Merge branch 'hotfix-1.1.3' into stable

Author: BertrandGouny

.gitignore

@@ -1,2 +1,2 @@
-/.twgit_features_subject
-/.twgit
+/.*
+!/.git*

CHANGELOG.md

@@ -1,9 +1,23 @@
 # Changelog
 
+## 1.1.3
+Merge pull request :
+  - Use mdb over hdb #50
+  - Ignore lost+found directories #53
+  - Remove Volume command from Dockerfile #56
+
+Update to light-baseimage:0.2.4
+
+Release Note:
+  In this version the new environment variable LDAP_BACKEND let you set the the backend used by your ldap database.
+  By default it's hdb. In comming versions 1.2.x the default will be changed to mdb.
+
+  Environment variable LDAP_REPLICATION_HDB_SYNCPROV changed to LDAP_REPLICATION_DB_SYNCPROV
+
 ## 1.1.2
 Merge pull request :
   - Honor LDAP_LOG_LEVEL on startup #39
-  
+
 Fix :
   - slapd tcp bind is network not interface, and so does not respond on overlay networks #35
   - specify base_dn without domain #37

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/openldap
-VERSION = 1.1.2
+VERSION = 1.1.3
 
 .PHONY: all build build-nocache test tag_latest release
 

README.md

@@ -2,12 +2,10 @@
 
 [![Docker Pulls](https://img.shields.io/docker/pulls/osixia/openldap.svg)][hub]
 [![Docker Stars](https://img.shields.io/docker/stars/osixia/openldap.svg)][hub]
-[![Image Size](https://img.shields.io/imagelayers/image-size/osixia/openldap/latest.svg)](https://imagelayers.io/?images=osixia/openldap:latest)
-[![Image Layers](https://img.shields.io/imagelayers/layers/osixia/openldap/latest.svg)](https://imagelayers.io/?images=osixia/openldap:latest)
 
 [hub]: https://hub.docker.com/r/osixia/openldap/
 
-Latest release: 1.1.2 - OpenLDAP 2.4.40 -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
+Latest release: 1.1.3 - OpenLDAP 2.4.40 -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
 
 A docker image to run OpenLDAP.
 
@@ -37,7 +35,7 @@ A docker image to run OpenLDAP.
 		- [Link environment file](#link-environment-file)
 		- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
 - [Advanced User Guide](#advanced-user-guide)
-	- [Extend osixia/openldap:1.1.2 image](#extend-osixiaopenldap112-image)
+	- [Extend osixia/openldap:1.1.3 image](#extend-osixiaopenldap113-image)
 	- [Make your own openldap image](#make-your-own-openldap-image)
 	- [Tests](#tests)
 	- [Kubernetes](#kubernetes)
@@ -55,7 +53,7 @@ If you find this image useful here's how you can help:
 ## Quick Start
 Run OpenLDAP docker image:
 
-	docker run --name my-openldap-container --detach osixia/openldap:1.1.2
+	docker run --name my-openldap-container --detach osixia/openldap:1.1.3
 
 This start a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:
 
@@ -91,11 +89,12 @@ It will create an empty ldap for the company **Example Inc.** and the domain **e
 By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example:
 
 	docker run --env LDAP_ORGANISATION="My Company" --env LDAP_DOMAIN="my-company.com" \
-	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.2
+	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.3
 
 #### Data persistence
 
-The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d`  (LDAP config files) has been declared as volumes, so your ldap files are saved outside the container in data volumes.
+The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d`  (LDAP config files) are used to persist the schema and data information, and should be mapped as volumes, so your ldap files are saved outside the container (see [Use an existing ldap database](#use-an-existing-ldap-database)). However it can be useful to not use volumes,
+in case the image should be delivered complete with test data - this is especially useful when deriving other images from this one.
 
 For more information about docker data volume, please refer to:
 
@@ -115,11 +114,13 @@ simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slap
 
 	docker run --volume /data/slapd/database:/var/lib/ldap \
 	--volume /data/slapd/config:/etc/ldap/slapd.d
-	--detach osixia/openldap:1.1.2
+	--detach osixia/openldap:1.1.3
 
 You can also use data volume containers. Please refer to:
 > [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/)
 
+Note: By default this image is waiting an **hdb**  database backend, if you want to use any other database backend set backend type via the LDAP_BACKEND environement variable.
+
 ### Backup
 A simple solution to backup your ldap server, is our openldap-backup docker image:
 > [osixia/openldap-backup](https://github.com/osixia/docker-openldap-backup)
@@ -133,7 +134,7 @@ If you are looking for a simple solution to administrate your ldap server you ca
 #### Use auto-generated certificate
 By default TLS is enable, a certificate is created with the container hostname (it can be set by docker run --hostname option eg: ldap.example.org).
 
-	docker run --hostname ldap.my-company.com --detach osixia/openldap:1.1.2
+	docker run --hostname ldap.my-company.com --detach osixia/openldap:1.1.3
 
 #### Use your own certificate
 
@@ -143,24 +144,24 @@ You can set your custom certificate at run time, by mounting a directory contain
 	--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \
 	--env LDAP_TLS_KEY_FILENAME=my-ldap.key \
 	--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \
-	--detach osixia/openldap:1.1.2
+	--detach osixia/openldap:1.1.3
 
 Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
 
 #### Disable TLS
 Add --env LDAP_TLS=false to the run command:
 
-	docker run --env LDAP_TLS=false --detach osixia/openldap:1.1.2
+	docker run --env LDAP_TLS=false --detach osixia/openldap:1.1.3
 
 ### Multi master replication
 Quick example, with the default config.
 
 	#Create the first ldap server, save the container id in LDAP_CID and get its IP:
-	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.2)
+	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.3)
 	LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
 	#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
-	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.2)
+	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.3)
 	LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
 
 	#Add the pair "ip hostname" to /etc/hosts on each containers,
@@ -196,7 +197,7 @@ You may have some problems with mounted files on some systems. The startup scrip
 
 To fix that run the container with `--copy-service` argument :
 
-		docker run [your options] osixia/openldap:1.1.2 --copy-service
+		docker run [your options] osixia/openldap:1.1.3 --copy-service
 
 ### Debug
 
@@ -205,11 +206,11 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
 
 Example command to run the container in `debug` mode:
 
-	docker run --detach osixia/openldap:1.1.2 --loglevel debug
+	docker run --detach osixia/openldap:1.1.3 --loglevel debug
 
 See all command line options:
 
-	docker run osixia/openldap:1.1.2 --help
+	docker run osixia/openldap:1.1.3 --help
 
 
 ## Environment Variables
@@ -241,6 +242,11 @@ Required and used for new ldap server only:
 - **LDAP_READONLY_USER_USERNAME** Read only user username. Defaults to `readonly`
 - **LDAP_READONLY_USER_PASSWORD** Read only user password. Defaults to `readonly`
 
+Backend:
+- **LDAP_BACKEND**: Ldap backend. Defaults to `hdb` (In comming versions v1.2.x default will be mdb)
+
+	Help: http://www.openldap.org/doc/admin24/backends.html
+
 TLS options:
 - **LDAP_TLS**: Add openldap TLS capabilities. Defaults to `true`
 - **LDAP_TLS_CRT_FILENAME**: Ldap ssl certificate filename. Defaults to `ldap.crt`
@@ -258,7 +264,7 @@ Replication options:
 
 - **LDAP_REPLICATION_CONFIG_SYNCPROV**: olcSyncRepl options used for the config database. Without **rid** and **provider** which are automatically added based on LDAP_REPLICATION_HOSTS.  Defaults to `binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical`
 
-- **LDAP_REPLICATION_HDB_SYNCPROV**: olcSyncRepl options used for the HDB database. Without **rid** and **provider** which are automatically added based on LDAP_REPLICATION_HOSTS.  Defaults to `binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical`
+- **LDAP_REPLICATION_DB_SYNCPROV**: olcSyncRepl options used for the database. Without **rid** and **provider** which are automatically added based on LDAP_REPLICATION_HOSTS.  Defaults to `binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical`
 
 - **LDAP_REPLICATION_HOSTS**: list of replication hosts, must contain the current container hostname set by --hostname on docker run command. Defaults to :
 	```yaml
@@ -268,7 +274,7 @@ Replication options:
 
 	If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
 
-		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.1.2
+		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.1.3
 
 	To convert yaml to python online: http://yaml-online-parser.appspot.com/
 
@@ -283,7 +289,7 @@ Other environment variables:
 Environment variables can be set by adding the --env argument in the command line, for example:
 
 	docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \
-	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.2
+	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.3
 
 Be aware that environment variable added in command line will be available at any time
 in the container. In this example if someone manage to open a terminal in this container
@@ -294,28 +300,28 @@ he will be able to read the admin password in clear text from environment variab
 For example if your environment files **my-env.yaml** and **my-env.yaml.startup** are in /data/ldap/environment
 
 	docker run --volume /data/ldap/environment:/container/environment/01-custom \
-	--detach osixia/openldap:1.1.2
+	--detach osixia/openldap:1.1.3
 
 Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not  directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
 
 Note: the container will try to delete the **\*.yaml.startup** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.yaml.startup**:
 
 	docker run --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
-	--detach osixia/openldap:1.1.2
+	--detach osixia/openldap:1.1.3
 
 #### Make your own image or extend this image
 
 This is the best solution if you have a private registry. Please refer to the [Advanced User Guide](#advanced-user-guide) just below.
 
 ## Advanced User Guide
 
-### Extend osixia/openldap:1.1.2 image
+### Extend osixia/openldap:1.1.3 image
 
 If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
 
 Dockerfile example:
 
-	FROM osixia/openldap:1.1.2
+	FROM osixia/openldap:1.1.3
 	MAINTAINER Your Name <[email protected]>
 
 	ADD bootstrap /container/service/slapd/assets/config/bootstrap
@@ -324,6 +330,9 @@ Dockerfile example:
 
 See complete example in **example/extend-osixia-openldap**
 
+Warning: if you want to install new packages from debian repositories, this image has a configuration to prevent documentation and locales to be installed. If you need the doc and locales remove the following files :
+**/etc/dpkg/dpkg.cfg.d/01_nodoc** and **/etc/dpkg/dpkg.cfg.d/01_nolocales**
+
 ### Make your own openldap image
 
 Clone this project:
@@ -334,7 +343,7 @@ Clone this project:
 Adapt Makefile, set your image NAME and VERSION, for example:
 
 	NAME = osixia/openldap
-	VERSION = 1.1.2
+	VERSION = 1.1.3
 
 	become:
 	NAME = cool-guy/openldap

example/extend-osixia-openldap/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/openldap:1.1.2
+FROM osixia/openldap:1.1.3
 MAINTAINER Your Name <[email protected]>
 
 ADD bootstrap /container/service/slapd/assets/config/bootstrap

example/extend-osixia-openldap/environment/my-env.yaml.startup

@@ -33,10 +33,10 @@ LDAP_REPLICATION: false
 # are automaticaly replaced at run time
 
 # if you want to add replication to an existing ldap
-# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_HDB_SYNCPROV to your configuration
+# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
 # avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
 LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
-LDAP_REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
 LDAP_REPLICATION_HOSTS:
   - ldap://ldap.example.org # The order must be the same on all ldap servers
   - ldap://ldap2.example.org

example/kubernetes/simple/ldap-rc.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.1.2
+          image: osixia/openldap:1.1.3
           volumeMounts:
             - name: ldap-data
               mountPath: /var/lib/ldap
@@ -63,7 +63,7 @@ spec:
               value: "false"
             - name: LDAP_REPLICATION_CONFIG_SYNCPROV
               value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
-            - name: LDAP_REPLICATION_HDB_SYNCPROV
+            - name: LDAP_REPLICATION_DB_SYNCPROV
               value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
             - name: LDAP_REPLICATION_HOSTS
               value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"

example/kubernetes/using-secrets/environment/my-env.yaml.startup

@@ -33,10 +33,10 @@ LDAP_REPLICATION: false
 # are automaticaly replaced at run time
 
 # if you want to add replication to an existing ldap
-# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_HDB_SYNCPROV to your configuration
+# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
 # avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
 LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
-LDAP_REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
 LDAP_REPLICATION_HOSTS:
   - ldap://ldap.example.org # The order must be the same on all ldap servers
   - ldap://ldap2.example.org

example/kubernetes/using-secrets/ldap-rc.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.1.2
+          image: osixia/openldap:1.1.3
           command:
           - --copy-service
           volumeMounts:

image/Dockerfile

@@ -1,6 +1,6 @@
 # Use osixia/light-baseimage
 # sources: https://github.com/osixia/docker-light-baseimage
-FROM osixia/light-baseimage:0.2.2
+FROM osixia/light-baseimage:0.2.4
 MAINTAINER Bertrand Gouny <[email protected]>
 
 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
@@ -28,8 +28,5 @@ RUN /container/tool/install-service
 # Add default env variables
 ADD environment /container/environment/99-default
 
-# Set OpenLDAP data and config directories in a data volume
-VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
-
 # Expose default ldap and ldaps ports
 EXPOSE 389 636