working version without any data

.gitignore

@@ -0,0 +1,3 @@
+slapd.d/
+backups/
+restore/

Dockerfile

@@ -0,0 +1,44 @@
+FROM alpine:latest
+
+# The setup follows the OpenLDAP admin guide on 
+# http://www.openldap.org/doc/admin24/guide.html
+
+# Define env variables
+ENV DOMAIN        ""
+ENV ORGANIZATION  ""
+#ENV DEBUG         1
+
+# Default env variables
+ENV USER          ldap
+ENV GROUP         ${USER}
+
+# Install openldap with MDB backend
+RUN apk add --update --no-cache \ 
+  pwgen \
+  openldap \
+  openldap-clients \
+  openldap-back-mdb
+
+RUN mkdir /run/openldap
+RUN chown ${USER}:${GROUP} /run/openldap
+
+COPY ./slapd.conf /etc/openldap/slapd.conf
+#COPY ./setup.sh /setup.sh
+COPY ./entrypoint.sh /entrypoint.sh
+
+# Add schemas that are not initially in the installation
+#ADD samba.schema  /etc/openldap/schema/samba.schema
+
+# Add setup script
+#ADD setup.sh /setup.sh
+#RUN /setup.sh
+
+CMD /entrypoint.sh /usr/sbin/slapd -u ${USER} -g ${GROUP} -d ${DEBUG} -h "ldap:/// ldapi:///" -F /etc/openldap/slapd.d
+
+EXPOSE 389
+
+VOLUME /etc/openldap/slapd.d
+VOLUME /var/backups
+VOLUME /var/restore
+VOLUME /var/lib/openldap
+

entrypoint.sh

@@ -0,0 +1,67 @@
+#!/bin/sh
+
+# Log everything to this log file
+#exec &> $ENTRYLOG
+
+# Inspired by https://github.com/acobaugh/openldap-alpine
+
+# When not limiting the open file descriptors, the memory consumption
+# of slapd is absurdly high. See https://github.com/docker/docker/issues/8231
+ulimit -n 8192
+
+# If there's no cn=config database, initialize one.
+# Take the original slapd.conf file as template.
+if [ ! -d '/etc/openldap/slapd.d/cn=config' ]; then
+
+	# Limit the access to the database
+	SLAPD_CONFIG_ROOTPW=`< /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo`
+	
+	# Generate a password hash
+	config_rootpw_hash=`slappasswd -s "${SLAPD_CONFIG_ROOTPW}"`
+	echo $SLAPD_CONFIG_ROOTPW > /etc/openldap/slapd.d/slapd_config_rootpw
+	chmod 400 /etc/openldap/slapd.d/slapd_config_rootpw
+	
+	# Check if all certificates and keys are present 
+	# if 	[ ! -f ${SSL_PATH}/slurm.ch-rootCA.crt ] || \
+	# 	[ ! -f ${SSL_PATH}/ldap.slurm.ch.crt ] || \
+	# 	[ ! -f ${SSL_PATH}/ldap.slurm.ch.key ]; then
+	# 	echo "Not all certificates and keys found for TLS."
+	# 	exit 1
+	# fi
+	
+	# Use the original slapd.conf file
+	cp /etc/openldap/slapd.conf /tmp/slapd.conf
+	
+	# Set the correct suffix
+	#sed -i -e "s/dc=my-domain,dc=com/${SUFFIX}/g" /tmp/slapd.conf
+	#sed -i -e "/core.schema/a include\t\t/etc/openldap/schema/cosine.schema" /tmp/slapd.conf
+	#sed -i -e "/cosine.schema/a include\t\t/etc/openldap/schema/inetorgperson.schema" /tmp/slapd.conf
+	
+	# Add configuration for TLS and set root password for config database.
+	cat <<-EOF >> /tmp/slapd.conf
+	
+	#TLSCACertificateFile ${SSL_PATH}/slurm.ch-rootCA.crt
+	#TLSCertificateFile ${SSL_PATH}/ldap.slurm.ch.crt
+	#TLSCertificateKeyFile ${SSL_PATH}/ldap.slurm.ch.key
+	#TLSCipherSuite HIGH:-SSLv2:-SSLv3
+
+#######################################################################
+# Dynamic config
+#######################################################################
+	
+	database 	config
+	rootDN 		"cn=admin,cn=config"
+	rootPW 		$config_rootpw_hash
+	EOF
+	
+	# Generate config database from slapd.conf file.
+	echo Generating configuration
+	slaptest -f /tmp/slapd.conf -F /etc/openldap/slapd.d
+fi
+
+# Set all ownerships straight.	
+chown -R ldap:ldap /etc/openldap/slapd.d
+mkdir /var/lib/openldap/run || true
+
+echo Starting slapd with $@
+exec "$@" 

slapd.conf

@@ -0,0 +1,71 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+# If you change this, adjust pidfile path also in runscript!
+pidfile		/run/openldap/slapd.pid
+argsfile	/run/openldap/slapd.args
+
+# Load dynamic backend modules:
+modulepath	/usr/lib/openldap
+moduleload	back_mdb.so
+# moduleload	back_hdb.so
+# moduleload	back_bbd.so
+# moduleload	back_ldap.so
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+access to *
+	by self write
+	by users read
+	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# MDB database definitions
+#######################################################################
+
+database	mdb
+maxsize		1073741824
+suffix		"dc=slurm,dc=ch"
+rootdn		"cn=admin,dc=slurm,dc=ch"
+
+# Cleartext passwords, especially for the rootdn, should
+# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw		{SHA}og1PPUHxZ0LDh6+i1YUyOmyg0a0=
+
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory /var/lib/openldap
+
+# Indices to maintain
+index	objectClass	eq