From a55718415462777076279cfce3d5d558555ec182 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sat, 6 Jul 2024 14:00:41 +0200
Subject: [PATCH] add overlay and missing packages

---
 Containerfile.multiarch          | 17 +++++--
 overlay/openldap/conf/slapd.conf | 80 ++++++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+), 4 deletions(-)
 create mode 100644 overlay/openldap/conf/slapd.conf

diff --git a/Containerfile.multiarch b/Containerfile.multiarch
index acbf573..12ce06a 100644
--- a/Containerfile.multiarch
+++ b/Containerfile.multiarch
@@ -19,17 +19,26 @@ ENV OPENLDAP_VERSION=2.6.7-r0
 RUN addgroup -g 1001 -S ldap && \
     adduser -S -D -H -u 1001 -h /var/www -s /usr/lib/openldap -G ldap -g ldap ldap && \
     apk --update add --virtual .build-deps curl && \
-    apk --update --no-cache add openldap=${OPENLDAP_VERSION} openldap-back-mdb=${OPENLDAP_VERSION} \
-    openldap-clients=${OPENLDAP_VERSION} && \
+    apk --update --no-cache add openldap=${OPENLDAP_VERSION} \
+        openldap-back-ldap=${OPENLDAP_VERSION} \
+        openldap-back-mdb=${OPENLDAP_VERSION} \
+        openldap-overlay-rwm=${OPENLDAP_VERSION} \
+        openldap-overlay-memberof=${OPENLDAP_VERSION} \
+        openldap-clients=${OPENLDAP_VERSION} && \
+    mkdir -p /openldap/conf /openldap/data /openldap/certs && \
+    cp /etc/openldap/slapd.conf /openldap/conf/slapd.conf && \
+    chown -R ldap:ldap /openldap && \
     apk del .build-deps && \
     rm -rf /var/cache/apk/* && \
     rm -rf /tmp/*
 
+ADD overlay/ /
+
 EXPOSE 389 636
 
 USER 1001
 
 STOPSIGNAL SIGTERM
 
-WORKDIR /var/lib/openldap
-CMD ["/usr/sbin/slapd", "-d", "stats", "-u", "ldap", "-g", "ldap", "-f", "/etc/openldap/slapd.conf", "-h", "ldaps://"]
+WORKDIR /openldap
+CMD ["/usr/sbin/slapd", "-d", "stats", "-u", "ldap", "-g", "ldap", "-f", "/openldap/conf/slapd.conf", "-h", "ldaps://"]
diff --git a/overlay/openldap/conf/slapd.conf b/overlay/openldap/conf/slapd.conf
new file mode 100644
index 0000000..ff2d71a
--- /dev/null
+++ b/overlay/openldap/conf/slapd.conf
@@ -0,0 +1,80 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/inetorgperson.schema
+include	 	/etc/openldap/schema/nis.schema
+include		/etc/openldap/schema/openldap.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+# Load dynamic backend modules:
+modulepath	/usr/lib/openldap
+moduleload	back_mdb.so
+# moduleload	back_ldap.so
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+#	by self write
+#	by users read
+#	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# config database definitions
+#######################################################################
+database config
+# Uncomment the rootpw line to allow binding as the cn=config
+# rootdn so that temporary modifications to the configuration can be made
+# while slapd is running. They will not persist across a restart.
+# rootpw secret
+
+#######################################################################
+# MDB database definitions
+#######################################################################
+
+database	mdb
+maxsize		1073741824
+suffix		"dc=my-domain,dc=com"
+rootdn		"cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw		secret
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory	/openldap/data
+# Indices to maintain
+index	objectClass	eq
+
+#######################################################################
+# monitor database definitions
+#######################################################################
+database monitor