Merge branch 'hotfix-1.1.2' into stable

Author: BertrandGouny

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.1.2
+Merge pull request :
+  - Honor LDAP_LOG_LEVEL on startup #39
+  
+Fix :
+  - slapd tcp bind is network not interface, and so does not respond on overlay networks #35
+  - specify base_dn without domain #37
+
 ## 1.1.1
 Update to light-baseimage:0.2.2
 

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/openldap
-VERSION = 1.1.1
+VERSION = 1.1.2
 
 .PHONY: all build build-nocache test tag_latest release
 

README.md

@@ -7,7 +7,7 @@
 
 [hub]: https://hub.docker.com/r/osixia/openldap/
 
-Latest release: 1.1.1 - OpenLDAP 2.4.40 -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
+Latest release: 1.1.2 - OpenLDAP 2.4.40 -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
 
 A docker image to run OpenLDAP.
 
@@ -37,7 +37,7 @@ A docker image to run OpenLDAP.
 		- [Link environment file](#link-environment-file)
 		- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
 - [Advanced User Guide](#advanced-user-guide)
-	- [Extend osixia/openldap:1.1.1 image](#extend-osixiaopenldap111-image)
+	- [Extend osixia/openldap:1.1.2 image](#extend-osixiaopenldap112-image)
 	- [Make your own openldap image](#make-your-own-openldap-image)
 	- [Tests](#tests)
 	- [Kubernetes](#kubernetes)
@@ -55,7 +55,7 @@ If you find this image useful here's how you can help:
 ## Quick Start
 Run OpenLDAP docker image:
 
-	docker run --name my-openldap-container --detach osixia/openldap:1.1.1
+	docker run --name my-openldap-container --detach osixia/openldap:1.1.2
 
 This start a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:
 
@@ -91,7 +91,7 @@ It will create an empty ldap for the company **Example Inc.** and the domain **e
 By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example:
 
 	docker run --env LDAP_ORGANISATION="My Company" --env LDAP_DOMAIN="my-company.com" \
-	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.1
+	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.2
 
 #### Data persistence
 
@@ -115,7 +115,7 @@ simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slap
 
 	docker run --volume /data/slapd/database:/var/lib/ldap \
 	--volume /data/slapd/config:/etc/ldap/slapd.d
-	--detach osixia/openldap:1.1.1
+	--detach osixia/openldap:1.1.2
 
 You can also use data volume containers. Please refer to:
 > [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/)
@@ -133,7 +133,7 @@ If you are looking for a simple solution to administrate your ldap server you ca
 #### Use auto-generated certificate
 By default TLS is enable, a certificate is created with the container hostname (it can be set by docker run --hostname option eg: ldap.example.org).
 
-	docker run --hostname ldap.my-company.com --detach osixia/openldap:1.1.1
+	docker run --hostname ldap.my-company.com --detach osixia/openldap:1.1.2
 
 #### Use your own certificate
 
@@ -143,24 +143,24 @@ You can set your custom certificate at run time, by mounting a directory contain
 	--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \
 	--env LDAP_TLS_KEY_FILENAME=my-ldap.key \
 	--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \
-	--detach osixia/openldap:1.1.1
+	--detach osixia/openldap:1.1.2
 
 Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
 
 #### Disable TLS
 Add --env LDAP_TLS=false to the run command:
 
-	docker run --env LDAP_TLS=false --detach osixia/openldap:1.1.1
+	docker run --env LDAP_TLS=false --detach osixia/openldap:1.1.2
 
 ### Multi master replication
 Quick example, with the default config.
 
 	#Create the first ldap server, save the container id in LDAP_CID and get its IP:
-	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.1)
+	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.2)
 	LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
 	#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
-	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.1)
+	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.2)
 	LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
 
 	#Add the pair "ip hostname" to /etc/hosts on each containers,
@@ -196,7 +196,7 @@ You may have some problems with mounted files on some systems. The startup scrip
 
 To fix that run the container with `--copy-service` argument :
 
-		docker run [your options] osixia/openldap:1.1.1 --copy-service
+		docker run [your options] osixia/openldap:1.1.2 --copy-service
 
 ### Debug
 
@@ -205,11 +205,11 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
 
 Example command to run the container in `debug` mode:
 
-	docker run --detach osixia/openldap:1.1.1 --loglevel debug
+	docker run --detach osixia/openldap:1.1.2 --loglevel debug
 
 See all command line options:
 
-	docker run osixia/openldap:1.1.1 --help
+	docker run osixia/openldap:1.1.2 --help
 
 
 ## Environment Variables
@@ -233,6 +233,7 @@ This helps to keep your container configuration secret. If you don't care all en
 Required and used for new ldap server only:
 - **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.`
 - **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org`
+- **LDAP_BASE_DN**: Ldap base DN. If empty automatically set from LDAP_DOMAIN value. Defaults to `(empty)`
 - **LDAP_ADMIN_PASSWORD** Ldap Admin password. Defaults to `admin`
 - **LDAP_CONFIG_PASSWORD** Ldap Config password. Defaults to `config`
 
@@ -267,7 +268,7 @@ Replication options:
 
 	If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
 
-		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.1.1
+		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.1.2
 
 	To convert yaml to python online: http://yaml-online-parser.appspot.com/
 
@@ -282,7 +283,7 @@ Other environment variables:
 Environment variables can be set by adding the --env argument in the command line, for example:
 
 	docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \
-	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.1
+	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.2
 
 Be aware that environment variable added in command line will be available at any time
 in the container. In this example if someone manage to open a terminal in this container
@@ -293,28 +294,28 @@ he will be able to read the admin password in clear text from environment variab
 For example if your environment files **my-env.yaml** and **my-env.yaml.startup** are in /data/ldap/environment
 
 	docker run --volume /data/ldap/environment:/container/environment/01-custom \
-	--detach osixia/openldap:1.1.1
+	--detach osixia/openldap:1.1.2
 
 Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not  directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
 
 Note: the container will try to delete the **\*.yaml.startup** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.yaml.startup**:
 
 	docker run --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
-	--detach osixia/openldap:1.1.1
+	--detach osixia/openldap:1.1.2
 
 #### Make your own image or extend this image
 
 This is the best solution if you have a private registry. Please refer to the [Advanced User Guide](#advanced-user-guide) just below.
 
 ## Advanced User Guide
 
-### Extend osixia/openldap:1.1.1 image
+### Extend osixia/openldap:1.1.2 image
 
 If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
 
 Dockerfile example:
 
-	FROM osixia/openldap:1.1.1
+	FROM osixia/openldap:1.1.2
 	MAINTAINER Your Name <[email protected]>
 
 	ADD bootstrap /container/service/slapd/assets/config/bootstrap
@@ -333,7 +334,7 @@ Clone this project:
 Adapt Makefile, set your image NAME and VERSION, for example:
 
 	NAME = osixia/openldap
-	VERSION = 1.1.1
+	VERSION = 1.1.2
 
 	become:
 	NAME = cool-guy/openldap

example/extend-osixia-openldap/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/openldap:1.1.1
+FROM osixia/openldap:1.1.2
 MAINTAINER Your Name <[email protected]>
 
 ADD bootstrap /container/service/slapd/assets/config/bootstrap

example/kubernetes/simple/ldap-rc.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.1.1
+          image: osixia/openldap:1.1.2
           volumeMounts:
             - name: ldap-data
               mountPath: /var/lib/ldap

example/kubernetes/using-secrets/ldap-rc.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.1.1
+          image: osixia/openldap:1.1.2
           command:
           - --copy-service
           volumeMounts:

image/environment/default.yaml.startup

@@ -9,6 +9,8 @@
 # Required and used for new ldap server only
 LDAP_ORGANISATION: Example Inc.
 LDAP_DOMAIN: example.org
+LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
+
 LDAP_ADMIN_PASSWORD: admin
 LDAP_CONFIG_PASSWORD: config
 

image/service/slapd/process.sh

@@ -9,4 +9,4 @@ log-helper level eq trace && set -x
 # see https://github.com/docker/docker/issues/8231
 ulimit -n 1024
 
-exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldap://localhost ldaps://localhost ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL
+exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL

image/service/slapd/startup.sh

@@ -29,14 +29,17 @@ if [ ! -e "$FIRST_START_DONE" ]; then
   # Helpers
   #
   function get_ldap_base_dn() {
-    LDAP_BASE_DN=""
-    IFS='.' read -ra LDAP_BASE_DN_TABLE <<< "$LDAP_DOMAIN"
-    for i in "${LDAP_BASE_DN_TABLE[@]}"; do
-      EXT="dc=$i,"
-      LDAP_BASE_DN=$LDAP_BASE_DN$EXT
-    done
+    # if LDAP_BASE_DN is empty set value from LDAP_DOMAIN
+    if [ -z "$LDAP_BASE_DN" ]; then
+      IFS='.' read -ra LDAP_BASE_DN_TABLE <<< "$LDAP_DOMAIN"
+      for i in "${LDAP_BASE_DN_TABLE[@]}"; do
+        EXT="dc=$i,"
+        LDAP_BASE_DN=$LDAP_BASE_DN$EXT
+      done
+
+      LDAP_BASE_DN=${LDAP_BASE_DN::-1}
+    fi
 
-    LDAP_BASE_DN=${LDAP_BASE_DN::-1}
   }
 
   function is_new_schema() {
@@ -123,8 +126,17 @@ EOF
 
   # start OpenLDAP
   log-helper info "Start OpenLDAP..."
-  slapd -h "ldap://$HOSTNAME $PREVIOUS_HOSTNAME_PARAM ldap://localhost ldapi:///" -u openldap -g openldap
 
+  if log-helper level eq debug; then
+    # debug
+    slapd -h "ldap://$HOSTNAME $PREVIOUS_HOSTNAME_PARAM ldap://localhost ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL 2>&1 &
+  else
+    slapd -h "ldap://$HOSTNAME $PREVIOUS_HOSTNAME_PARAM ldap://localhost ldapi:///" -u openldap -g openldap
+  fi
+
+
+  log-helper info "Waiting for OpenLDAP to start..."
+  while [ ! -e /run/slapd/slapd.pid ]; do sleep 0.1; done
 
   #
   # setup bootstrap config - Part 2
@@ -332,4 +344,9 @@ fi
 ln -sf ${CONTAINER_SERVICE_DIR}/slapd/assets/.ldaprc $HOME/.ldaprc
 ln -sf ${CONTAINER_SERVICE_DIR}/slapd/assets/ldap.conf /etc/ldap/ldap.conf
 
+# force OpenLDAP to listen on all interfaces
+ETC_HOSTS=$(cat /etc/hosts | sed "/$HOSTNAME/d")
+echo "0.0.0.0 $HOSTNAME" > /etc/hosts
+echo "$ETC_HOSTS" >> /etc/hosts
+
 exit 0