Add a docker service using openldap/slapd to replace a native one run…

…ning on localhost

This service gets populated with the same data set as the in memory
albeit, the InMemoryLDAPServer and slapd use two separate file for data
now

InMemoryLdapServer uses ./uaa/src/test/resources/ldap_init.ldif (same as before)
docker-compose uses ./scripts/ldap/ldap_slapd_data.ldif (new, copy of above for now)

scripts/docker-compose.yml

@@ -1,7 +1,7 @@
 name: uaa
 
 services:
-  postgres:
+  postgresql:
     image: "postgres:15"
     ports:
       - 5432:5432
@@ -33,22 +33,18 @@ services:
       - TZ=${TZ}
     command:
       - --sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION,PAD_CHAR_TO_FULL_LENGTH
+
   openldap:
-    image: docker.io/bitnami/openldap:2.6
+    build:
+      context: .
+      dockerfile: ldap/Dockerfile
     ports:
-      - '389:1389'
-      - '636:1636'
-    # docs of these env vars: https://github.com/bitnami/containers/tree/2724f9cd02b3b4e7986a1e2a0b0b30af3737bbd2/bitnami/openldap#configuration
-    environment:
-      - LDAP_ROOT=dc=test,dc=com
-      - LDAP_ADMIN_USERNAME=admin
-      - LDAP_ADMIN_PASSWORD=password
-      - LDAP_USERS=user01,user02
-      - LDAP_PASSWORDS=password1,password2
-      - LDAP_GROUP=some-ldap-group
+      - '389:389'
+      - '636:636'
+    entrypoint: [ "/bin/bash", "-c" ]
+    command:
+      - "/uaa/docker/ldap-start-and-populate.sh"
+    tty: true
     volumes:
-      - 'openldap_data:/bitnami/openldap'
+      - ./ldap:/uaa/docker/
 
-volumes:
-  openldap_data:
-    driver: local

scripts/ldap/Dockerfile

@@ -0,0 +1,49 @@
+FROM ubuntu:jammy
+
+STOPSIGNAL SIGQUIT
+
+SHELL ["/bin/bash", "-xo", "pipefail", "-c"]
+
+# Generate locale C.UTF-8
+ENV LANG=C.UTF-8
+ENV TZ=UTC
+
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get -qy update
+RUN DEBIAN_FRONTEND=noninteractive apt-get -qy install slapd ldap-utils
+RUN DEBIAN_FRONTEND=noninteractive apt-get -qy install gnutls-bin ssl-cert
+
+RUN \
+    certtool --generate-privkey > /etc/ssl/private/cakey.pem  && \
+    echo -e "cn = Pivotal Software Test\nca\ncert_signing_key" >  /etc/ssl/ca.info && \
+    certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem && \
+    certtool --generate-privkey --bits 1024 --outfile /etc/ssl/private/ldap01_slapd_key.pem && \
+    echo -e "organization = Pivotal Software Test\ncn = ldap01.example.com\ntls_www_server\nencryption_key\nsigning_key\nexpiration_days = 3650" >  /etc/ssl/ldap01.info && \
+    certtool --generate-certificate --load-privkey /etc/ssl/private/ldap01_slapd_key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ldap01.info --outfile /etc/ssl/certs/ldap01_slapd_cert.pem
+
+RUN \
+    adduser openldap ssl-cert && \
+    chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem && \
+    chmod g+r /etc/ssl/private/ldap01_slapd_key.pem && \
+    chmod o-r /etc/ssl/private/ldap01_slapd_key.pem
+
+RUN \
+    echo "dn: cn=config" > /etc/ssl/certinfo.ldif && \
+    echo "changetype: modify" >> /etc/ssl/certinfo.ldif  && \
+    echo "add: olcTLSCACertificateFile" >> /etc/ssl/certinfo.ldif  && \
+    echo "olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem" >> /etc/ssl/certinfo.ldif  && \
+    echo "-" >> /etc/ssl/certinfo.ldif  && \
+    echo "add: olcTLSCertificateKeyFile" >> /etc/ssl/certinfo.ldif  && \
+    echo "olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem" >> /etc/ssl/certinfo.ldif  && \
+    echo "-" >> /etc/ssl/certinfo.ldif  && \
+    echo "add: olcTLSCertificateFile" >> /etc/ssl/certinfo.ldif  && \
+    echo "olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem" >> /etc/ssl/certinfo.ldif
+
+RUN sed -i "s/^SLAPD_SERVICES.*/SLAPD_SERVICES=\"ldap\:\/\/\/ ldapi\:\/\/\/ ldaps\:\/\/\/\"/g" /etc/default/slapd
+
+RUN mkdir -p /uaa/docker/
+
+COPY *.ldif /uaa/docker/
+
+STOPSIGNAL SIGQUIT

scripts/ldap/ldap-start-and-populate.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+#
+#  ****************************************************************************
+#      Cloud Foundry
+#      Copyright (c) [2009-2025] Pivotal Software, Inc. All Rights Reserved.
+#      This product is licensed to you under the Apache License, Version 2.0 (the "License").
+#      You may not use this product except in compliance with the License.
+#
+#      This product includes a number of subcomponents with
+#      separate copyright notices and license terms. Your use of these
+#      subcomponents is subject to the terms and conditions of the
+#      subcomponent's license, as noted in the LICENSE file.
+#  ****************************************************************************
+#
+
+set -e
+
+#cd `dirname $0`/../..
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+
+START_FILE=/tmp/run-once
+
+echo "LDAP server Status:"
+service slapd status || true
+
+if [ ! -f ${START_FILE} ]; then
+  echo "Starting LDAP server."
+  service slapd restart
+  echo "Creating LDAP schema."
+  ldapadd -Y EXTERNAL -H ldapi:/// -f $SCRIPT_DIR/ldap_slapd_schema.ldif
+  echo "Populating LDAP database entries."
+  ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f $SCRIPT_DIR/ldap_slapd_data.ldif
+  touch ${START_FILE}
+else
+  echo "Starting LDAP server with existing data."
+  service slapd restart
+fi
+
+doExit() {
+  echo "Caught SIGTERM signal."
+  exit 0
+}
+
+trap doExit SIGINT SIGQUIT SIGTERM
+
+echo "LDAP server is READY"
+
+while true; do
+    sleep 1
+done