Make it work with OpenLDAP 1.5.0

northrup · northrup · commit 2c073b2b9215 · 2026-05-05T17:02:37.000-05:00
diff --git a/spec/acceptance/docker-compose.yml b/spec/acceptance/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '2'
-
 networks:
   ldap-network:
     internal: true
diff --git a/spec/acceptance/ldap-server/env/default.startup.yaml b/spec/acceptance/ldap-server/env/default.startup.yaml
@@ -21,13 +21,14 @@ LDAP_READONLY_USER_PASSWORD: readonly
 LDAP_RFC2307BIS_SCHEMA: false
 
 # Backend
-LDAP_BACKEND: hdb
+LDAP_BACKEND: mdb
 
 # Tls
 LDAP_TLS: true
 LDAP_TLS_CRT_FILENAME: ldap.crt
 LDAP_TLS_KEY_FILENAME: ldap.key
 LDAP_TLS_CA_CRT_FILENAME: ca.crt
+LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
 
 LDAP_TLS_ENFORCE: true
 LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
diff --git a/spec/acceptance/ldap-server/ldif/data/99-bind-account/emmy.ldif b/spec/acceptance/ldap-server/ldif/data/99-bind-account/emmy.ldif
@@ -8,7 +8,7 @@ objectClass: simpleSecurityObject
 uid: emmy
 userpassword: kittens
 
-dn: olcDatabase={1}hdb,cn=config
+dn: olcDatabase={1}mdb,cn=config
 changetype: modify
 delete: olcAccess
 -
diff --git a/spec/acceptance/ldap-server/run-server.sh b/spec/acceptance/ldap-server/run-server.sh
@@ -37,19 +37,28 @@ cp /acceptance/ca/intermediate/certs/ca-chain.cert.pem /container/service/slapd/
 cp /acceptance/ldap-server/tls/dhparam.pem /container/service/slapd/assets/certs/dhparam.pem
 chown -R root:root /container/service/slapd/assets/certs
 
-# Pre-install our configuration environment
-rm -f /container/environment/99-default/*.yaml
-cp /acceptance/ldap-server/env/*.yaml /container/environment/99-default
+# Pre-install our configuration environment.
+# Drop our overrides into a lexically earlier directory than the image's stock
+# /container/environment/99-default. osixia's run tool walks /container/environment
+# in sorted order and first-set-wins (see /container/tool/run), so values declared
+# here take precedence while everything we *don't* override (LDAP_PORT, LDAPS_PORT,
+# LDAP_NOFILE, DISABLE_CHOWN, etc.) is inherited from the image defaults.
+mkdir -p /container/environment/01-custom
+cp /acceptance/ldap-server/env/*.yaml /container/environment/01-custom/
 
 # Pre-install our schema (after killing most of the defaults from the container)
 rm -f /container/service/slapd/assets/config/bootstrap/ldif/0[345]*.ldif
 rm -rf /container/service/slapd/assets/config/bootstrap/schema/mmc
-rm -f /etc/ldap/schema/*
+# Only remove stock *.ldif schemas; keep *.schema files because osixia/openldap:1.5.0's
+# bootstrap (slaptest) converts *.schema -> cn=config and needs core.schema to exist.
+rm -f /etc/ldap/schema/*.ldif
 cp /acceptance/ldap-server/schema/* /etc/ldap/schema/
 cp /acceptance/ldap-server/ldif/bootstrap/*.ldif /container/service/slapd/assets/config/bootstrap/ldif
 
 # Launch openldap
-nohup /usr/bin/python -u /container/tool/run -l info &
+# /container/tool/run has its own `#!/usr/bin/python3 -u` shebang in osixia/openldap:1.5.0,
+# which no longer ships /usr/bin/python. Invoke it directly so we don't depend on Py2 paths.
+nohup /container/tool/run -l info &
 OPENLDAP_PID=$!
 
 # Wait for the process to be running and connectable

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-version: '2'`
`2`		`-`
`3`	`1`	`networks:`
`4`	`2`	`ldap-network:`
`5`	`3`	`internal: true`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ objectClass: simpleSecurityObject`
`8`	`8`	`uid: emmy`
`9`	`9`	`userpassword: kittens`
`10`	`10`
`11`		`-dn: olcDatabase={1}hdb,cn=config`
	`11`	`+dn: olcDatabase={1}mdb,cn=config`
`12`	`12`	`changetype: modify`
`13`	`13`	`delete: olcAccess`
`14`	`14`	`-`