Merge branch 'release-0.3.0' into stable

slapd.sh

@@ -11,10 +11,14 @@ set -x
 : LDAP_DOMAIN=${LDAP_DOMAIN}
 : LDAP_ORGANISATION=${LDAP_ORGANISATION}
 
-############ Base config ############
+
 if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
   status "configuring slapd for first run"
 
+  # permission error on /etc/ldap/slapd.conf if not set?! :'(
+  adduser openldap root
+
+  ############ Base config ############
   cat <<EOF | debconf-set-selections
 slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PWD}
 slapd slapd/internal/adminpw password ${LDAP_ADMIN_PWD}
@@ -33,13 +37,8 @@ EOF
 
   dpkg-reconfigure -f noninteractive slapd
 
-  touch /var/lib/ldap/docker_bootstrapped
 
-else
-  status "found already-configured slapd"
-fi
-
-############ Dynamic config ############
+  ############ Custom config ############
   slapd -h "ldap:/// ldapi:///" -u openldap -g openldap 
   chown -R openldap:openldap /etc/ldap
 
@@ -52,10 +51,10 @@ if [ -e /etc/ldap/ssl/ldap.crt ] && [ -e /etc/ldap/ssl/ldap.key ] && [ -e /etc/l
     # create DHParamFile if not found
     [ -f /etc/ldap/ssl/dhparam.pem ] || openssl dhparam -out /etc/ldap/ssl/dhparam.pem 2048
 
-  ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/config/auto/tls.ldif 
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/config/auto/tls.ldif -Q 
 
     # add fake dnsmasq route to certificate cn
-  cn=$(openssl x509 -in /etc/ldap/ssl/ldap.crt -subject -noout | sed -n 's/.*CN=\(.*\).\^*/\1/p')
+    cn=$(openssl x509 -in /etc/ldap/ssl/ldap.crt -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
     echo "127.0.0.1	" $cn >> /etc/dhosts
 
   fi
@@ -66,10 +65,16 @@ fi
   # Other config files
   for f in $(find /etc/ldap/config -maxdepth 1 -name \*.ldif -type f); do
     status "Processing file ${f}"
-  ldapmodify -Y EXTERNAL -H ldapi:/// -f $f
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f $f -Q 
   done
 
-pkill slapd
+  kill -INT `cat /run/slapd/slapd.pid`
+
+  touch /var/lib/ldap/docker_bootstrapped
+
+else
+  status "found already-configured slapd"
+fi
 
 status "starting slapd on default port 389"
 set -x

test.sh

+#!/bin/sh
+
+# Tests
+error=0
+ok=0
+
+echo_start () {
+  echo "------- Start $* test -------"
+}
+
+echo_error () {
+  echo "\n$(tput setaf 1)/!\ $* failed$(tput sgr0)\n"
+  error=`expr $error + 1`
+}
+
+echo_ok () {
+  echo "\n--> $* ok\n"
+  ok=`expr $ok + 1`
+}
+
+run_test () {
+  fction=$1
+  out=test/test.out
+
+  echo_start $fction
+
+  #./test/$1.sh | tee $out 2>&1
+  ./test/$1.sh > $out 2>&1
+  
+  if [ "$(grep -c "$2" $out)" -eq 0 ]; then
+    echo_error $fction
+  else
+    echo_ok  $fction
+  fi
+
+  rm $out
+}
+
+
+./test/tools/prepare.sh
+run_test build "Successfully built"
+run_test run-simple "dn: dc=example,dc=com"
+run_test run-tls "dn: dc=example,dc=com"
+./test/tools/end.sh
+
+echo "------- Test finished -------"
+echo $error " failed " $ok " passed"
+

test/build.sh

+#!/bin/sh
+sudo docker.io build -t openldap-test .
+#sudo docker.io build --no-cache=true -t openldap-test .
+

test/delete-container.sh

+#!/bin/sh
+
+# remove openldap test containers
+sudo docker.io ps -a > testcontainers.out
+
+if [ "$(grep -c "openldap-test-container" ./testcontainers.out)" -ne 0 ]; then
+  sudo docker.io stop openldap-test-container
+  sudo docker.io rm openldap-test-container
+fi
+
+rm testcontainers.out

test/end.sh

+#!/bin/sh
+
+./test/delete-container.sh

test/prepare.sh

+#!/bin/sh
+
+./test/delete-container.sh

test/run-simple.sh

+#!/bin/sh
+
+docker.io run --name openldap-test-container -p 65389:389 -d openldap-test
+sleep 5
+ldapsearch -x -h localhost -p 65389 -b dc=example,dc=com
+
+$(pwd)/test/tools/delete-container.sh

test/run-tls.sh

+#!/bin/sh
+
+docker.io run  --name openldap-test-container --dns=127.0.0.1 -v `pwd`/test/ssl:/etc/ldap/ssl -p 65389:389 -d openldap-test
+
+cert=$(echo `pwd`/test/ssl/ldap.crt)
+certCN=$(openssl x509 -in $cert -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
+addLine=$(echo "127.0.0.1" $certCN)
+
+echo $addLine >> /etc/hosts
+cp /etc/ldap/ldap.conf /etc/ldap/ldap.conf.old
+sed -i 's,TLS_CACERT.*,TLS_CACERT '"$cert"',g' /etc/ldap/ldap.conf
+
+
+sleep 5
+ldapsearch -x -h $certCN -p 65389 -b dc=example,dc=com -ZZ
+
+sed -i '/'"$addLine"'/d' /etc/hosts
+cp /etc/ldap/ldap.conf.old /etc/ldap/ldap.conf
+rm /etc/ldap/ldap.conf.old
+
+$(pwd)/test/tools/delete-container.sh

test/ssl/ca.crt

+-----BEGIN CERTIFICATE-----
+MIIDZzCCAh+gAwIBAgIEU2ehnzANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU
+ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNTExWhcNMTUwNTA1
+MTQzNTExWjAjMSEwHwYDVQQDExhUZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwggFS
+MA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQDdf+DVT4rPGxNB1SwL6git8Lw1
+AsEvd+rHAMKyCSRxbJywvtN/OKxVz4qWCkoRvcffG0uyoWRE+1w6DnT8ON+8uvuI
+2wbrLydFxuZdouZZJiX0QbXWra9lQpDWO2EAiPFchbN/K9+fXwV4SpsI3B7bGwM/
+sVtn6khbxvtzn+9yUmjIpA7q8i9NLVoX8UwagANtFIVE/Dc/MwaX7ayu6yYiNLXx
+GHzWXzQcTS6vWcVaf+pkq6/zZdXn0jVNfqnwAu3ooTWO3BeuQvGaQeRpRVlM0lPh
+oM7YFhR8b13Y5EmkZtSjoM+7ZOKF5mqBvluj65gIcQxnx4l4YCZ4MUVAlZBYc87h
+2JSYrAlq6eBhJzkNDi21jqtqSr1i08XICZrz4Vk8lrexWbRGzyz537La1LYNAgMB
+AAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E
+FgQUnod7FQfSDLyWVeBSTTdCriQoEHYwDQYJKoZIhvcNAQELBQADggExAGtv/8Ot
+3Acs+KlR+0OBtnWe6sfzfQ2fRJvol7szp0Nto+zTZLbtCEvNGIVkd8eLrm9a9soa
+pY/pC6dAPPZHho/G46quSjtSARU/tlbabkRsCfHiWIvtjqKIyzqk+YjOc767pd0G
+iWKxF98sI4fKdlZ+Aqw+9vO2KwQMYEtrIiCbPUYMff/BzxkrwUBnYcTjISPwEd3Z
+JylfG78qsB8N6UOf89jRX2O7HCy6CGJvcuxbkwaCd5iqgLhBXj9bU7xgy/A2udav
+JV/uV+vWDcy8cI22Xz1jfPpimAZjv+Qb3NjDX5nxjTciAEsNges0QdxZ71dfEqo+
+DGSImtM8ORivPw7oXADztCC+11KcV4THa6wmu+Sblsxe46ldAwb6MLvMN04zALUN
+mW4ojToqYgz9Jgc=
+-----END CERTIFICATE-----

test/ssl/dhparam.pem

+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAwC8hQ6nZ2kNNmZAGGYN8++rUvNlDjKqdwWubUnqY08ng6FfGcouL
+VSvgsF3LeERW/h4hrkgN983QjwrbBOrNp+7B59lhCs6Acvi87dXf3iaGNy4Gca43
+ERVkAJ7IWdXydyb9COANRtmBb1JvvYMAeVeMdofk8EcOW/kUV2adAQKluAcVhgRQ
+Pesp5i6Lv1kN5zVHDGkrJz5h0Mzi35aYia0gSnVCqEzmU7Omnz/gXY3Jdx91ym5Y
+2dTZuUZgIhco2bfPbhDl/1g0a1PWz7rxw24KJloNZC3nEt3JqIto83GsgaUtYxFT
+EWINSpghTjl4Z0CGCamJ6HXsNJGaVUXuGwIBAg==
+-----END DH PARAMETERS-----

test/ssl/ldap.crt

+-----BEGIN CERTIFICATE-----
+MIIDAzCCAbugAwIBAgIEU2eiHTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU
+ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNzE3WhcNMjQwNTAy
+MTQzNzE3WjBAMR4wHAYDVQQKExVUZXN0IENvbXBhbnkgLSBPc2l4aWExHjAcBgNV
+BAMTFWxkYXAtdGVzdC5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA0/9/VYQARBLg7TrEiO4DAjcBAt3u3IQNNo8YdsL9iGwmRTPOspxOBVuQ
+2AVEIuT+4KLnm01q1NA+tEvXdfXI9eIN5zjCVTdt6VqwrF9E3zWxYEkuSJ4FWOhN
+dc0837hWBg+mBl/d6fSTkmeRc9fpwwr1jK7t10/BIzMr/pCzf10CAwEAAaN2MHQw
+DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMD
+B6AAMB0GA1UdDgQWBBThLwuObrBzlp4qsKs0NHFMrCgn8jAfBgNVHSMEGDAWgBSe
+h3sVB9IMvJZV4FJNN0KuJCgQdjANBgkqhkiG9w0BAQsFAAOCATEAiAl9RGibKsfQ
+5Vbz2ZjsykzYj9Dhkxp7fc7RdrK0SEHGXn8Qeg5jf+j9DtfhTrZPVF7Jn4WOvuqh
+okQPrwRaDox6rtFPjsIR9JIO3/N2OvA3ozQyWqzB1ksU7CHJ5jGRskHBftSH2xwF
+kdGvSMIAmr9VpZ/sp4ykmADWC/bfz8BXYJDOsCBzJMtss/12hBqiJQhSsuBAsOT7
+40hG0t2S7mjGHWDF9PoARmNQ7X3Xc8j7V+dXLpNfZfc+htgI27WcOv7al4kxd//p
+22a77U/q+9B1CV8T2q1UTRnQqPHxtgoRLd+5qzEtzBW37ecAs2eAs9Z7D3O/fScu
+v0RxHSpnZDtL/JZcf3KO96l4sqCp6Ue5Ldg3tOvD4O46hjrlvUYnHcDdJjNYZ7rD
+f5kGXs20Mg==
+-----END CERTIFICATE-----

test/ssl/ldap.key

+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDT/39VhABEEuDtOsSI7gMCNwEC3e7chA02jxh2wv2IbCZFM86y
+nE4FW5DYBUQi5P7gouebTWrU0D60S9d19cj14g3nOMJVN23pWrCsX0TfNbFgSS5I
+ngVY6E11zTzfuFYGD6YGX93p9JOSZ5Fz1+nDCvWMru3XT8EjMyv+kLN/XQIDAQAB
+AoGAHY7OgKxWYydkr/7VHyhcSAdGP1GVN667ruM1rH1UXxyBG331MEcFw853+/6D
++P+Hn+dmtmsNXZ2pWHcIk/xQZ+MEsAdm+OZ1qpBJjHA0izJ6sqZaNxSToKCR4SHM
+/ACPAKqM9r2g1jqXzLKzgHBVc25Fonb1vUilTpC3YfaN+sECQQDmQGEcEK9Lvyi9
+RV1fONDP3Z9cPRaSzpjUjlQAWNbhvcoUYV4AOy+tVClDErRIs/Oo+wCOL+bHlMom
+zghcmxThAkEA67SPV0pNFR32gXvRZT4uKvCJcAjmNY4LMpet5DJ41Spq6+lbqXwY
+1e87zEei1UvdmEXOjVsa1wXcg8Ks+/59/QJAHh+CFOfh5ykFLW3rv09xkiBOfwTG
+9UHuILDWMI1u322zCGOMpr8Xh7ehBlNmHrTcRdlAw1lk+etvXxBJa8QmQQJABbNT
+OCg63wTfflgxQ0KSuUUh/cypTKhHywxyDy/NTlJ9TYFSTzIKI7pqdtFQtdnk3Rbr
+HO4UIxkoMSOXLW0FPQJARScXqZd7Lmwlw+ovAubfdOZdxjWGFZLRRZifiYZqtnQ1
+aw8PjdkaIPxLjCwSOelV9SsMue6a7nvkxKEn6QbT0w==
+-----END RSA PRIVATE KEY-----

test/tools/delete-container.sh

+#!/bin/sh
+
+# remove openldap test container
+sudo docker.io ps -a > testcontainer.out
+
+if [ "$(grep -c "openldap-test-container" ./testcontainer.out)" -ne 0 ]; then
+  sudo docker.io stop openldap-test-container
+  sudo docker.io rm openldap-test-container
+fi
+
+rm testcontainer.out

test/tools/end.sh

+#!/bin/sh
+
+./test/tools/delete-container.sh

test/tools/prepare.sh

+#!/bin/sh
+
+./test/tools/delete-container.sh