Merge branch 'release-1.0.0' into stable

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/openldap
-VERSION = 0.10.2
+VERSION = 1.0.0
 
 .PHONY: all build test tag_latest release
 
@@ -16,6 +16,5 @@ tag_latest:
 
 release: build test tag_latest
 	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! head -n 1 CHANGELOG.md | grep -q 'release date'; then echo 'Please note the release date in Changelog.md.' && false; fi
 	docker push $(NAME)
 	@echo "*** Don't forget to run 'twgit release/hotfix finish' :)"

README.md

@@ -1,17 +1,19 @@
 # osixia/openldap
 
+[![](https://badge.imagelayers.io/osixia/openldap:latest.svg)](https://imagelayers.io/?images=osixia/openldap:latest 'Get your own badge on imagelayers.io')
+
 A docker image to run OpenLDAP.
 > [www.openldap.org](http://www.openldap.org/)
 
 Fork of Nick Stenning docker-slapd :
 https://github.com/nickstenning/docker-slapd
 
-Add support of TLS and multi master replication.
+Add support of TLS, multi master replication and easy bootstrap.
 
 ## Quick start
 Run OpenLDAP docker image :
 
-	docker run -h ldap.example.org -d osixia/openldap
+	docker run -d osixia/openldap
 
 This start a new container with a OpenLDAP server running inside.
 The odd string printed by this command is the `CONTAINER_ID`.
@@ -25,7 +27,7 @@ make sure to replace `CONTAINER_ID` by your container id :
 You should now be in the container terminal,
 and we can search on the ldap server :
 
-	ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
+	ldapsearch -x -h localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
 
 This should output :
 
@@ -56,15 +58,13 @@ It will create an empty ldap for the compagny **Example Inc.** and the domain **
 
 By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example :
 
-	docker run -h ldap.example.org -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
+	docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
 	-e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap
 
 #### Data persitance
 
 The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d`  (LDAP config files) has been declared as volumes, so your ldap files are saved outside the container in data volumes.
 
-Be careful, if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container.
-
 For more information about docker data volume, please refer to :
 
 > [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/)
@@ -77,7 +77,7 @@ Assuming you have a LDAP database on your docker host in the directory `/data/sl
 and the corresponding LDAP config files on your docker host in the directory `/data/slapd/config`
 simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slapd.d`:
 
-	docker run -h ldap.example.org -v /data/slapd/database:/var/lib/ldap \
+	docker run -v /data/slapd/database:/var/lib/ldap \
 	-v /data/slapd/config:/etc/ldap/slapd.d
 	-d osixia/openldap
 
@@ -87,17 +87,17 @@ You can also use data volume containers. Please refer to :
 ### Using TLS
 
 #### Use autogenerated certificate
-By default TLS is enable, a certificate is created with the container hostname (set by -h option eg: ldap.example.org).
+By default TLS is enable, a certificate is created with the container hostname (it can be set by docker run -h option eg: ldap.example.org).
 
-	docker run -h ldap.example.org -e SERVER_NAME=ldap.my-compagny.com -d osixia/openldap
+	docker run -h ldap.my-compagny.com -d osixia/openldap
 
 #### Use your own certificate
 
-Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yml** and rebuild the image ([see manual build](#manual-build)).
+Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yaml** and rebuild the image ([see manual build](#manual-build)).
 
-Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/osixia/slapd/assets/ssl** and adjust there name with the following environment variables :
+Or you can set your custom certificate at run time, by mouting a directory containing thoses files to **/container/service/slapd/assets/ssl** and adjust there name with the following environment variables :
 
-	docker run -h ldap.example.org -v /path/to/certifates:/osixia/slapd/assets/ssl \
+	docker run -h ldap.example.org -v /path/to/certifates:/container/service/slapd/assets/ssl \
 	-e SSL_CRT_FILENAME=my-ldap.crt \
 	-e SSL_KEY_FILENAME=my-ldap.key \
 	-e SSL_CA_CRT_FILENAME=the-ca.crt \
@@ -106,37 +106,30 @@ Or you can set your custom certificate at run time, by mouting a directory conta
 #### Disable TLS
 Add -e USE_TLS=false to the run command :
 
-	docker run -h ldap.example.org  -e USE_TLS=false -d osixia/openldap
+	docker run -e USE_TLS=false -d osixia/openldap
 
 ### Multi master replication
 Quick example, with the default config.
 
-Create the first ldap server, save the container id in LDAP_CID and get its IP:
-
+	#Create the first ldap server, save the container id in LDAP_CID and get its IP:
 	LDAP_CID=$(docker run -h ldap.example.org -e USE_REPLICATION=true -d osixia/openldap)
 	LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
-Create the second ldap server, save the container id in LDAP2_CID and get its IP:
-
+	#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
 	LDAP2_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -d osixia/openldap)
 	LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
 
-Add the pair "ip hostname" to /etc/hosts on each containers,
-beacause ldap.example.org and ldap2.example.org are fake hostnames
+	#Add the pair "ip hostname" to /etc/hosts on each containers,
+	#beacause ldap.example.org and ldap2.example.org are fake hostnames
+	docker exec $LDAP_CID /sbin/add-host $LDAP2_IP ldap2.example.org
+	docker exec $LDAP2_CID /sbin/add-host $LDAP_IP ldap.example.org
 
-	docker exec $LDAP_CID /osixia/test/add-host.sh $LDAP2_IP ldap2.example.org
-	docker exec $LDAP2_CID /osixia/test/add-host.sh $LDAP_IP ldap.example.org
-
-We reload slapd to let him take into consideration /etc/hosts changes
-
-	docker exec $LDAP_CID pkill slapd
-	docker exec $LDAP2_CID pkill slapd
 
 That's it ! But a litle test to be sure :
 
 Add a new user "billy" on the first ldap server
 
-	docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/test/new-user.ldif -h ldap.example.org -ZZ
+	docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/new-user.ldif -h ldap.example.org -ZZ
 
 Search on the second ldap server, and billy should show up !
 
@@ -154,22 +147,26 @@ Search on the second ldap server, and billy should show up !
 	objectClass: inetOrgPerson
 	[...]
 
-
 ## Administrate your ldap server
 If you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image :
 > [osixia/phpldapadmin](https://github.com/osixia/docker-phpLDAPadmin)
 
+## Backups
+A simple solution to backup your ldap server, our openldap-backup docker image :
+> [osixia/openldap-backup](https://github.com/osixia/docker-openldap-backup)
+
 ## Environment Variables
 
-Environement variables defaults are set in **image/env.yml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yml file as a docker volume to `/etc/env.yml`. See examples below.
+Environement variables defaults are set in **image/env.yaml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yaml file as a docker volume to `/etc/env.yaml`. See examples below.
 
 General container configuration :
-- **LDAP_LOG_LEVEL**: Slap log level. defaults to  `-1`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
+- **LDAP_LOG_LEVEL**: Slap log level. defaults to  `256`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
 
 Required and used for new ldap server only :
 - **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.`
 - **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org`
-- **LDAP_ADMIN_PASSWORD** Admin password. Defaults to `admin`
+- **LDAP_ADMIN_PASSWORD** Ldap Admin password. Defaults to `admin`
+- **LDAP_CONFIG_PASSWORD** Ldap Config password. Defaults to `config`
 
 TLS options :
 - **USE_TLS**: Add openldap TLS capabilities. Defaults to `true`
@@ -187,12 +184,12 @@ Replication options :
 
 Environment variable can be set directly by adding the -e argument in the command line, for example :
 
-	docker run -h ldap.example.org -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
+	docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \
 	-e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap
 
-Or by setting your own `env.yml` file as a docker volume to `/etc/env.yml`
+Or by setting your own `env.yaml` file as a docker volume to `/etc/env.yaml`
 
-	docker run -h ldap.example.org -v /data/my-ldap-env.yml:/etc/env.yml \
+	docker run -v /data/my-env.yaml:/etc/env.yaml \
 	-d osixia/openldap
 
 ## Manual build
@@ -205,7 +202,7 @@ Clone this project :
 Adapt Makefile, set your image NAME and VERSION, for example :
 
 	NAME = osixia/openldap
-	VERSION = 0.10.0
+	VERSION = 1.0.0
 
 	becomes :
 	NAME = billy-the-king/openldap
@@ -217,7 +214,7 @@ Build your image :
 
 Run your image :
 
-	docker run -h ldap.example.org -d billy-the-king/openldap:0.1.0
+	docker run -d billy-the-king/openldap:0.1.0
 
 ## Tests
 

image/Dockerfile

@@ -1,26 +1,32 @@
-FROM osixia/baseimage:0.10.5
+FROM osixia/light-baseimage:0.1.0
 MAINTAINER Bertrand Gouny <[email protected]>
 
-# Use baseimage-docker's init system.
-CMD ["/sbin/my_init"]
+# Use baseimage's init system.
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/run
+CMD ["/container/tool/run"]
 
 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 RUN groupadd -r openldap && useradd -r -g openldap openldap
 
-# Install OpenLDAP, ldap-utils and ssl-kit from baseimage, remove default ldap db
-RUN apt-get -y update && /sbin/enable-service ssl-kit \
-	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
-	slapd ldap-utils ntp \
-	&& rm -rf /var/lib/ldap /etc/ldap/slapd.d
+# Install OpenLDAP, ldap-utils and ssl-helper from baseimage and remove default ldap db
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service-available
+RUN apt-get -y update \
+    && /container/tool/install-service-available ssl-helper-gnutls \
+	  && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
+	     slapd ldap-utils \
+	  && rm -rf /var/lib/ldap /etc/ldap/slapd.d
 
-# Add service directory to /osixia
-ADD service /osixia
+# Add service directory to /container/service
+ADD service /container/service
 
-# Use baseimage service auto-install script and clean all
-RUN ./sbin/auto-install && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+# Use baseimage install-service script and clean all
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service
+RUN /container/tool/install-service \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add default env variables
-ADD env.yml /etc/env.yml
+ADD env.yaml /etc/env.yaml
 
 # Set OpenLDAP data and config directories in a data volume
 VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]

image/env.yml → image/env.yaml

@@ -4,7 +4,7 @@ LDAP_ADMIN_PASSWORD: admin
 LDAP_CONFIG_PASSWORD: config
 
 #See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
-LDAP_LOG_LEVEL: -1
+LDAP_LOG_LEVEL: 256
 
 USE_TLS: true
 SSL_CRT_FILENAME: ldap.crt
@@ -13,7 +13,7 @@ SSL_CA_CRT_FILENAME: ca.crt
 
 
 USE_REPLICATION: false
-# variables $BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD and $SSL_*
+# variables $BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
 # are automaticaly replaced at run time
 
 # if you want to add replication to an existing ldap

image/service/slapd/assets/config/bootstrap/ldif/03-memberOf.ldif

@@ -0,0 +1,5 @@
+# Load memberof module
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof

image/service/slapd/assets/config/bootstrap/ldif/index.ldif → image/service/slapd/assets/config/bootstrap/ldif/04-index.ldif

@@ -2,5 +2,7 @@
 dn: olcDatabase={1}hdb,cn=config
 changetype:  modify
 replace: olcDbIndex
+olcDbIndex: uid eq
+olcDbIndex: memberOf eq
 olcDbIndex: entryCSN eq
 olcDbIndex: entryUUID eq

image/service/slapd/assets/config/bootstrap/ldif/logging.ldif

@@ -1,4 +0,0 @@
-dn: cn=config
-changetype: modify
-replace: olcLogLevel
-olcLogLevel: stats

image/service/slapd/assets/config/tls/tls-enable.ldif

@@ -4,16 +4,16 @@ replace: olcTLSCipherSuite
 olcTLSCipherSuite: SECURE256:-VERS-SSL3.0
 -
 replace: olcTLSCACertificateFile
-olcTLSCACertificateFile: /osixia/slapd/assets/ssl/ca.crt
+olcTLSCACertificateFile: /container/service/slapd/assets/ssl/ca.crt
 -
 replace: olcTLSCertificateFile
-olcTLSCertificateFile: /osixia/slapd/assets/ssl/ldap.crt
+olcTLSCertificateFile: /container/service/slapd/assets/ssl/ldap.crt
 -
 replace: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: /osixia/slapd/assets/ssl/ldap.key
+olcTLSCertificateKeyFile: /container/service/slapd/assets/ssl/ldap.key
 -
 replace: olcTLSDHParamFile
-olcTLSDHParamFile: /osixia/slapd/assets/ssl/dhparam.pem
+olcTLSDHParamFile: /container/service/slapd/assets/ssl/dhparam.pem
 -
 replace: olcTLSVerifyClient
 olcTLSVerifyClient: demand

image/service/slapd/assets/ssl/README.md

@@ -1,2 +1,2 @@
 Add your ssl crt, key and ca crt here
-or during docker run mount a data volume with thoses files to /osixia/slapd/assets/ssl
+or during docker run mount a data volume with thoses files to /container/service/slapd/assets/ssl

image/service/slapd/container-start.sh

@@ -12,9 +12,7 @@ ulimit -n 1024
 #fix file permissions
 chown -R openldap:openldap /var/lib/ldap
 chown -R openldap:openldap /etc/ldap
-chown -R openldap:openldap /osixia/slapd
-
-/etc/init.d/ntp restart
+chown -R openldap:openldap /container/service/slapd
 
 # container first start
 if [ ! -e "$FIRST_START_DONE" ]; then
@@ -46,13 +44,13 @@ if [ ! -e "$FIRST_START_DONE" ]; then
     local LDAP_KEY=$3
 
     # check certificat and key or create it
-    /sbin/ssl-kit "/osixia/slapd/assets/ssl/$LDAP_CRT" "/osixia/slapd/assets/ssl/$LDAP_KEY" --ca-crt=/osixia/slapd/assets/ssl/$CA_CRT --gnutls
+    /sbin/ssl-helper "/container/service/slapd/assets/ssl/$LDAP_CRT" "/container/service/slapd/assets/ssl/$LDAP_KEY" --ca-crt=/container/service/slapd/assets/ssl/$CA_CRT --gnutls
 
     # create DHParamFile if not found
-    [ -f /osixia/slapd/assets/ssl/dhparam.pem ] || openssl dhparam -out /osixia/slapd/assets/ssl/dhparam.pem 2048
+    [ -f /container/service/slapd/assets/ssl/dhparam.pem ] || openssl dhparam -out /container/service/slapd/assets/ssl/dhparam.pem 2048
 
     # fix file permissions
-    chown -R openldap:openldap /osixia/slapd
+    chown -R openldap:openldap /container/service/slapd
   }
 
 
@@ -106,26 +104,23 @@ EOF
   # start OpenLDAP
   echo "Starting openldap..."
   slapd -h "ldapi:///" -u openldap -g openldap
-  echo "ok"
+  echo "[ok]"
 
   # set bootstrap config part 2
   if $BOOTSTRAP; then
 
-    # add ppolicy schema if not already exists
-    ADD_PPOLICY=$(is_new_schema ppolicy)
-    if [ "$ADD_PPOLICY" -eq 1 ]; then
-      ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif
-    fi
+    # add ppolicy schema
+    ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif
 
     # convert schemas to ldif
     SCHEMAS=""
-    for f in $(find /osixia/slapd/assets/config/bootstrap/schema -name \*.schema -type f); do
+    for f in $(find /container/service/slapd/assets/config/bootstrap/schema -name \*.schema -type f); do
       SCHEMAS="$SCHEMAS ${f}"
     done
-    /osixia/slapd/assets/schema-to-ldif.sh "$SCHEMAS"
+    /container/service/slapd/assets/schema-to-ldif.sh "$SCHEMAS"
 
     # add schemas
-    for f in $(find /osixia/slapd/assets/config/bootstrap/schema -name \*.ldif -type f); do
+    for f in $(find /container/service/slapd/assets/config/bootstrap/schema -name \*.ldif -type f); do
       echo "Processing file ${f}"
       # add schema if not already exists
       SCHEMA=$(basename "${f}" .ldif)
@@ -140,14 +135,14 @@ EOF
 
     # set config password
     CONFIG_PASSWORD_ENCRYPTED=$(slappasswd -s $LDAP_CONFIG_PASSWORD)
-    sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /osixia/slapd/assets/config/bootstrap/ldif/config-password.ldif
+    sed -i "s|{{ CONFIG_PASSWORD_ENCRYPTED }}|$CONFIG_PASSWORD_ENCRYPTED|g" /container/service/slapd/assets/config/bootstrap/ldif/01-config-password.ldif
 
     # adapt security config file
     get_base_dn
-    sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/slapd/assets/config/bootstrap/ldif/security.ldif
+    sed -i "s|dc=example,dc=org|$BASE_DN|g" /container/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
 
     # process config files
-    for f in $(find /osixia/slapd/assets/config/bootstrap/ldif  -name \*.ldif -type f); do
+    for f in $(find /container/service/slapd/assets/config/bootstrap/ldif  -name \*.ldif -type f | sort); do
       echo "Processing file ${f}"
       ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f
     done
@@ -162,11 +157,11 @@ EOF
     check_tls_files $SSL_CA_CRT_FILENAME $SSL_CRT_FILENAME $SSL_KEY_FILENAME
 
     # adapt tls ldif
-    sed -i "s,/osixia/slapd/assets/ssl/ca.crt,/osixia/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /osixia/slapd/assets/config/tls/tls-enable.ldif
-    sed -i "s,/osixia/slapd/assets/ssl/ldap.crt,/osixia/slapd/assets/ssl/${SSL_CRT_FILENAME},g" /osixia/slapd/assets/config/tls/tls-enable.ldif
-    sed -i "s,/osixia/slapd/assets/ssl/ldap.key,/osixia/slapd/assets/ssl/${SSL_KEY_FILENAME},g" /osixia/slapd/assets/config/tls/tls-enable.ldif
+    sed -i "s,/container/service/slapd/assets/ssl/ca.crt,/container/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /container/service/slapd/assets/config/tls/tls-enable.ldif
+    sed -i "s,/container/service/slapd/assets/ssl/ldap.crt,/container/service/slapd/assets/ssl/${SSL_CRT_FILENAME},g" /container/service/slapd/assets/config/tls/tls-enable.ldif
+    sed -i "s,/container/service/slapd/assets/ssl/ldap.key,/container/service/slapd/assets/ssl/${SSL_KEY_FILENAME},g" /container/service/slapd/assets/config/tls/tls-enable.ldif
 
-    ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/tls/tls-enable.ldif
+    ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/tls/tls-enable.ldif
 
     [[ -f "$WAS_STARTED_WITH_TLS" ]] && rm -f "$WAS_STARTED_WITH_TLS"
     touch $WAS_STARTED_WITH_TLS
@@ -176,20 +171,20 @@ EOF
     chmod +x $WAS_STARTED_WITH_TLS
 
     # ldap client config
-    sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
+    sed -i "s,TLS_CACERT.*,TLS_CACERT /container/service/slapd/assets/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
     echo "TLS_REQCERT demand" >> /etc/ldap/ldap.conf
 
     [[ -f "$HOME/.ldaprc" ]] && rm -f $HOME/.ldaprc
     touch $HOME/.ldaprc
-    echo "TLS_CERT /osixia/slapd/assets/ssl/${SSL_CRT_FILENAME}" >> $HOME/.ldaprc
-    echo "TLS_KEY /osixia/slapd/assets/ssl/${SSL_KEY_FILENAME}" >> $HOME/.ldaprc
+    echo "TLS_CERT /container/service/slapd/assets/ssl/${SSL_CRT_FILENAME}" >> $HOME/.ldaprc
+    echo "TLS_KEY /container/service/slapd/assets/ssl/${SSL_KEY_FILENAME}" >> $HOME/.ldaprc
 
   else
 
     echo "Don't use TLS"
 
     [[ -f "$WAS_STARTED_WITH_TLS" ]] && rm -f "$WAS_STARTED_WITH_TLS"
-    ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/tls/tls-disable.ldif || true
+    ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/tls/tls-disable.ldif || true
 
   fi
 
@@ -197,49 +192,56 @@ EOF
   # replication config
   if [ "${USE_REPLICATION,,}" == "true" ]; then
 
-    echo "Use replication"
-
-    # copy template file
-    cp /osixia/slapd/assets/config/replication/replication-enable-template.ldif /osixia/slapd/assets/config/replication/replication-enable.ldif
+    if [ -e "$WAS_STARTED_WITH_REPLICATION" ]; then
+      echo "Replication already set"
+    else
+      echo "Use replication"
 
-    REPLICATION_HOSTS=($REPLICATION_HOSTS)
-    i=1
-    for host in "${REPLICATION_HOSTS[@]}"
-    do
+      REPLICATION_HOSTS=($REPLICATION_HOSTS)
+      i=1
+      for host in "${REPLICATION_HOSTS[@]}"
+      do
 
-      #host var contain a variable name, we access to the variable value and cast it to a table
-      host=${!host}
+        #host var contain a variable name, we access to the variable value
+        host=${!host}
 
-      sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /osixia/slapd/assets/config/replication/replication-enable.ldif
-      sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /osixia/slapd/assets/config/replication/replication-enable.ldif
-      sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /osixia/slapd/assets/config/replication/replication-enable.ldif
+        sed -i "s|{{ REPLICATION_HOSTS }}|olcServerID: $i ${host}\n{{ REPLICATION_HOSTS }}|g" /container/service/slapd/assets/config/replication/replication-enable.ldif
+        sed -i "s|{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|olcSyncRepl: rid=00$i provider=${host} ${REPLICATION_CONFIG_SYNCPROV}\n{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}|g" /container/service/slapd/assets/config/replication/replication-enable.ldif
+        sed -i "s|{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|olcSyncRepl: rid=10$i provider=${host} ${REPLICATION_HDB_SYNCPROV}\n{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}|g" /container/service/slapd/assets/config/replication/replication-enable.ldif
 
-      ((i++))
-    done
+        ((i++))
+      done
 
-    get_base_dn
-    sed -i "s|\$BASE_DN|$BASE_DN|g" /osixia/slapd/assets/config/replication/replication-enable.ldif
-    sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /osixia/slapd/assets/config/replication/replication-enable.ldif
-    sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /osixia/slapd/assets/config/replication/replication-enable.ldif
+      get_base_dn
+      sed -i "s|\$BASE_DN|$BASE_DN|g" /container/service/slapd/assets/config/replication/replication-enable.ldif
+      sed -i "s|\$LDAP_ADMIN_PASSWORD|$LDAP_ADMIN_PASSWORD|g" /container/service/slapd/assets/config/replication/replication-enable.ldif
+      sed -i "s|\$LDAP_CONFIG_PASSWORD|$LDAP_CONFIG_PASSWORD|g" /container/service/slapd/assets/config/replication/replication-enable.ldif
 
-    sed -i "/{{ REPLICATION_HOSTS }}/d" /osixia/slapd/assets/config/replication/replication-enable.ldif
-    sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /osixia/slapd/assets/config/replication/replication-enable.ldif
-    sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /osixia/slapd/assets/config/replication/replication-enable.ldif
+      sed -i "/{{ REPLICATION_HOSTS }}/d" /container/service/slapd/assets/config/replication/replication-enable.ldif
+      sed -i "/{{ REPLICATION_HOSTS_CONFIG_SYNC_REPL }}/d" /container/service/slapd/assets/config/replication/replication-enable.ldif
+      sed -i "/{{ REPLICATION_HOSTS_HDB_SYNC_REPL }}/d" /container/service/slapd/assets/config/replication/replication-enable.ldif
 
-    ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/replication/replication-enable.ldif
-    touch $WAS_STARTED_WITH_REPLICATION
+      ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/replication/replication-enable.ldif
+      touch $WAS_STARTED_WITH_REPLICATION
+    fi
 
   else
 
     echo "Don't use replication"
     [[ -f "$WAS_STARTED_WITH_REPLICATION" ]] && rm -f "$WAS_STARTED_WITH_REPLICATION"
-    ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/assets/config/replication/replication-disable.ldif || true
+    ldapmodify -c -Y EXTERNAL -Q -H ldapi:/// -f /container/service/slapd/assets/config/replication/replication-disable.ldif || true
 
-  fi
+    rm -f $WAS_STARTED_WITH_REPLICATION
 
+  fi
 
   # stop OpenLDAP
-  kill -INT `cat /run/slapd/slapd.pid`
+  SLAPD_PID=$(cat /run/slapd/slapd.pid)
+  echo "Kill slapd, pid: $SLAPD_PID"
+  kill -INT $SLAPD_PID
+  echo "[ok]"
+
+  sleep 3
 
   touch $FIRST_START_DONE
 fi

image/service/slapd/daemon.sh

@@ -5,4 +5,4 @@
 # see https://github.com/docker/docker/issues/8231
 ulimit -n 1024
 
-exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d "$LDAP_LOG_LEVEL"
+exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldap://localhost ldaps://localhost ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL

image/service/test/add-host.sh

@@ -1,2 +0,0 @@
-#!/bin/bash -e
-echo $@ >> /etc/hosts

test/database/objectClass.bdb

@@ -32,12 +32,12 @@ load test_helper
 
 @test "ldapsearch new database with strict TLS and custom ca/crt" {
 
-  run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/osixia/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt
+  run_image -h ldap.osixia.net -v $BATS_TEST_DIRNAME/ssl:/container/service/slapd/assets/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt
   wait_service slapd
   run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin
   clear_container
 
-  chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true
+  chmod 777 -R test/config/ test/database/ test/ssl/
 
   [ "$status" -eq 0 ]
 
@@ -50,7 +50,7 @@ load test_helper
   run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=osixia,dc=net -D "cn=admin,dc=osixia,dc=net" -w admin
   clear_container
 
-  chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true
+  chmod 777 -R test/config/ test/database/ test/ssl/
 
   [ "$status" -eq 0 ]
 
@@ -62,30 +62,24 @@ load test_helper
   tmp_file="$BATS_TMPDIR/docker-test"
 
   # replication ldap server
-  LDAP_REPL_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -d $IMAGE_NAME)
+  LDAP_REPL_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true -d $NAME:$VERSION)
   LDAP_REPL_IP=$(get_container_ip_by_cid $LDAP_REPL_CID)
 
+  sleep 2
+
   # ldap server
-  run_image -h ldap.example.org -e USE_REPLICATION=true
+  run_image -h ldap.example.org -e USE_REPLICATION=true -e IS_REPLICATION_TEST=true
 
   # add route to hosts
-  docker exec $LDAP_REPL_CID /osixia/test/add-host.sh $CONTAINER_IP ldap.example.org
-  docker exec $CONTAINER_ID /osixia/test/add-host.sh $LDAP_REPL_IP ldap2.example.org
-
-  # wait services on both servers
-  wait_service slapd
-  wait_service_by_cid $LDAP_REPL_CID slapd
-
-  # restart slapd
-  docker exec $LDAP_REPL_CID pkill slapd
-  docker exec $CONTAINER_ID pkill slapd
+  docker exec $LDAP_REPL_CID /sbin/add-host $CONTAINER_IP ldap.example.org
+  docker exec $CONTAINER_ID /sbin/add-host $LDAP_REPL_IP ldap2.example.org
 
   # wait services on both servers
   wait_service slapd
   wait_service_by_cid $LDAP_REPL_CID slapd
 
   # add user on ldap2.example.org
-  docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/test/new-user.ldif -h ldap2.example.org -ZZ
+  docker exec $LDAP_REPL_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/new-user.ldif -h ldap2.example.org -ZZ
 
   sleep 5
 

test/test_helper.bash

@@ -2,7 +2,7 @@ setup() {
   IMAGE_NAME="$NAME:$VERSION"
 }
 
-# function relative to the current container / image  
+# function relative to the current container / image
 build_image() {
   #disable outputs
   docker build -t $IMAGE_NAME $BATS_TEST_DIRNAME/../image &> /dev/null
@@ -34,12 +34,16 @@ is_service_running() {
   is_service_running_by_cid $CONTAINER_ID $1
 }
 
+is_file_exists() {
+  is_file_exists_by_cid $CONTAINER_ID $1
+}
+
 wait_service() {
   wait_service_by_cid $CONTAINER_ID $@
 }
 
 
-# generic functions 
+# generic functions
 get_container_ip_by_cid() {
   local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1)
   echo "$IP"
@@ -50,7 +54,7 @@ start_containers_by_cid() {
   do
     #disable outputs
     docker start $cid &> /dev/null
-  done 
+  done
 }
 
 stop_containers_by_cid() {
@@ -58,7 +62,7 @@ stop_containers_by_cid() {
   do
     #disable outputs
     docker stop $cid &> /dev/null
-  done 
+  done
 }
 
 remove_containers_by_cid() {
@@ -66,7 +70,7 @@ remove_containers_by_cid() {
   do
     #disable outputs
     docker rm $cid &> /dev/null
-  done 
+  done
 }
 
 clear_containers_by_cid() {
@@ -78,12 +82,18 @@ is_service_running_by_cid() {
   docker exec $1 ps cax | grep $2  > /dev/null
 }
 
+is_file_exists_by_cid() {
+  docker exec $1 cat "/etc/my_init_startup_files_completed" > /dev/null 2>&1
+}
+
 wait_service_by_cid() {
 
   cid=$1
 
+  sleep 1
+
   # first wait image init end
-  while ! is_service_running_by_cid $cid syslog-ng
+  while ! is_file_exists_by_cid $cid /etc/my_init_startup_files_completed
   do
     sleep 1
   done
@@ -98,4 +108,4 @@ wait_service_by_cid() {
   done
 
   sleep 5
-}
+}