Merge branch 'release-0.10.0' into stable

CHANGELOG.md

@@ -0,0 +1,2 @@
+## 0.10.0 (release date: 2015-03-03)
+  - New version initial release

Makefile

@@ -1,21 +1,22 @@
 NAME = osixia/openldap
-VERSION = 0.9.2
+VERSION = 0.10.0
 
 .PHONY: all build test tag_latest release
 
 all: build
 
 build:
-	docker.io build -t $(NAME):$(VERSION) --rm .
+	docker build -t $(NAME):$(VERSION) --rm image
 
 test:
-	env NAME=$(NAME) VERSION=$(VERSION) ./test.sh debug
+	env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats
 
 tag_latest:
-	docker.io tag $(NAME):$(VERSION) $(NAME):latest
+	docker tag -f $(NAME):$(VERSION) $(NAME):latest
 
 release: build test tag_latest
-	@if ! docker.io images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
-	docker.io push $(NAME)
-	@echo "*** Don't forget to run 'twgit release finish' :)"
+	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
+	@if ! head -n 1 CHANGELOG.md | grep -q 'release date'; then echo 'Please note the release date in Changelog.md.' && false; fi
+	docker push $(NAME)
+	@echo "*** Don't forget to run 'twgit release/hotfix finish' :)"
 

README.md

@@ -5,29 +5,4 @@ https://github.com/nickstenning/docker-slapd
 
 Add support of tls.
 
-### How to use tls
-
-Add `-v some/host/dir:/etc/ldap/ssl` and `--dns=127.0.0.1` to the run command.
-
-`some/host/dir` must contain a least 3 files :
-- `ca.crt` certificate authority certificate
-- `ldap.crt` ldap server certificate
-- `ldap.key` ldap server certificate private key
-
-and optionaly `dhparam.pem` this file is genereted automaticaly if not present.
-
-`--dns=127.0.0.1` allow to use the certificate cn correctly.
-
-
-### Example
-
-    docker run --dns=127.0.0.1 \
-               -v /data/ldap/db:/var/lib/ldap \
-               -v /data/ldap/config:/etc/ldap/slapd.d \
-               -v /data/ldap/ssl/:/etc/ldap/ssl \
-               -v /data/ldap/log/:/var/log \
-               -e LDAP_DOMAIN=example.com \
-               -e LDAP_ORGANISATION="Example Corp." \
-               -e LDAP_ROOTPASS=toor \
-               -p 389:389 -d osixia/openldap
-
+Use docker 1.5.0

image/Dockerfile

@@ -0,0 +1,34 @@
+FROM osixia/baseimage:0.10.3
+MAINTAINER Bertrand Gouny <[email protected]>
+
+# Use baseimage-docker's init system.
+CMD ["/sbin/my_init"]
+
+# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
+RUN groupadd -r openldap && useradd -r -g openldap openldap
+
+# Install OpenLDAP and ldap-utils (and ssl-kit from baseimage), remove default ldap db
+RUN apt-get -y update && /sbin/enable-service ssl-kit \
+	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils \
+	&& rm -rf /var/lib/ldap
+
+# Add install script and OpenLDAP assets
+ADD service/install.sh /tmp/install.sh
+ADD service/slapd/assets /osixia/slapd
+
+# Run install script and clean all
+RUN ./tmp/install.sh \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Add default env variables
+ADD env.yml /etc/env.yml
+
+# Add OpenLDAP container start config & daemon
+ADD service/slapd/container-start.sh /etc/my_init.d/slapd
+ADD service/slapd/daemon.sh /etc/service/slapd/run
+
+# Set OpenLDAP data and config directories in a data volume
+VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
+
+# Expose ldap default port
+EXPOSE 389

image/env.yml

@@ -0,0 +1,10 @@
+LDAP_ORGANISATION: Example Inc.
+LDAP_DOMAIN: example.org
+LDAP_ADMIN_PASSWORD: admin
+
+SERVER_NAME: ldap.example.org
+
+USE_TLS: true
+SSL_CRT_FILENAME: ldap.crt
+SSL_KEY_FILENAME: ldap.key
+SSL_CA_CRT_FILENAME: ca.crt

image/service/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+# this script is run during the image build
+
+# Enable access only from docker default network and localhost
+echo "slapd: 172.17.0.0/255.255.0.0 127.0.0.1 : ALLOW" >> /etc/hosts.allow
+echo "slapd: ALL : DENY" >> /etc/hosts.allow

image/service/slapd/assets/config/README.md

@@ -0,0 +1 @@
+Add your ldif config file here

image/service/slapd/assets/config/logging.ldif

@@ -0,0 +1,4 @@
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats

image/service/slapd/assets/ssl/README.md

@@ -0,0 +1,2 @@
+Add your ssl crt, key and ca crt here
+or during docker run mount a data volume with thoses files to /osixia/slapd/ssl

image/service/slapd/assets/tls.ldif

@@ -0,0 +1,19 @@
+dn: cn=config
+changetype: modify
+add: olcTLSCipherSuite
+olcTLSCipherSuite: SECURE256:-VERS-SSL3.0
+-
+replace: olcTLSCACertificateFile
+olcTLSCACertificateFile: /osixia/slapd/ssl/ca.crt
+-
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /osixia/slapd/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /osixia/slapd/ssl/ldap.key
+-
+replace: olcTLSDHParamFile
+olcTLSDHParamFile: /osixia/slapd/ssl/dhparam.pem
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never

image/service/slapd/container-start.sh

@@ -0,0 +1,78 @@
+#!/bin/bash -e
+
+FIRST_START_DONE="/etc/docker-openldap-first-start-done"
+
+#fix file permissions
+chown -R openldap:openldap /var/lib/ldap 
+chown -R openldap:openldap /etc/ldap
+
+# container first start
+if [ ! -e "$FIRST_START_DONE" ]; then
+
+  # database is uninitialized
+  if [ -z "$(ls -A /var/lib/ldap)" ]; then
+
+    cat <<EOF | debconf-set-selections
+slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/internal/adminpw password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/password2 password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/password1 password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+slapd slapd/domain string ${LDAP_DOMAIN}
+slapd shared/organization string ${LDAP_ORGANISATION}
+slapd slapd/backend string HDB
+slapd slapd/purge_database boolean true
+slapd slapd/move_old_database boolean true
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/no_configuration boolean false
+slapd slapd/dump_database select when needed
+EOF
+
+    dpkg-reconfigure -f noninteractive slapd
+  fi
+
+
+  # start OpenLDAP
+  slapd -h "ldapi:///" -u openldap -g openldap
+
+  # TLS config
+  if [ "${USE_TLS,,}" == "true" ]; then
+
+    # check certificat and key or create it
+    /sbin/ssl-kit "/osixia/slapd/ssl/$SSL_CRT_FILENAME" "/osixia/slapd/ssl/$SSL_KEY_FILENAME" --ca-crt=/osixia/slapd/ssl/$SSL_CA_CRT_FILENAME --gnutls
+
+    # create DHParamFile if not found
+    [ -f /osixia/slapd/ssl/dhparam.pem ] || openssl dhparam -out /osixia/slapd/ssl/dhparam.pem 2048
+
+    # adapt tls ldif
+    sed -i "s,/osixia/slapd/ssl/ca.crt,/osixia/slapd/ssl/${SSL_CA_CRT_FILENAME},g" /osixia/slapd/tls.ldif
+    sed -i "s,/osixia/slapd/ssl/ldap.crt,/osixia/slapd/ssl/${SSL_CRT_FILENAME},g" /osixia/slapd/tls.ldif
+    sed -i "s,/osixia/slapd/ssl/ldap.key,/osixia/slapd/ssl/${SSL_KEY_FILENAME},g" /osixia/slapd/tls.ldif
+
+    # set tls config
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f /osixia/slapd/tls.ldif -Q
+
+    # add localhost route to certificate cn (need docker 1.5.0)
+    cn=$(openssl x509 -in /osixia/slapd/ssl/$SSL_CRT_FILENAME -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
+    echo "127.0.0.1 $cn" >> /etc/hosts
+
+    # local ldap tls client config
+    sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/slapd/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
+  fi
+
+  # OpenLDAP config 
+  for f in $(find /osixia/slapd/config -name \*.ldif -type f); do
+    status "Processing file ${f}"
+    ldapmodify -r -Y EXTERNAL -H ldapi:/// -f $f -Q
+  done
+
+  # stop OpenLDAP
+  kill -INT `cat /run/slapd/slapd.pid`
+
+  touch $FIRST_START_DONE
+fi
+
+# fix file permissions
+chown openldap:openldap -R /osixia/slapd
+
+exit 0

image/service/slapd/daemon.sh

@@ -0,0 +1,2 @@
+#!/bin/bash -e
+exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1

test/config

@@ -1,8 +0,0 @@
-testImage=openldap-test
-testContainer=openldap-test-container
-testDir=/osixia-test-docker-openldap
-
-export testImage
-export testContainer
-export testDir
-

test/config-repository

@@ -1,7 +0,0 @@
-testImage=osixia/openldap:latest
-testContainer=openldap-repository-test-container
-testDir=/osixia-repository-test-docker-openldap
-
-export testImage
-export testContainer
-export testDir

test/config/cn=config.ldif

@@ -0,0 +1,16 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 e072c71d
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcArgsFile: /var/run/slapd/slapd.args
+olcPidFile: /var/run/slapd/slapd.pid
+olcToolThreads: 1
+structuralObjectClass: olcGlobal
+entryUUID: db089696-51e1-1034-95ec-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+olcLogLevel: stats
+entryCSN: 20150303142212.168245Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150303142212Z

test/config/cn=config/cn=module{0}.ldif

@@ -0,0 +1,14 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 d5bd456a
+dn: cn=module{0}
+objectClass: olcModuleList
+cn: module{0}
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: {0}back_hdb
+structuralObjectClass: olcModuleList
+entryUUID: db093e98-51e1-1034-95f4-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.826169Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/cn=schema.ldif

@@ -0,0 +1,12 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 deed6c98
+dn: cn=schema
+objectClass: olcSchemaConfig
+cn: schema
+structuralObjectClass: olcSchemaConfig
+entryUUID: db08b2b6-51e1-1034-95ef-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.822586Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/cn=schema/cn={0}core.ldif

@@ -0,0 +1,243 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 f54534bb
+dn: cn={0}core
+objectClass: olcSchemaConfig
+cn: {0}core
+olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno
+ wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.15{32768} )
+olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
+ amily) name(s) for which the entity is known by' SUP name )
+olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb
+ er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-
+ 3166 country 2-letter code' SUP name SINGLE-VALUE )
+olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc
+ ality which this object resides in' SUP name )
+olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2
+ 256: state or province which this object resides in' SUP name )
+olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225
+ 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS
+ ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256
+ : organization this object belongs to' SUP name )
+olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC '
+ RFC2256: organizational unit this object belongs to' SUP name )
+olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated 
+ with the entity' SUP name )
+olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui
+ de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin
+ ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a
+ ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code
+ ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.15{40} )
+olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off
+ ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3
+ .6.1.4.1.1466.115.121.1.15{40} )
+olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2
+ 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor
+ eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph
+ one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb
+ er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22
+ 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE
+ SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.22 )
+olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr
+ ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.36{15} )
+olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256
+ : international ISDN number' EQUALITY numericStringMatch SUBSTR numericString
+ SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi
+ stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
+  )
+olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d
+ estination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256
+ : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU
+ E )
+olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: pr
+ esentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.43 SINGLE-VALUE )
+olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC
+ 2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.38 )
+olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a gro
+ up' SUP distinguishedName )
+olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob
+ ject)' SUP distinguishedName )
+olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant 
+ of role' SUP distinguishedName )
+olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 
+ user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.8 )
+olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA
+  certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.8 )
+olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256
+ : X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.9 )
+olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC22
+ 56: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.9 )
+olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X
+ .509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
+ 0 )
+olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
+ st name(s) for which the entity is known by' SUP name )
+olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s
+ ome or all of names, but not the surname(s).' SUP name )
+olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na
+ me qualifier indicating a generation' SUP name )
+olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X
+ .500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.6 )
+olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifi
+ er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: en
+ hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: pr
+ otocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.42 )
+olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me
+ mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .34 )
+olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house 
+ identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
+ 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su
+ pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de
+ lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' S
+ UP name )
+olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym
+  for the object' SUP name )
+olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbo
+ x' ) DESC 'RFC1274: RFC822 Mailbox'   EQUALITY caseIgnoreIA5Match   SUBSTR ca
+ seIgnoreIA5SubstringsMatch   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompone
+ nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBST
+ R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA
+ LUE )
+olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DE
+ SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBST
+ R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'p
+ kcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUA
+ LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.26{128} )
+olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP to
+ p STRUCTURAL MUST c MAY ( searchGuide $ description ) )
+olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP 
+ top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) 
+ )
+olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organizat
+ ion' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ b
+ usinessCategory $ x121Address $ registeredAddress $ destinationIndicator $ pr
+ eferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNu
+ mber $ internationaliSDNNumber $  facsimileTelephoneNumber $ street $ postOff
+ iceBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ d
+ escription ) )
+olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an org
+ anizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide
+  $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destination
+ Indicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier
+  $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ str
+ eet $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
+  $ st $ l $ description ) )
+olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top 
+ STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ 
+ description ) )
+olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an o
+ rganizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ regis
+ teredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+  teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $  fac
+ simileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $
+  physicalDeliveryOfficeName $ ou $ st $ l ) )
+olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an org
+ anizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAd
+ dress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ telete
+ xTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTe
+ lephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ p
+ ostOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $
+  st $ l $ description ) )
+olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of n
+ ames (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ 
+ seeAlso $ owner $ ou $ o $ description ) )
+olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an res
+ idential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Ad
+ dress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ 
+ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDN
+ Number $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOf
+ ficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) 
+ )
+olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an ap
+ plication process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ descri
+ ption ) )
+olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an ap
+ plication entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( 
+ supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
+olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system 
+ agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation )
+olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP to
+ p STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ desc
+ ription ) )
+olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256
+ : a strong authentication user' SUP top AUXILIARY MUST userCertificate )
+olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: 
+ a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ c
+ ertificateRevocationList $ cACertificate ) MAY crossCertificatePair )
+olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a gr
+ oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uni
+ queMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ descript
+ ion ) )
+olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256:
+  a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms ) )
+olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certif
+ icationAuthority AUXILIARY MAY ( deltaRevocationList ) )
+olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURA
+ L MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ del
+ taRevocationList ) )
+olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName 
+ ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address
+  $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telex
+ Number $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumbe
+ r $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAd
+ dress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP
+  top AUXILIARY MAY userCertificate )
+olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate a
+ uthority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevoca
+ tionList $ cACertificate $ crossCertificatePair ) )
+olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP 
+ top AUXILIARY MAY deltaRevocationList )
+olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC
+ 2079: object that contains the URI attribute type' MAY ( labeledURI ) SUP top
+  AUXILIARY )
+olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+  DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )
+olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do
+ main component object' SUP top AUXILIARY MUST dc )
+olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje
+ ct' SUP top AUXILIARY MUST uid )
+structuralObjectClass: olcSchemaConfig
+entryUUID: db08c7ba-51e1-1034-95f0-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.823123Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/cn=schema/cn={1}cosine.ldif

@@ -0,0 +1,177 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 798d0f53
+dn: cn={1}cosine
+objectClass: olcSchemaConfig
+cn: {1}cosine
+olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' 
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.15{256} )
+olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
+ eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
+ nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
+ 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: 
+ photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
+ 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
+ ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
+ 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.12 )
+olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
+ ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR 
+ caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
+ RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
+ ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
+ C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
+ bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
+  'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
+ SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
+ aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
+ lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
+ erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.50 )
+olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
+ 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.12 )
+olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
+  1.3.6.1.4.1.1466.115.121.1.39 )
+olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
+ seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY 
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
+ Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
+  'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
+ ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
+ noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 
+ 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
+ ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
+ berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.50 )
+olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
+ honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
+ Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .50 )
+olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
+ ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
+ TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
+ SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.15{256} )
+olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
+ ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
+ gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
+ RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
+ ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  )
+olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
+ RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
+ gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
+ C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' 
+ DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
+ GLE-VALUE )
+olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
+ y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
+ y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
+ ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 23 )
+olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
+ FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.12 )
+olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
+ : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
+ ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
+ tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
+ Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
+ ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
+ ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
+ honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature 
+ ) )
+olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
+ URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
+ e $ organizationalUnitName $ host ) )
+olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
+ TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
+ lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
+ ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
+olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
+ L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber 
+ ) )
+olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
+  STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
+ ocalityName $ organizationName $ organizationalUnitName ) )
+olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
+ URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
+ on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
+  stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
+ ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber 
+ $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
+ exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
+  $ x121Address ) )
+olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
+ omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
+ neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
+ ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ 
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
+ Method $ destinationIndicator $ registeredAddress $ x121Address ) )
+olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain 
+ STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
+ Record ) )
+olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
+ ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
+ edDomain )
+olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
+ ountry STRUCTURAL MUST friendlyCountryName )
+olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
+ P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
+olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
+ UCTURAL MAY dSAQuality )
+olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' 
+ SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
+ mQuality ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: db090c34-51e1-1034-95f1-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.824875Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/cn=schema/cn={2}nis.ldif

@@ -0,0 +1,106 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 b5000483
+dn: cn={2}nis
+objectClass: olcSchemaConfig
+cn: {2}nis
+olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
+ e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
+ e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
+ e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
+ A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
+ seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.26 )
+olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
+ oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
+olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
+olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
+ ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
+ ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
+ ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
+  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
+ aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
+olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
+ e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
+olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
+ tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.26{1024} SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
+ f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
+ mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ 
+ description ) )
+olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
+ ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
+  $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive 
+ $ shadowExpire $ shadowFlag $ description ) )
+olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of 
+ a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
+ sword $ memberUid $ description ) )
+olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
+ nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
+ rviceProtocol ) MAY description )
+olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of 
+ an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
+  ) MAY description )
+olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
+ NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
+ AY description )
+olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
+ st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
+ ription $ manager ) )
+olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
+ n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
+ kNumber $ l $ description $ manager ) )
+olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
+  a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
+ tgroup $ description ) )
+olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
+ on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
+olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a 
+ NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
+ ption )
+olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
+ ith a MAC address' SUP top AUXILIARY MAY macAddress )
+olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device 
+ with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: db09273c-51e1-1034-95f2-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.825570Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif

@@ -0,0 +1,48 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 bf5eae1c
+dn: cn={3}inetorgperson
+objectClass: olcSchemaConfig
+cn: {3}inetorgperson
+olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
+ 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
+ eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
+ RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
+ 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
+ NGLE-VALUE )
+olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
+ C2798: numerically identifies an employee within an organization' EQUALITY ca
+ seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.15 SINGLE-VALUE )
+olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
+ 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
+ oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
+ 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
+  'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
+ noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 15 SINGLE-VALUE )
+olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
+ ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.5 )
+olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
+ 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.5 )
+olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
+ 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY 
+ ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
+ ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
+ tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo 
+ $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
+ ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: db093722-51e1-1034-95f3-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.825977Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/olcBackend={0}hdb.ldif

@@ -0,0 +1,12 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 40b20094
+dn: olcBackend={0}hdb
+objectClass: olcBackendConfig
+olcBackend: {0}hdb
+structuralObjectClass: olcBackendConfig
+entryUUID: db094f96-51e1-1034-95f5-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.826604Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/olcDatabase={-1}frontend.ldif

@@ -0,0 +1,18 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 1f64c20c
+dn: olcDatabase={-1}frontend
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
+ ,cn=auth manage by * break
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+olcSizeLimit: 500
+structuralObjectClass: olcDatabaseConfig
+entryUUID: db089fec-51e1-1034-95ed-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.822104Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/olcDatabase={0}config.ldif

@@ -0,0 +1,14 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 dcde46c0
+dn: olcDatabase={0}config
+objectClass: olcDatabaseConfig
+olcDatabase: {0}config
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
+ ,cn=auth manage by * break
+structuralObjectClass: olcDatabaseConfig
+entryUUID: db08ac08-51e1-1034-95ee-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.822414Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/config/cn=config/olcDatabase={1}hdb.ldif

@@ -0,0 +1,29 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 8b1aead3
+dn: olcDatabase={1}hdb
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: {1}hdb
+olcDbDirectory: /var/lib/ldap
+olcSuffix: dc=test,dc=osixia,dc=net
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
+ s auth by dn="cn=admin,dc=test,dc=osixia,dc=net" write by * none
+olcAccess: {1}to dn.base="" by * read
+olcAccess: {2}to * by self write by dn="cn=admin,dc=test,dc=osixia,dc=net" wri
+ te by * read
+olcLastMod: TRUE
+olcRootDN: cn=admin,dc=test,dc=osixia,dc=net
+olcRootPW:: e1NTSEF9bU9FWlh4OUpPNmlhK1dkeFV4S0FKam43R3dmNVJrby8=
+olcDbCheckpoint: 512 30
+olcDbConfig: {0}set_cachesize 0 2097152 0
+olcDbConfig: {1}set_lk_max_objects 1500
+olcDbConfig: {2}set_lk_max_locks 1500
+olcDbConfig: {3}set_lk_max_lockers 1500
+olcDbIndex: objectClass eq
+structuralObjectClass: olcHdbConfig
+entryUUID: db09539c-51e1-1034-95f6-9d03bc6be361
+creatorsName: cn=config
+createTimestamp: 20150226090154Z
+entryCSN: 20150226090154.826706Z#000000#000#000000
+modifiersName: cn=config
+modifyTimestamp: 20150226090154Z

test/database/DB_CONFIG

@@ -0,0 +1,4 @@
+set_cachesize 0 2097152 0
+set_lk_max_objects 1500
+set_lk_max_locks 1500
+set_lk_max_lockers 1500

test/db.sh

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-dir=$(dirname $0)
-
-if [ -d "$testDir" ]; then
-  rm -r $testDir
-fi
-
-mkdir $testDir
-mkdir $testDir/db
-mkdir $testDir/config
-
-runOptions="-e LDAP_DOMAIN=otherdomain.com -v $testDir/db:/var/lib/ldap -v $testDir/config:/etc/ldap/slapd.d"
-. $dir/tools/run-container.sh
-$dir/tools/delete-container.sh
-
-runOptions="-v $testDir/db:/var/lib/ldap -v $testDir/config:/etc/ldap/slapd.d"
-. $dir/tools/run-container.sh
-echo "ldapsearch -x -h $IP -b dc=otherdomain,dc=com"
-ldapsearch -x -h $IP -b dc=otherdomain,dc=com
-
-rm -r $testDir
-$dir/tools/delete-container.sh

test/simple.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-dir=$(dirname $0)
-. $dir/tools/run-container.sh
-
-echo "ldapsearch -x -h $IP -b dc=example,dc=com"
-ldapsearch -x -h $IP -b dc=example,dc=com
-
-$dir/tools/delete-container.sh

test/test.bats

@@ -0,0 +1,57 @@
+#!/usr/bin/env bats
+load test_helper
+
+@test "image build" {
+
+  run build_image
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch new database" {
+
+  run_image -e USE_TLS=false
+  wait_service slapd
+  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org
+  clear_container
+
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch new database with strict TLS" {
+
+  run_image
+  wait_service slapd
+  run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ
+  clear_container
+
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch new database with strict TLS and custom ca/crt" {
+
+  run_image -v $BATS_TEST_DIRNAME/ssl:/osixia/slapd/ssl -e SSL_CRT_FILENAME=test-ldap.crt -e SSL_KEY_FILENAME=test-ldap.key -e SSL_CA_CRT_FILENAME=test-ca.crt
+  wait_service slapd
+  run docker exec $CONTAINER_ID ldapsearch -x -h ldap-test.example.com -b dc=example,dc=org -ZZ
+  clear_container
+
+  chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true
+
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch existing database and config" {
+
+  run_image -e USE_TLS=false -v $BATS_TEST_DIRNAME/database:/var/lib/ldap -v $BATS_TEST_DIRNAME/config:/etc/ldap/slapd.d
+  wait_service slapd
+  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=test,dc=osixia,dc=net
+  clear_container
+
+  chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true
+
+  [ "$status" -eq 0 ]
+
+}

test/test_helper.bash

@@ -0,0 +1,101 @@
+setup() {
+  IMAGE_NAME="$NAME:$VERSION"
+}
+
+# function relative to the current container / image  
+build_image() {
+  #disable outputs
+  docker build -t $IMAGE_NAME $BATS_TEST_DIRNAME/../image &> /dev/null
+}
+
+run_image() {
+  CONTAINER_ID=$(docker run $@ -d $IMAGE_NAME)
+  CONTAINER_IP=$(get_container_ip_by_cid $CONTAINER_ID)
+}
+
+start_container() {
+  start_containers_by_cid $CONTAINER_ID
+}
+
+stop_container() {
+  stop_containers_by_cid $CONTAINER_ID
+}
+
+remove_container() {
+ remove_containers_by_cid $CONTAINER_ID
+}
+
+clear_container() {
+  stop_containers_by_cid $CONTAINER_ID
+  remove_containers_by_cid $CONTAINER_ID
+}
+
+is_service_running() {
+  is_service_running_by_cid $CONTAINER_ID $1
+}
+
+wait_service() {
+  wait_service_by_cid $CONTAINER_ID $@
+}
+
+
+# generic functions 
+get_container_ip_by_cid() {
+  local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1)
+  echo "$IP"
+}
+
+start_containers_by_cid() {
+  for cid in "$@"
+  do
+    #disable outputs
+    docker start $cid &> /dev/null
+  done 
+}
+
+stop_containers_by_cid() {
+  for cid in "$@"
+  do
+    #disable outputs
+    docker stop $cid &> /dev/null
+  done 
+}
+
+remove_containers_by_cid() {
+  for cid in "$@"
+  do
+    #disable outputs
+    docker rm $cid &> /dev/null
+  done 
+}
+
+clear_containers_by_cid() {
+  stop_containers_by_cid $@
+  remove_containers_by_cid $@
+}
+
+is_service_running_by_cid() {
+  docker exec $1 ps cax | grep $2  > /dev/null
+}
+
+wait_service_by_cid() {
+
+  cid=$1
+
+  # first wait image init end
+  while ! is_service_running_by_cid $cid syslog-ng
+  do
+    sleep 1
+  done
+
+  for service in "${@:2}"
+  do
+    # wait service
+    while ! is_service_running_by_cid $cid $service
+    do
+      sleep 1
+    done
+  done
+
+  sleep 5
+}

test/tls.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-dir=$(dirname $0)
-. $dir/tls/run.sh
-
-echo "ldapsearch -x -h $certCN -b dc=example,dc=com -ZZ"
-ldapsearch -x -h $certCN -b dc=example,dc=com -ZZ
-
-. $dir/tls/end.sh

test/tls/end.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-sed -i '/'"$addLine"'/d' /etc/hosts
-cp /etc/ldap/ldap.conf.old /etc/ldap/ldap.conf
-rm /etc/ldap/ldap.conf.old
-
-$dir/tools/delete-container.sh

test/tls/run.sh

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-
-runOptions="--dns=127.0.0.1 -v `pwd`/test/tls/ssl:/etc/ldap/ssl"
-. $dir/tools/run-container.sh
-
-cert=$(echo $dir/tls/ssl/ldap.crt)
-certCN=$(openssl x509 -in $cert -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
-addLine=$(echo $IP $certCN)
-
-echo $addLine >> /etc/hosts
-cp /etc/ldap/ldap.conf /etc/ldap/ldap.conf.old
-sed -i 's,TLS_CACERT.*,TLS_CACERT '"$cert"',g' /etc/ldap/ldap.conf
-
-sleep 5
-

test/tools/build-container.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-docker.io build -t $testImage .
-#docker.io build --no-cache=true -t $testImage .
-

test/tools/delete-container.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-# remove test container
-res=$(docker.io ps -a | grep -c "$testContainer")
-
-if [ $res -ne 0 ]; then
-  docker.io stop $testContainer
-  docker.io rm $testContainer
-fi

test/tools/delete-image.sh

@@ -1,8 +0,0 @@
-#!/bin/sh
-
-# remove test image
-res=$(docker.io images | grep -c "$testImage")
-
-if [ $res -ne 0 ]; then
-  docker.io rmi $testImage
-fi

test/tools/end.sh

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-
-rm -rf $testDir
-./test/tools/delete-container.sh 
-./test/tools/delete-image.sh > /dev/null 2>&1
-
-echo "------- End -------"
-echo $error " failed " $ok " succeeded"
-
-if [ "$error" -eq 0 ]; then
-  exit 0
-else
-  exit 1
-fi

test/tools/prepare.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-mkdir -p $testDir
-
-dir=$(dirname $0)
-$dir/delete-container.sh
-$dir/delete-image.sh

test/tools/run-container.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-echo "docker.io run --name $testContainer $runOptions -d $testImage $runCommand"
-ID=`docker.io run --name $testContainer $runOptions -d $testImage $runCommand`
-sleep 10
-
-echo " --> Obtaining IP"
-IP=`docker.io inspect -f "{{ .NetworkSettings.IPAddress }}" $ID`
-if [ "$IP" = "" ]; then
-	abort "Unable to obtain container IP"
-	exit 1
-else
-  echo " -->" $IP
-fi

test/tools/run.sh

@@ -1,46 +0,0 @@
-#!/bin/sh
-
-# Usage
-# sudo ./test.sh 
-# add -v for verbose mode (or type whatever you like !) :p
-
-verbose=$1
-error=0
-ok=0
-
-echo_start () {
-  echo "------- Test: $* -------"
-}
-
-echo_error () {
-  echo "\n$(tput setaf 1)/!\ $* failed$(tput sgr0)\n"
-  error=`expr $error + 1`
-}
-
-echo_ok () {
-  echo "\n--> $* ok\n"
-  ok=`expr $ok + 1`
-}
-
-run_test () {
-  test=$1
-  out=test/test.out
-
-  echo_start $test
-
-  if [ -z ${verbose} ]; then
-    ./test/$test > $out 2>&1
-  else
-    ./test/$test | tee $out 2>&1
-  fi
-  
-  if [ "$(grep -c "$2" $out)" -eq 0 ]; then
-    echo_error $test
-  else
-    echo_ok  $test
-  fi
-
-  rm $out
-}
-
-./test/tools/prepare.sh > /dev/null 2>&1