Add a docker service using openldap/slapd to replace a native one run…

…ning on localhost

This service gets populated with the same data set as the in memory
albeit, the InMemoryLDAPServer and slapd use two separate file for data
now

InMemoryLdapServer uses ./uaa/src/test/resources/ldap_init.ldif (same as before)
docker-compose uses ./scripts/ldap/ldap_slapd_data.ldif (new, copy of above for now)

The old scripts still use ./uaa/src/test/resources/ldap_db_init.ldif but
will be removed in future PR

scripts/docker-compose.yml

@@ -1,7 +1,7 @@
 name: uaa
 
 services:
-  postgres:
+  postgresql:
     image: "postgres:15"
     ports:
       - 5432:5432
@@ -33,22 +33,18 @@ services:
       - TZ=${TZ}
     command:
       - --sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,PAD_CHAR_TO_FULL_LENGTH
+
   openldap:
-    image: docker.io/bitnami/openldap:2.6
+    build:
+      context: .
+      dockerfile: ldap/Dockerfile
     ports:
-      - '389:1389'
-      - '636:1636'
-    # docs of these env vars: https://github.com/bitnami/containers/tree/2724f9cd02b3b4e7986a1e2a0b0b30af3737bbd2/bitnami/openldap#configuration
-    environment:
-      - LDAP_ROOT=dc=test,dc=com
-      - LDAP_ADMIN_USERNAME=admin
-      - LDAP_ADMIN_PASSWORD=password
-      - LDAP_USERS=user01,user02
-      - LDAP_PASSWORDS=password1,password2
-      - LDAP_GROUP=some-ldap-group
+      - '389:389'
+      - '636:636'
+    entrypoint: [ "/bin/bash", "-c" ]
+    command:
+      - "/uaa/docker/ldap-start-and-populate.sh"
+    tty: true
     volumes:
-      - 'openldap_data:/bitnami/openldap'
+      - ./ldap:/uaa/docker/
 
-volumes:
-  openldap_data:
-    driver: local

scripts/ldap/Dockerfile

@@ -0,0 +1,49 @@
+FROM ubuntu:jammy
+
+STOPSIGNAL SIGQUIT
+
+SHELL ["/bin/bash", "-xo", "pipefail", "-c"]
+
+# Generate locale C.UTF-8
+ENV LANG=C.UTF-8
+ENV TZ=UTC
+
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get -qy update
+RUN DEBIAN_FRONTEND=noninteractive apt-get -qy install slapd ldap-utils
+RUN DEBIAN_FRONTEND=noninteractive apt-get -qy install gnutls-bin ssl-cert
+
+RUN \
+    certtool --generate-privkey > /etc/ssl/private/cakey.pem  && \
+    echo -e "cn = Pivotal Software Test\nca\ncert_signing_key" >  /etc/ssl/ca.info && \
+    certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem && \
+    certtool --generate-privkey --bits 1024 --outfile /etc/ssl/private/ldap01_slapd_key.pem && \
+    echo -e "organization = Pivotal Software Test\ncn = ldap01.example.com\ntls_www_server\nencryption_key\nsigning_key\nexpiration_days = 3650" >  /etc/ssl/ldap01.info && \
+    certtool --generate-certificate --load-privkey /etc/ssl/private/ldap01_slapd_key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ldap01.info --outfile /etc/ssl/certs/ldap01_slapd_cert.pem
+
+RUN \
+    adduser openldap ssl-cert && \
+    chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem && \
+    chmod g+r /etc/ssl/private/ldap01_slapd_key.pem && \
+    chmod o-r /etc/ssl/private/ldap01_slapd_key.pem
+
+RUN \
+    echo "dn: cn=config" > /etc/ssl/certinfo.ldif && \
+    echo "changetype: modify" >> /etc/ssl/certinfo.ldif  && \
+    echo "add: olcTLSCACertificateFile" >> /etc/ssl/certinfo.ldif  && \
+    echo "olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem" >> /etc/ssl/certinfo.ldif  && \
+    echo "-" >> /etc/ssl/certinfo.ldif  && \
+    echo "add: olcTLSCertificateKeyFile" >> /etc/ssl/certinfo.ldif  && \
+    echo "olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem" >> /etc/ssl/certinfo.ldif  && \
+    echo "-" >> /etc/ssl/certinfo.ldif  && \
+    echo "add: olcTLSCertificateFile" >> /etc/ssl/certinfo.ldif  && \
+    echo "olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem" >> /etc/ssl/certinfo.ldif
+
+RUN sed -i "s/^SLAPD_SERVICES.*/SLAPD_SERVICES=\"ldap\:\/\/\/ ldapi\:\/\/\/ ldaps\:\/\/\/\"/g" /etc/default/slapd
+
+RUN mkdir -p /uaa/docker/
+
+COPY *.ldif /uaa/docker/
+
+STOPSIGNAL SIGQUIT

scripts/ldap/install-ldap.sh

@@ -1,7 +1,11 @@
 #!/bin/bash
 
+## TODO - remove this script. The ../docker-compose.yml has a container with the same setup
+
 set -e
 
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+
 cd `dirname $0`/../..
 
 sudo apt-get -qy purge slapd ldap-utils
@@ -49,5 +53,5 @@ olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem" > /etc/ssl/cert
 
 fi
 
-sudo ldapadd -Y EXTERNAL -H ldapi:/// -f uaa/src/test/resources/ldap_db_init.ldif
-sudo ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f uaa/src/test/resources/ldap_init.ldif
+sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ${SCRIPT_DIR}/ldap_slapd_schema.ldif
+sudo ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f ${SCRIPT_DIR}/ldap_slapd_data.ldif

scripts/ldap/ldap-start-and-populate.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Used by ../docker-compose.yml
+
+set -e
+
+#cd `dirname $0`/../..
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+
+START_FILE=/tmp/run-once
+
+echo "LDAP server Status:"
+service slapd status || true
+
+if [ ! -f ${START_FILE} ]; then
+  echo "Starting LDAP server."
+  service slapd restart
+  echo "Creating LDAP schema."
+  ldapadd -Y EXTERNAL -H ldapi:/// -f $SCRIPT_DIR/ldap_slapd_schema.ldif
+  echo "Populating LDAP database entries."
+  ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f $SCRIPT_DIR/ldap_slapd_data.ldif
+  touch ${START_FILE}
+else
+  echo "Starting LDAP server with existing data."
+  service slapd restart
+fi
+
+doExit() {
+  echo "Caught SIGTERM signal."
+  exit 0
+}
+
+trap doExit SIGINT SIGQUIT SIGTERM
+
+echo "LDAP server is READY"
+
+# Do not exit the container in docker compose
+while true; do
+    sleep 1
+done