Add an image for a basic slapd installation

Dockerfile

@@ -0,0 +1,26 @@
+from	ubuntu:12.04
+
+# Configure apt
+run	echo 'deb http://us.archive.ubuntu.com/ubuntu/ precise universe' >> /etc/apt/sources.list
+run	apt-get -y update
+
+# Don't start slapd on install
+run	echo "#!/bin/sh\nexit 101" >/usr/sbin/policy-rc.d
+run	chmod +x /usr/sbin/policy-rc.d
+
+# Install slapd
+run	LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y slapd
+
+# Default configuration: can be overridden at the docker command line
+env	LDAP_ROOTPASS toor
+env	LDAP_ORGANISATION Acme Widgets Inc.
+env	LDAP_DOMAIN example.com
+
+expose 389
+
+add	./slapd-start /usr/bin/slapd-start
+cmd	["/usr/bin/slapd-start"]
+
+# To store the data outside the container, mount /var/lib/ldap as a data volume
+
+# vim:ts=8:noet:

README.md

@@ -0,0 +1,38 @@
+## slapd
+
+A basic configuration of the OpenLDAP server, slapd, with support for data
+volumes.
+
+This image will initialize a basic configuration of slapd. Most common schemas
+are preloaded (all the schemas that come preloaded with the default Ubuntu
+Precise install of slapd), but the only record added to the directory will be
+the root organisational unit.
+
+You can (and should) configure the following by providing environment variables
+to `docker run`:
+
+- `LDAP_DOMAIN` sets the LDAP root domain. (e.g. if you provide `foo.bar.com`
+  here, the root of your directory will be `dc=foo,dc=bar,dc=com`)
+- `LDAP_ORGANISATION` sets the human-readable name for your organisation (e.g.
+  `Acme Widgets Inc.`)
+- `LDAP_ROOTPASS` sets the LDAP admin user password (i.e. the password for
+  `cn=admin,dc=example,dc=com` if your domain was `example.com`)
+
+For example, to start a container running slapd for the `mycorp.com` domain,
+with data stored in `/data/ldap` on the host, use the following:
+
+    docker run -v /data/ldap:/var/lib/ldap \
+               -e LDAP_DOMAIN=mycorp.com \
+               -e LDAP_ORGANISATION="My Mega Corporation" \
+               -e LDAP_ROOTPASS=s3cr3tpassw0rd \
+               -d nickstenning/slapd
+
+You can find out which port the LDAP server is bound to on the host by running
+`docker ps` (or `docker port <container_id> 389`). You could then load an LDIF
+file (to set up your directory) like so:
+
+    ldapadd -h localhost -p <host_port> -c -x -D cn=admin,dc=mycorp,dc=com -W -f
+data.ldif
+
+**NB**: Please be aware that by default docker will make the LDAP port
+accessible from anywhere if the host firewall is unconfigured.

slapd-start

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -eu
+
+status () {
+  echo "---> ${@}" >&2
+}
+
+set -x
+: LDAP_ROOTPASS=${LDAP_ROOTPASS}
+: LDAP_DOMAIN=${LDAP_DOMAIN}
+: LDAP_ORGANISATION=${LDAP_ORGANISATION}
+
+if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
+  status "configuring slapd for first run"
+
+  cat <<EOF | debconf-set-selections
+slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS}
+slapd slapd/internal/adminpw password ${LDAP_ROOTPASS}
+slapd slapd/password2 password ${LDAP_ROOTPASS}
+slapd slapd/password1 password ${LDAP_ROOTPASS}
+slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+slapd slapd/domain string ${LDAP_DOMAIN}
+slapd shared/organization string ${LDAP_ORGANISATION}
+slapd slapd/backend string HDB
+slapd slapd/purge_database boolean true
+slapd slapd/move_old_database boolean true
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/no_configuration boolean false
+slapd slapd/dump_database select when needed
+EOF
+
+  dpkg-reconfigure -f noninteractive slapd
+
+  touch /var/lib/ldap/docker_bootstrapped
+else
+  status "found already-configured slapd"
+fi
+
+status "starting slapd"
+set -x
+exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d 0