tests

Dockerfile

@@ -1,59 +0,0 @@
-FROM osixia/baseimage:0.10.0
-MAINTAINER Bertrand Gouny <[email protected]>
-
-# From Nick Stenning's work
-# https://github.com/nickstenning/docker-slapd
-
-# Default configuration: can be overridden at the docker command line
-ENV DOMAIN_NAME ldap.example.com
-ENV LDAP_DOMAIN example.com
-ENV LDAP_ADMIN_PWD toor
-ENV LDAP_ORGANISATION Example Inc.
-
-ENV WITH_MMC_AGENT false
-ENV MMC_AGENT_LOGIN mmc-docker
-ENV MMC_AGENT_PASSWORD passw0rd
-
-# /!\ To store the data outside the container, 
-# mount /var/lib/ldap and /etc/ldap/slapd.d as a data volume add
-# -v /some/host/directory:/var/lib/ldap and -v /some/other/host/directory:/etc/ldap/slapd.d
-# to the run command
-
-VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
-
-# Disable SSH
-# RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
-
-# Enable dnsmasq
-RUN /sbin/enable-service dnsmasq ca-authority
-
-# Use baseimage-docker's init system.
-CMD ["/sbin/my_init"]
-
-# Add Mandriva MDS repository
-RUN echo "deb http://mds.mandriva.org/pub/mds/debian wheezy main" >> /etc/apt/sources.list
-
-# Resynchronize the package index files from their sources
-RUN apt-get -y update
-
-# Install openldap (slapd) and ldap-utils
-RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils  mmc-agent python-mmc-mail
-
-# Expose ldap and mmc-agent default ports
-EXPOSE 389 7080
-
-# Create TLS certificats directory
-RUN mkdir /etc/ldap/ssl
-
-# Add config directory 
-ADD service/slapd/assets/config /etc/ldap/config
-ADD service/mmc-agent/assets /etc/mmc/agent/assets
-
-# Add slapd deamon
-ADD service/slapd/slapd.sh /etc/service/slapd/run
-
-# Add mmc-agent deamon
-ADD service/mmc-agent/mmc-agent.sh /etc/service/mmc-agent/run
-
-# Clear out the local repository of retrieved package files
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

Makefile

@@ -6,13 +6,13 @@ VERSION = 0.9.2
 all: build
 
 build:
-	docker build -t $(NAME):$(VERSION) --rm .
+	docker build -t $(NAME):$(VERSION) --rm image
 
 test:
-	env NAME=$(NAME) VERSION=$(VERSION) ./test.sh debug
+	env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats
 
 tag_latest:
-	docker tag $(NAME):$(VERSION) $(NAME):latest
+	docker tag -f $(NAME):$(VERSION) $(NAME):latest
 
 release: build test tag_latest
 	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi

README.md

@@ -5,29 +5,4 @@ https://github.com/nickstenning/docker-slapd
 
 Add support of tls.
 
-### How to use tls
-
-Add `-v some/host/dir:/etc/ldap/ssl` and `--dns=127.0.0.1` to the run command.
-
-`some/host/dir` must contain a least 3 files :
-- `ca.crt` certificate authority certificate
-- `ldap.crt` ldap server certificate
-- `ldap.key` ldap server certificate private key
-
-and optionaly `dhparam.pem` this file is genereted automaticaly if not present.
-
-`--dns=127.0.0.1` allow to use the certificate cn correctly.
-
-
-### Example
-
-    docker run --dns=127.0.0.1 \
-               -v /data/ldap/db:/var/lib/ldap \
-               -v /data/ldap/config:/etc/ldap/slapd.d \
-               -v /data/ldap/ssl/:/etc/ldap/ssl \
-               -v /data/ldap/log/:/var/log \
-               -e LDAP_DOMAIN=example.com \
-               -e LDAP_ORGANISATION="Example Corp." \
-               -e LDAP_ROOTPASS=toor \
-               -p 389:389 -d osixia/openldap
-
+Use docker 1.5.0

image/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/baseimage:0.10.2
+FROM osixia/baseimage:0.10.3
 MAINTAINER Bertrand Gouny <[email protected]>
 
 # Set correct environment variables.
@@ -10,9 +10,9 @@ CMD ["/sbin/my_init"]
 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 RUN groupadd -r openldap && useradd -r -g openldap openldap
 
-# Install OpenLDAP and ldap-utils (with ssl-kit from baseimage), remove default db
-RUN apt-get -y update && /sbin/enable-service ssl-kit
-	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils
+# Install OpenLDAP and ldap-utils (and ssl-kit from baseimage), remove default ldap db
+RUN apt-get -y update && /sbin/enable-service ssl-kit \
+	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils \
 	&& rm -rf /var/lib/ldap
 
 # Add install script and OpenLDAP assets
@@ -27,48 +27,11 @@ RUN ./tmp/install.sh && rm /tmp/install.sh \
 ADD env.yml /etc/env.yml
 
 # Add OpenLDAP container start config & daemon
-ADD service/slapd/container-start.sh /etc/my_init.d/1-slapd
+ADD service/slapd/container-start.sh /etc/my_init.d/slapd
 ADD service/slapd/daemon.sh /etc/service/slapd/run
 
 # Set OpenLDAP data and config directories in a data volume
 VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
 
 # Expose ldap default port
-EXPOSE 389
-
-# Disable SSH
-# RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
-
-# Enable dnsmasq
-RUN /sbin/enable-service dnsmasq ca-authority
-
-# Use baseimage-docker's init system.
-CMD ["/sbin/my_init"]
-
-# Add Mandriva MDS repository
-RUN echo "deb http://mds.mandriva.org/pub/mds/debian wheezy main" >> /etc/apt/sources.list
-
-# Resynchronize the package index files from their sources
-RUN apt-get -y update
-
-# Install openldap (slapd) and ldap-utils
-RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils  mmc-agent python-mmc-mail
-
-# Expose ldap and mmc-agent default ports
-EXPOSE 389 7080
-
-# Create TLS certificats directory
-RUN mkdir /etc/ldap/ssl
-
-# Add config directory 
-ADD service/slapd/assets/config /etc/ldap/config
-ADD service/mmc-agent/assets /etc/mmc/agent/assets
-
-# Add slapd deamon
-ADD service/slapd/slapd.sh /etc/service/slapd/run
-
-# Add mmc-agent deamon
-ADD service/mmc-agent/mmc-agent.sh /etc/service/mmc-agent/run
-
-# Clear out the local repository of retrieved package files
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+EXPOSE 389

image/env.yml

@@ -2,14 +2,9 @@ LDAP_ORGANISATION: Example Inc.
 LDAP_DOMAIN: example.org
 LDAP_ADMIN_PASSWORD: toor
 
-SERVER_NAME: ldap.example.com
+SERVER_NAME: ldap.example.org
 
 USE_TLS: true
-SSL_CRT_FILENAME: wordpress.crt
-SSL_KEY_FILENAME: wordpress.key
-SSL_CA_CRT_FILENAME: ca.crt
-
-
-WITH_MMC_AGENT: false
-MMC_AGENT_USER: mmc-docker
-MMC_AGENT_PASSWORD: passw0rd
+SSL_CRT_FILENAME: ldap.crt
+SSL_KEY_FILENAME: ldap.key
+SSL_CA_CRT_FILENAME: ca.crt

image/service/mmc-agent/assets/append_to_mail.ini

@@ -1,3 +0,0 @@
-[userdefault] 
-mailbox = /home/vmail/%uid%/ 
-mailuserquota = 204800

image/service/mmc-agent/assets/convert_to_ldif

@@ -1,6 +0,0 @@
-include /etc/ldap/schema/core.schema
-include /etc/ldap/schema/cosine.schema
-include /etc/ldap/schema/nis.schema
-include /etc/ldap/schema/inetorgperson.schema
-include /usr/share/doc/mmc/contrib/base/mmc.schema
-include /usr/share/doc/mmc/contrib/mail/mail.schema

image/service/mmc-agent/container-start.sh

@@ -1,86 +0,0 @@
-#!/bin/sh
-
-# -e Exit immediately if a command exits with a non-zero status
-set -e
-
-WITH_MMC_AGENT=${WITH_MMC_AGENT}
-
-# Run mmc-agent
-if [ "$WITH_MMC_AGENT" = true ]; then
-
-  # Openldap is configured
-  if [ -e /etc/ldap/slapd.d/docker_bootstrapped ]; then
-
-    # mmc-agent is not already configured
-    if [ ! -e /etc/mmc/agent/docker_bootstrapped ]; then
-      status "configuring mmc-agent for first run"
-
-       status () {
-        echo "---> ${@}" >&2
-      }
-
-      getBaseDn () {
-        IFS="."
-        export IFS
-
-        domain=$1
-        init=1
-
-        for s in $domain; do
-          dc="dc=$s"
-          if [ "$init" -eq 1 ]; then
-            baseDn=$dc
-            init=0
-        else
-            baseDn="$baseDn,$dc" 
-          fi
-        done
-      }
-
-      DOMAIN_NAME=${DOMAIN_NAME}
-      WITH_MMC_AGENT=${WITH_MMC_AGENT}
-      LDAP_DOMAIN=${LDAP_DOMAIN}
-      LDAP_ADMIN_PWD=${LDAP_ADMIN_PWD}
-      MMC_AGENT_LOGIN=${MMC_AGENT_LOGIN}
-      MMC_AGENT_PASSWORD=${MMC_AGENT_PASSWORD}
-
-      # mmc-agent config
-      sed -i -e "s/127.0.0.1/0.0.0.0/" /etc/mmc/agent/config.ini #listen on docker default network
-      sed -i -e "s/login = mmc/login = $MMC_AGENT_LOGIN/" /etc/mmc/agent/config.ini
-      sed -i -e "s/password = s3cr3t/password = $MMC_AGENT_PASSWORD/" /etc/mmc/agent/config.ini
-
-      # generate ssl certificate
-      rm /etc/mmc/agent/keys/cacert.pem /etc/mmc/agent/keys/localcert.pem
-      /sbin/ssl-create-cert mmc /etc/mmc/agent/keys/cacert.pem /etc/mmc/agent/keys/localcert.pem
-
-      # Get base dn from ldap domain
-      getBaseDn ${LDAP_DOMAIN}
-
-      sed -i -e "s/dc=mandriva, dc=com/$baseDn/" /etc/mmc/plugins/base.ini
-      sed -i -e "s/password = secret/password = $LDAP_ADMIN_PWD/" /etc/mmc/plugins/base.ini
-
-      mkdir /home/archives
-
-      # Mail plugin
-
-      sed -i -e 's/vDomainSupport = 0/vDomainSupport = 1/g' /etc/mmc/plugins/mail.ini
-      sed -i -e 's/vAliasesSupport = 0/vAliasesSupport = 1/g' /etc/mmc/plugins/mail.ini
-      cat /etc/mmc/agent/assets/append_to_mail.ini >> /etc/mmc/plugins/mail.ini
-
-      touch /etc/mmc/agent/docker_bootstrapped
-    else
-      status "found already-configured mmc-agent"
-    fi
-
-    # Run mmc-agent
-    exec /usr/sbin/mmc-agent -d
-
-  # wait openldap config done
-  else
-    sleep 3s
-  fi
-
-# Do nothing but needed for runit
-else 
-  sleep 1d
-fi

image/service/slapd/assets/config/README.md

@@ -0,0 +1 @@
+Add your ldif config file here

image/service/slapd/assets/config/modify/logging.ldif → image/service/slapd/assets/config/logging.ldif

@@ -1,4 +1,4 @@
 dn: cn=config
 changetype: modify
 replace: olcLogLevel
-olcLogLevel: stats
+olcLogLevel: stats

image/service/slapd/assets/ssl/README.md

@@ -0,0 +1,2 @@
+Add your ssl crt, key and ca crt here
+or during docker run mount a data volume with thoses files to /osixia/slapd/ssl

image/service/slapd/assets/config/modify/auto/tls.ldif → image/service/slapd/assets/tls.ldif

@@ -4,17 +4,16 @@ add: olcTLSCipherSuite
 olcTLSCipherSuite: SECURE256:-VERS-SSL3.0
 -
 replace: olcTLSCACertificateFile
-olcTLSCACertificateFile: /etc/ldap/ssl/ca.crt
+olcTLSCACertificateFile: /osixia/slapd/ssl/ca.crt
 -
 replace: olcTLSCertificateFile
-olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+olcTLSCertificateFile: /osixia/slapd/ssl/ldap.crt
 -
 replace: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+olcTLSCertificateKeyFile: /osixia/slapd/ssl/ldap.key
 -
 replace: olcTLSDHParamFile
-olcTLSDHParamFile: /etc/ldap/ssl/dhparam.pem
+olcTLSDHParamFile: /osixia/slapd/ssl/dhparam.pem
 -
 replace: olcTLSVerifyClient
-olcTLSVerifyClient: never
-
+olcTLSVerifyClient: never

image/service/slapd/container-start.sh

@@ -2,6 +2,10 @@
 
 FIRST_START_DONE="/etc/docker-openldap-first-start-done"
 
+#fix file permissions
+chown -R openldap:openldap /var/lib/ldap 
+chown -R openldap:openldap /etc/ldap
+
 # container first start
 if [ ! -e "$FIRST_START_DONE" ]; then
 
@@ -27,9 +31,6 @@ EOF
     dpkg-reconfigure -f noninteractive slapd
   fi
 
-  #fix file permissions
-  chown -R openldap:openldap /var/lib/ldap 
-  chown -R openldap:openldap /etc/ldap
 
   # start OpenLDAP
   slapd -h "ldapi:///" -u openldap -g openldap 
@@ -38,130 +39,40 @@ EOF
   if [ "${USE_TLS,,}" == "true" ]; then
 
     # check certificat and key or create it
-    /sbin/ssl-kit "/osixia/slapd/$SSL_CRT_FILENAME" "/osixia/slapd/$SSL_KEY_FILENAME" --ca-crt=/osixia/slapd/$SSL_CA_CRT_FILENAME --gnutls
-    chown openldap:openldap -R /osixia/slapd
-
-
-  fi
-
-  # stop OpenLDAP
-  kill -INT `cat /run/slapd/slapd.pid`
-
-  touch $FIRST_START_DONE
-fi
-
-exit 0
-
-
+    /sbin/ssl-kit "/osixia/slapd/ssl/$SSL_CRT_FILENAME" "/osixia/slapd/ssl/$SSL_KEY_FILENAME" --ca-crt=/osixia/slapd/ssl/$SSL_CA_CRT_FILENAME --gnutls
 
+    # create DHParamFile if not found
+    [ -f /osixia/slapd/ssl/dhparam.pem ] || openssl dhparam -out /osixia/slapd/ssl/dhparam.pem 2048
 
-#!/bin/sh
+    # adapt tls ldif
+    sed -i "s,/osixia/slapd/ssl/ca.crt,/osixia/slapd/ssl/${SSL_CA_CRT_FILENAME},g" /osixia/slapd/tls.ldif
+    sed -i "s,/osixia/slapd/ssl/ldap.crt,/osixia/slapd/ssl/${SSL_CRT_FILENAME},g" /osixia/slapd/tls.ldif
+    sed -i "s,/osixia/slapd/ssl/ldap.key,/osixia/slapd/ssl/${SSL_KEY_FILENAME},g" /osixia/slapd/tls.ldif
 
-set -eu
-
-status () {
-  echo "---> ${@}" >&2
-}
-
-
-set -x
-: LDAP_ADMIN_PWD=${LDAP_ADMIN_PWD}
-: LDAP_DOMAIN=${LDAP_DOMAIN}
-: LDAP_ORGANISATION=${LDAP_ORGANISATION}
-: DOMAIN_NAME=${DOMAIN_NAME}
-
-
-############ Base config ############
-if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
-  status "configuring slapd database"
-
-
-
-
-
-  touch /var/lib/ldap/docker_bootstrapped
-
-else
-  status "slapd database found"
-fi
+    # set tls config
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f /osixia/slapd/tls.ldif -Q 
 
+    # add localhost route to certificate cn (need docker 1.5.0)
+    cn=$(openssl x509 -in /osixia/slapd/ssl/$SSL_CRT_FILENAME -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
+    echo "127.0.0.1 $cn" >> /etc/hosts
 
-############ Custom config ############
-if [ ! -e /etc/ldap/slapd.d/docker_bootstrapped ]; then
-  status "Custom config"
-
-  slapd -h "ldapi:///" -u openldap -g openldap 
-  chown -R openldap:openldap /etc/ldap 
-
-  if [ "$WITH_MMC_AGENT" = true ]; then
-
-    # Convert needed mmc ldap schema to ldif
-    mkdir -p /etc/ldap/schema/converted
-    slaptest -f /etc/mmc/agent/assets/convert_to_ldif -F /etc/ldap/schema/converted
-
-    sed -i -e 's/^dn:.*$/dn: cn=mmc,cn=schema,cn=config/; s/^cn:.*$/cn: mmc/; /^structuralObjectClass:.*$/d; /^entryUUID:.*$/d; /^creatorsName:.*$/d; /^createTimestamp:.*$/d; /^entryCSN:.*$/d; /^modifiersName:.*$/d; /^modifyTimestamp:.*$/d' /etc/ldap/schema/converted/cn\=config/cn\=schema/cn=\{4\}mmc.ldif
-  
-    sed -i -e 's/^dn:.*$/dn: cn=mail,cn=schema,cn=config/; s/^cn:.*$/cn: mail/; /^structuralObjectClass:.*$/d; /^entryUUID:.*$/d; /^creatorsName:.*$/d; /^createTimestamp:.*$/d; /^entryCSN:.*$/d; /^modifiersName:.*$/d; /^modifyTimestamp:.*$/d' /etc/ldap/schema/converted/cn\=config/cn\=schema/cn=\{5\}mail.ldif
-
-    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/converted/cn\=config/cn\=schema/cn=\{4\}mmc.ldif -Q 
-    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/converted/cn\=config/cn\=schema/cn=\{5\}mail.ldif -Q 
-
-  fi
-
-  # TLS
-  if [ -e /etc/ldap/ssl/ldap.crt ] && [ -e /etc/ldap/ssl/ldap.key ] && [ -e /etc/ldap/ssl/ca.crt ]; then
-    status "certificates found"
-
-  else
-
-    # generate default tls certificate
-    export SSL_SLAPD_COMMON_NAME="$DOMAIN_NAME"
-    export SSL_SLAPD_ORGANIZATION="${LDAP_ORGANISATION}"
-
-    /sbin/ssl-gnutls-create-signed-cert slapd /etc/ldap/ssl/ldap.crt /etc/ldap/ssl/ldap.key
-    ln -s /etc/ssl/certs/docker_baseimage_gnutls_cacert.pem /etc/ldap/ssl/ca.crt
-
+    # local ldap tls client config
+    sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/slapd/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
   fi
 
-  # Fix permission on certificates
-  chown openldap:openldap -R /etc/ldap/ssl
-  chmod 600 /etc/ldap/ssl/ldap.key
-
-  # ldap client config
-  sed -i 's,TLS_CACERT.*,TLS_CACERT /etc/ldap/ssl/ca.crt,g' /etc/ldap/ldap.conf
- 
-  # create DHParamFile if not found
-  [ -f /etc/ldap/ssl/dhparam.pem ] || openssl dhparam -out /etc/ldap/ssl/dhparam.pem 2048
-
-  ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/config/modify/auto/tls.ldif -Q 
-
-  # add fake dnsmasq route to certificate cn
-  cn=$(openssl x509 -in /etc/ldap/ssl/ldap.crt -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
-  /sbin/dns-add-host 127.0.0.1 $cn
-
-  # Replication
-  # todo :)
-
-  # Add config
-  for f in $(find /etc/ldap/config/add -maxdepth 1 -name \*.ldif -type f); do
+  # OpenLDAP config 
+  for f in $(find /osixia/slapd/config -name \*.ldif -type f); do
     status "Processing file ${f}"
-    ldapadd -Y EXTERNAL -H ldapi:/// -f $f -Q 
-  done
-
-  # Modify config 
-  for f in $(find /etc/ldap/config/modify -maxdepth 1 -name \*.ldif -type f); do
-    status "Processing file ${f}"
-    ldapmodify -Y EXTERNAL -H ldapi:/// -f $f -Q 
+    ldapmodify -r -Y EXTERNAL -H ldapi:/// -f $f -Q 
   done
 
+  # stop OpenLDAP
   kill -INT `cat /run/slapd/slapd.pid`
 
-  touch /etc/ldap/slapd.d/docker_bootstrapped
-
-else
-  status "found already-configured slapd"
+  touch $FIRST_START_DONE
 fi
 
-status "starting slapd on default port 389"
-set -x
+# fix file permissions
+chown openldap:openldap -R /osixia/slapd
 
+exit 0

image/service/slapd/daemon.sh

@@ -0,0 +1,4 @@
+set_cachesize 0 2097152 0
+set_lk_max_objects 1500
+set_lk_max_locks 1500
+set_lk_max_lockers 1500

test/ssl/dhparam.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAwC8hQ6nZ2kNNmZAGGYN8++rUvNlDjKqdwWubUnqY08ng6FfGcouL
+VSvgsF3LeERW/h4hrkgN983QjwrbBOrNp+7B59lhCs6Acvi87dXf3iaGNy4Gca43
+ERVkAJ7IWdXydyb9COANRtmBb1JvvYMAeVeMdofk8EcOW/kUV2adAQKluAcVhgRQ
+Pesp5i6Lv1kN5zVHDGkrJz5h0Mzi35aYia0gSnVCqEzmU7Omnz/gXY3Jdx91ym5Y
+2dTZuUZgIhco2bfPbhDl/1g0a1PWz7rxw24KJloNZC3nEt3JqIto83GsgaUtYxFT
+EWINSpghTjl4Z0CGCamJ6HXsNJGaVUXuGwIBAg==
+-----END DH PARAMETERS-----

test/ssl/test-ca.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAh+gAwIBAgIEU2ehnzANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU
+ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNTExWhcNMTUwNTA1
+MTQzNTExWjAjMSEwHwYDVQQDExhUZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwggFS
+MA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQDdf+DVT4rPGxNB1SwL6git8Lw1
+AsEvd+rHAMKyCSRxbJywvtN/OKxVz4qWCkoRvcffG0uyoWRE+1w6DnT8ON+8uvuI
+2wbrLydFxuZdouZZJiX0QbXWra9lQpDWO2EAiPFchbN/K9+fXwV4SpsI3B7bGwM/
+sVtn6khbxvtzn+9yUmjIpA7q8i9NLVoX8UwagANtFIVE/Dc/MwaX7ayu6yYiNLXx
+GHzWXzQcTS6vWcVaf+pkq6/zZdXn0jVNfqnwAu3ooTWO3BeuQvGaQeRpRVlM0lPh
+oM7YFhR8b13Y5EmkZtSjoM+7ZOKF5mqBvluj65gIcQxnx4l4YCZ4MUVAlZBYc87h
+2JSYrAlq6eBhJzkNDi21jqtqSr1i08XICZrz4Vk8lrexWbRGzyz537La1LYNAgMB
+AAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E
+FgQUnod7FQfSDLyWVeBSTTdCriQoEHYwDQYJKoZIhvcNAQELBQADggExAGtv/8Ot
+3Acs+KlR+0OBtnWe6sfzfQ2fRJvol7szp0Nto+zTZLbtCEvNGIVkd8eLrm9a9soa
+pY/pC6dAPPZHho/G46quSjtSARU/tlbabkRsCfHiWIvtjqKIyzqk+YjOc767pd0G
+iWKxF98sI4fKdlZ+Aqw+9vO2KwQMYEtrIiCbPUYMff/BzxkrwUBnYcTjISPwEd3Z
+JylfG78qsB8N6UOf89jRX2O7HCy6CGJvcuxbkwaCd5iqgLhBXj9bU7xgy/A2udav
+JV/uV+vWDcy8cI22Xz1jfPpimAZjv+Qb3NjDX5nxjTciAEsNges0QdxZ71dfEqo+
+DGSImtM8ORivPw7oXADztCC+11KcV4THa6wmu+Sblsxe46ldAwb6MLvMN04zALUN
+mW4ojToqYgz9Jgc=
+-----END CERTIFICATE-----

test/ssl/test-ldap.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAbugAwIBAgIEU2eiHTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU
+ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNzE3WhcNMjQwNTAy
+MTQzNzE3WjBAMR4wHAYDVQQKExVUZXN0IENvbXBhbnkgLSBPc2l4aWExHjAcBgNV
+BAMTFWxkYXAtdGVzdC5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA0/9/VYQARBLg7TrEiO4DAjcBAt3u3IQNNo8YdsL9iGwmRTPOspxOBVuQ
+2AVEIuT+4KLnm01q1NA+tEvXdfXI9eIN5zjCVTdt6VqwrF9E3zWxYEkuSJ4FWOhN
+dc0837hWBg+mBl/d6fSTkmeRc9fpwwr1jK7t10/BIzMr/pCzf10CAwEAAaN2MHQw
+DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMD
+B6AAMB0GA1UdDgQWBBThLwuObrBzlp4qsKs0NHFMrCgn8jAfBgNVHSMEGDAWgBSe
+h3sVB9IMvJZV4FJNN0KuJCgQdjANBgkqhkiG9w0BAQsFAAOCATEAiAl9RGibKsfQ
+5Vbz2ZjsykzYj9Dhkxp7fc7RdrK0SEHGXn8Qeg5jf+j9DtfhTrZPVF7Jn4WOvuqh
+okQPrwRaDox6rtFPjsIR9JIO3/N2OvA3ozQyWqzB1ksU7CHJ5jGRskHBftSH2xwF
+kdGvSMIAmr9VpZ/sp4ykmADWC/bfz8BXYJDOsCBzJMtss/12hBqiJQhSsuBAsOT7
+40hG0t2S7mjGHWDF9PoARmNQ7X3Xc8j7V+dXLpNfZfc+htgI27WcOv7al4kxd//p
+22a77U/q+9B1CV8T2q1UTRnQqPHxtgoRLd+5qzEtzBW37ecAs2eAs9Z7D3O/fScu
+v0RxHSpnZDtL/JZcf3KO96l4sqCp6Ue5Ldg3tOvD4O46hjrlvUYnHcDdJjNYZ7rD
+f5kGXs20Mg==
+-----END CERTIFICATE-----

test/ssl/test-ldap.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDT/39VhABEEuDtOsSI7gMCNwEC3e7chA02jxh2wv2IbCZFM86y
+nE4FW5DYBUQi5P7gouebTWrU0D60S9d19cj14g3nOMJVN23pWrCsX0TfNbFgSS5I
+ngVY6E11zTzfuFYGD6YGX93p9JOSZ5Fz1+nDCvWMru3XT8EjMyv+kLN/XQIDAQAB
+AoGAHY7OgKxWYydkr/7VHyhcSAdGP1GVN667ruM1rH1UXxyBG331MEcFw853+/6D
++P+Hn+dmtmsNXZ2pWHcIk/xQZ+MEsAdm+OZ1qpBJjHA0izJ6sqZaNxSToKCR4SHM
+/ACPAKqM9r2g1jqXzLKzgHBVc25Fonb1vUilTpC3YfaN+sECQQDmQGEcEK9Lvyi9
+RV1fONDP3Z9cPRaSzpjUjlQAWNbhvcoUYV4AOy+tVClDErRIs/Oo+wCOL+bHlMom
+zghcmxThAkEA67SPV0pNFR32gXvRZT4uKvCJcAjmNY4LMpet5DJ41Spq6+lbqXwY
+1e87zEei1UvdmEXOjVsa1wXcg8Ks+/59/QJAHh+CFOfh5ykFLW3rv09xkiBOfwTG
+9UHuILDWMI1u322zCGOMpr8Xh7ehBlNmHrTcRdlAw1lk+etvXxBJa8QmQQJABbNT
+OCg63wTfflgxQ0KSuUUh/cypTKhHywxyDy/NTlJ9TYFSTzIKI7pqdtFQtdnk3Rbr
+HO4UIxkoMSOXLW0FPQJARScXqZd7Lmwlw+ovAubfdOZdxjWGFZLRRZifiYZqtnQ1
+aw8PjdkaIPxLjCwSOelV9SsMue6a7nvkxKEn6QbT0w==
+-----END RSA PRIVATE KEY-----

test/test.bats

@@ -0,0 +1,58 @@
+#!/usr/bin/env bats
+load test_helper
+
+@test "image build" {
+
+  run build_image
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch new database" {
+
+  run_image -e USE_TLS=false
+  wait_service slapd
+  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org
+  clear_container
+
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch new database with strict TLS" {
+
+  run_image
+  wait_service slapd
+  run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ
+  clear_container
+
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch new database with strict TLS and custom ca/crt" {
+
+  run_image -v $BATS_TEST_DIRNAME/ssl:/osixia/slapd/ssl -e SSL_CRT_FILENAME=test-ldap.crt -e SSL_KEY_FILENAME=test-ldap.key -e SSL_CA_CRT_FILENAME=test-ca.crt
+  wait_service slapd
+  run docker exec $CONTAINER_ID ldapsearch -x -h ldap-test.example.com -b dc=example,dc=org -ZZ
+  clear_container
+
+  chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME/ssl || true
+
+  [ "$status" -eq 0 ]
+
+}
+
+@test "ldapsearch existing database and config" {
+  skip
+  run_image -e USE_TLS=false -v $BATS_TEST_DIRNAME/database:/var/lib/ldap 
+  wait_service slapd
+  sleep 60
+  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=test-ldap,dc=osixia,dc=net
+  clear_container
+
+  chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME/database || true
+
+  [ "$status" -eq 0 ]
+
+}

test/test_helper.bash

@@ -0,0 +1,101 @@
+setup() {
+  IMAGE_NAME="$NAME:$VERSION"
+}
+
+# function relative to the current container / image  
+build_image() {
+  #disable outputs
+  docker build -t $IMAGE_NAME $BATS_TEST_DIRNAME/../image &> /dev/null
+}
+
+run_image() {
+  CONTAINER_ID=$(docker run $@ -d $IMAGE_NAME)
+  CONTAINER_IP=$(get_container_ip_by_cid $CONTAINER_ID)
+}
+
+start_container() {
+  start_containers_by_cid $CONTAINER_ID
+}
+
+stop_container() {
+  stop_containers_by_cid $CONTAINER_ID
+}
+
+remove_container() {
+ remove_containers_by_cid $CONTAINER_ID
+}
+
+clear_container() {
+  stop_containers_by_cid $CONTAINER_ID
+  remove_containers_by_cid $CONTAINER_ID
+}
+
+is_service_running() {
+  is_service_running_by_cid $CONTAINER_ID $1
+}
+
+wait_service() {
+  wait_service_by_cid $CONTAINER_ID $@
+}
+
+
+# generic functions 
+get_container_ip_by_cid() {
+  local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1)
+  echo "$IP"
+}
+
+start_containers_by_cid() {
+  for cid in "$@"
+  do
+    #disable outputs
+    docker start $cid &> /dev/null
+  done 
+}
+
+stop_containers_by_cid() {
+  for cid in "$@"
+  do
+    #disable outputs
+    docker stop $cid &> /dev/null
+  done 
+}
+
+remove_containers_by_cid() {
+  for cid in "$@"
+  do
+    #disable outputs
+    docker rm $cid &> /dev/null
+  done 
+}
+
+clear_containers_by_cid() {
+  stop_containers_by_cid $@
+  remove_containers_by_cid $@
+}
+
+is_service_running_by_cid() {
+  docker exec $1 ps cax | grep $2  > /dev/null
+}
+
+wait_service_by_cid() {
+
+  cid=$1
+
+  # first wait image init end
+  while ! is_service_running_by_cid $cid syslog-ng
+  do
+    sleep 1
+  done
+
+  for service in "${@:2}"
+  do
+    # wait service
+    while ! is_service_running_by_cid $cid $service
+    do
+      sleep 1
+    done
+  done
+
+  sleep 5
+}