.0' into stable

Author: BertrandGouny

CHANGELOG.md

@@ -0,0 +1,2 @@
+## 0.10.0 (release date: 2015-03-03)
+  - New version initial release

Makefile

@@ -1,21 +1,22 @@
 NAME = osixia/openldap
-VERSION = 0.9.2
+VERSION = 0.10.0
 
 .PHONY: all build test tag_latest release
 
 all: build
 
 build:
-	docker.io build -t $(NAME):$(VERSION) --rm .
+	docker build -t $(NAME):$(VERSION) --rm image
 
 test:
-	env NAME=$(NAME) VERSION=$(VERSION) ./test.sh debug
+	env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats
 
 tag_latest:
-	docker.io tag $(NAME):$(VERSION) $(NAME):latest
+	docker tag -f $(NAME):$(VERSION) $(NAME):latest
 
 release: build test tag_latest
-	@if ! docker.io images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
-	docker.io push $(NAME)
-	@echo "*** Don't forget to run 'twgit release finish' :)"
+	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
+	@if ! head -n 1 CHANGELOG.md | grep -q 'release date'; then echo 'Please note the release date in Changelog.md.' && false; fi
+	docker push $(NAME)
+	@echo "*** Don't forget to run 'twgit release/hotfix finish' :)"
 

README.md

@@ -5,29 +5,4 @@ https://github.com/nickstenning/docker-slapd
 
 Add support of tls.
 
-### How to use tls
-
-Add `-v some/host/dir:/etc/ldap/ssl` and `--dns=127.0.0.1` to the run command.
-
-`some/host/dir` must contain a least 3 files :
-- `ca.crt` certificate authority certificate
-- `ldap.crt` ldap server certificate
-- `ldap.key` ldap server certificate private key
-
-and optionaly `dhparam.pem` this file is genereted automaticaly if not present.
-
-`--dns=127.0.0.1` allow to use the certificate cn correctly.
-
-
-### Example
-
-    docker run --dns=127.0.0.1 \
-               -v /data/ldap/db:/var/lib/ldap \
-               -v /data/ldap/config:/etc/ldap/slapd.d \
-               -v /data/ldap/ssl/:/etc/ldap/ssl \
-               -v /data/ldap/log/:/var/log \
-               -e LDAP_DOMAIN=example.com \
-               -e LDAP_ORGANISATION="Example Corp." \
-               -e LDAP_ROOTPASS=toor \
-               -p 389:389 -d osixia/openldap
-
+Use docker 1.5.0

image/Dockerfile

@@ -0,0 +1,34 @@
+FROM osixia/baseimage:0.10.3
+MAINTAINER Bertrand Gouny <[email protected]>
+
+# Use baseimage-docker's init system.
+CMD ["/sbin/my_init"]
+
+# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
+RUN groupadd -r openldap && useradd -r -g openldap openldap
+
+# Install OpenLDAP and ldap-utils (and ssl-kit from baseimage), remove default ldap db
+RUN apt-get -y update && /sbin/enable-service ssl-kit \
+	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils \
+	&& rm -rf /var/lib/ldap
+
+# Add install script and OpenLDAP assets
+ADD service/install.sh /tmp/install.sh
+ADD service/slapd/assets /osixia/slapd
+
+# Run install script and clean all
+RUN ./tmp/install.sh \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Add default env variables
+ADD env.yml /etc/env.yml
+
+# Add OpenLDAP container start config & daemon
+ADD service/slapd/container-start.sh /etc/my_init.d/slapd
+ADD service/slapd/daemon.sh /etc/service/slapd/run
+
+# Set OpenLDAP data and config directories in a data volume
+VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
+
+# Expose ldap default port
+EXPOSE 389

image/env.yml

@@ -0,0 +1,10 @@
+LDAP_ORGANISATION: Example Inc.
+LDAP_DOMAIN: example.org
+LDAP_ADMIN_PASSWORD: admin
+
+SERVER_NAME: ldap.example.org
+
+USE_TLS: true
+SSL_CRT_FILENAME: ldap.crt
+SSL_KEY_FILENAME: ldap.key
+SSL_CA_CRT_FILENAME: ca.crt

image/service/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+# this script is run during the image build
+
+# Enable access only from docker default network and localhost
+echo "slapd: 172.17.0.0/255.255.0.0 127.0.0.1 : ALLOW" >> /etc/hosts.allow
+echo "slapd: ALL : DENY" >> /etc/hosts.allow

image/service/slapd/assets/config/README.md

@@ -0,0 +1 @@
+Add your ldif config file here

image/service/slapd/assets/config/logging.ldif

@@ -0,0 +1,4 @@
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats

image/service/slapd/assets/ssl/README.md

@@ -0,0 +1,2 @@
+Add your ssl crt, key and ca crt here
+or during docker run mount a data volume with thoses files to /osixia/slapd/ssl

image/service/slapd/assets/tls.ldif

@@ -0,0 +1,19 @@
+dn: cn=config
+changetype: modify
+add: olcTLSCipherSuite
+olcTLSCipherSuite: SECURE256:-VERS-SSL3.0
+-
+replace: olcTLSCACertificateFile
+olcTLSCACertificateFile: /osixia/slapd/ssl/ca.crt
+-
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /osixia/slapd/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /osixia/slapd/ssl/ldap.key
+-
+replace: olcTLSDHParamFile
+olcTLSDHParamFile: /osixia/slapd/ssl/dhparam.pem
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never