release

Author: BertrandGouny

Dockerfile

@@ -0,0 +1,47 @@
+FROM osixia/baseimage:0.6.0
+MAINTAINER Bertrand Gouny <[email protected]>
+
+# From Nick Stenning's work
+# https://github.com/nickstenning/docker-slapd
+
+# Default configuration: can be overridden at the docker command line
+ENV LDAP_ADMIN_PWD toor
+ENV LDAP_ORGANISATION Example Inc.
+ENV LDAP_DOMAIN example.com
+
+# /!\ To store the data outside the container, 
+# mount /var/lib/ldap and /etc/ldap/slapd.d as a data volume add
+# -v /some/host/directory:/var/lib/ldap and -v /some/other/host/directory:/etc/ldap/slapd.d
+# to the run command
+
+# Disable SSH
+# RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
+
+# Enable dnsmasq
+RUN /sbin/enable-service dnsmasq
+
+# Use baseimage-docker's init system.
+CMD ["/sbin/my_init"]
+
+# Resynchronize the package index files from their sources
+RUN apt-get -y update
+
+# Install openldap (slapd) and ldap-utils
+RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends slapd ldap-utils openssl
+
+# Expose ldap default port
+EXPOSE 389
+
+# Create TLS certificats directory
+RUN mkdir /etc/ldap/ssl
+
+# Add config directory 
+RUN mkdir /etc/ldap/config
+ADD service/slapd/config /etc/ldap/config
+
+# Add slapd deamon
+RUN mkdir /etc/service/slapd
+ADD service/slapd/slapd.sh /etc/service/slapd/run
+
+# Clear out the local repository of retrieved package files
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

service/slapd/config/auto/tls.ldif

@@ -0,0 +1,17 @@
+dn: cn=config
+changetype: modify
+replace: olcTLSCACertificateFile
+olcTLSCACertificateFile: /etc/ldap/ssl/ca.crt
+-
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+-
+replace: olcTLSDHParamFile
+olcTLSDHParamFile: /etc/ldap/ssl/dhparam.pem
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never
+

service/slapd/config/logging.ldif

@@ -0,0 +1,4 @@
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats

service/slapd/slapd.sh

@@ -0,0 +1,89 @@
+#!/bin/sh
+
+set -eu
+
+status () {
+  echo "---> ${@}" >&2
+}
+
+
+set -x
+: LDAP_ADMIN_PWD=${LDAP_ADMIN_PWD}
+: LDAP_DOMAIN=${LDAP_DOMAIN}
+: LDAP_ORGANISATION=${LDAP_ORGANISATION}
+
+
+############ Base config ############
+if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
+  status "configuring slapd database"
+
+  cat <<EOF | debconf-set-selections
+slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PWD}
+slapd slapd/internal/adminpw password ${LDAP_ADMIN_PWD}
+slapd slapd/password2 password ${LDAP_ADMIN_PWD}
+slapd slapd/password1 password ${LDAP_ADMIN_PWD}
+slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+slapd slapd/domain string ${LDAP_DOMAIN}
+slapd shared/organization string ${LDAP_ORGANISATION}
+slapd slapd/backend string HDB
+slapd slapd/purge_database boolean true
+slapd slapd/move_old_database boolean true
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/no_configuration boolean false
+slapd slapd/dump_database select when needed
+EOF
+
+  dpkg-reconfigure -f noninteractive slapd
+
+  touch /var/lib/ldap/docker_bootstrapped
+
+else
+  status "slapd database found"
+fi
+
+
+############ Custom config ############
+if [ ! -e /etc/ldap/config/docker_bootstrapped ]; then
+  status "Custom config"
+
+  slapd -h "ldapi:///" -u openldap -g openldap 
+  chown -R openldap:openldap /etc/ldap 
+
+  # TLS
+  if [ -e /etc/ldap/ssl/ldap.crt ] && [ -e /etc/ldap/ssl/ldap.key ] && [ -e /etc/ldap/ssl/ca.crt ]; then
+    status "certificates found"
+
+    chmod 600 /etc/ldap/ssl/ldap.key
+
+    # create DHParamFile if not found
+    [ -f /etc/ldap/ssl/dhparam.pem ] || openssl dhparam -out /etc/ldap/ssl/dhparam.pem 2048
+
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/config/auto/tls.ldif -Q 
+
+    # add fake dnsmasq route to certificate cn
+    cn=$(openssl x509 -in /etc/ldap/ssl/ldap.crt -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
+    echo "127.0.0.1	" $cn >> /etc/dhosts
+
+  fi
+
+  # Replication
+  # todo :)
+
+  # Other config files
+  for f in $(find /etc/ldap/config -maxdepth 1 -name \*.ldif -type f); do
+    status "Processing file ${f}"
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f $f -Q 
+  done
+
+  kill -INT `cat /run/slapd/slapd.pid`
+
+ touch /etc/ldap/config/docker_bootstrapped
+
+else
+  status "found already-configured slapd"
+fi
+
+status "starting slapd on default port 389"
+set -x
+
+exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1

test-repository.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Usage
+# sudo ./test.sh 
+# add -v for verbose mode (or type whatever you like !) :p
+
+. test/config-repository
+. test/tools/run.sh
+
+run_test simple.sh "dn: dc=example,dc=com"
+run_test tls.sh "dn: dc=example,dc=com"
+run_test db.sh "dn: dc=otherdomain,dc=com"
+
+. test/tools/end.sh
+

test.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Usage
+# sudo ./test.sh 
+# add -v for verbose mode (or type whatever you like !) :p
+
+. test/config
+. test/tools/run.sh
+
+run_test tools/build-container.sh "Successfully built"
+run_test simple.sh "dn: dc=example,dc=com"
+run_test tls.sh "dn: dc=example,dc=com"
+run_test db.sh "dn: dc=otherdomain,dc=com"
+
+. test/tools/end.sh
+