From 4e9483eb2ab68811f84c9cc88f37566f820ff320 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20G=C3=B6tz?=
 <michael-guenther.goetz@stud.uni-bamberg.de>
Date: Tue, 14 May 2019 20:27:17 +0200
Subject: [PATCH] Update ldap container

---
 docker-compose.yml          |  2 +-
 docker/ldap/Dockerfile.ldap | 49 +++++++++++++++++++++++++++++++++++--
 docker/ldap/slapd.conf      | 13 ++++++++--
 src/core/docker_settings.py | 16 ++++++------
 4 files changed, 67 insertions(+), 13 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3b21c02..788604d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,7 +43,7 @@ services:
       - docker/lama/dev.env
 
   ldap:
-    image: docker.clkl.de/ldap/ldap:0.1-lama
+    image: docker.clkl.de/ldap/ldap:0.3-lama
     build:
       context: docker/ldap
       dockerfile: Dockerfile.ldap
diff --git a/docker/ldap/Dockerfile.ldap b/docker/ldap/Dockerfile.ldap
index c64da2c..833b5f6 100644
--- a/docker/ldap/Dockerfile.ldap
+++ b/docker/ldap/Dockerfile.ldap
@@ -1,4 +1,50 @@
-FROM alpine:3.7
+FROM alpine:3.9
+
+RUN apk add --upgrade --no-cache build-base groff libtool openldap openssl-dev cyrus-sasl-dev util-linux-dev
+
+WORKDIR /openldap
+RUN wget https://github.com/openldap/openldap/archive/OPENLDAP_REL_ENG_2_4_47.zip\
+  && unzip -d /openldap OPENLDAP_REL_ENG_2_4_47.zip\
+  && rm OPENLDAP_REL_ENG_2_4_47.zip\
+  && mv openldap-OPENLDAP_REL_ENG_2_4_47/* .\
+  && rm -r openldap-OPENLDAP_REL_ENG_2_4_47/
+
+RUN ./configure --prefix=/usr	\
+	--sysconfdir=/etc	\
+	--localstatedir=/var/lib/openldap	\
+	--libexecdir=/usr/lib	\
+		--enable-slapd \
+		--enable-crypt \
+		--enable-modules \
+		--enable-dynamic \
+		--enable-bdb=no \
+		--enable-dnssrv=mod \
+		--enable-hdb=no \
+		--enable-ldap=mod \
+		--enable-mdb=mod \
+		--enable-meta=mod \
+		--enable-monitor=mod \
+		--enable-null=mod \
+		--enable-passwd=mod \
+		--enable-relay=mod \
+		--enable-shell=mod \
+		--enable-sock=mod \
+		--enable-sql=no \
+		--enable-overlays=mod \
+		--with-tls=openssl \
+		--with-cyrus-sasl
+RUN make depend \
+	&& make \
+	&& make prefix=/usr libexec=/usr/lib -C contrib/slapd-modules/lastbind \
+	&& make install \
+	&& make prefix=/usr libexec=/usr/lib -C contrib/slapd-modules/lastbind install 
+
+
+#RUN adduser ldap -D
+
+#EXPOSE 389
+
+#CMD ["slapd", "-u", "ldap", "-g", "ldap", "-d", "32768"]
 
 WORKDIR /
 
@@ -6,7 +52,6 @@ ENV dc=stuve
 ENV dcr=test
 COPY entrypoint.sh /
 
-RUN apk add --update --no-cache openldap openldap-back-mdb openldap-overlay-ppolicy
 RUN sed -i 's!/run/openldap/slapd.pid!/tmp/openladp.pid!' /etc/openldap/slapd.conf
 RUN sed -i 's!/run/openldap/slapd.args!/tmp/openladp.args!' /etc/openldap/slapd.conf
 
diff --git a/docker/ldap/slapd.conf b/docker/ldap/slapd.conf
index 8c0b0c1..0bdffe8 100644
--- a/docker/ldap/slapd.conf
+++ b/docker/ldap/slapd.conf
@@ -12,7 +12,6 @@ include		/etc/openldap/schema/ppolicy.schema
 # Do not enable referrals until AFTER you have a working directory
 # service AND an understanding of referrals.
 #referral	ldap://root.openldap.org
-moduleload	ppolicy.so
 
 # If you change this, adjust pidfile path also in runscript!
 pidfile		/tmp/slapd.pid
@@ -21,6 +20,9 @@ argsfile	/tmp/slapd.args
 # Load dynamic backend modules:
 modulepath	/usr/lib/openldap
 moduleload	back_mdb.so
+moduleload	ppolicy.so
+modulepath	/usr/libexec/openldap
+moduleload	lastbind.so
 # moduleload	back_hdb.so
 # moduleload	back_bbd.so
 # moduleload	back_ldap.so
@@ -72,7 +74,11 @@ rootpw		secret
 directory	/var/lib/openldap/openldap-data
 
 # Indices to maintain
-index	objectClass	eq
+index	default pres,eq
+index	uid pres,eq
+index	cn,sn pres,eq,sub
+index	member eq
+index	objectClass eq
 
 overlay ppolicy
 #ppolicy_default "cn=default,ou=policies,dc=stuve,dc=de"
@@ -81,3 +87,6 @@ ppolicy_hash_cleartext
 
 password-hash {CRYPT}
 password-crypt-salt-format "$6$%.12s"
+
+overlay	lastbind
+lastbind-precision 60
diff --git a/src/core/docker_settings.py b/src/core/docker_settings.py
index 01f630e..766defc 100644
--- a/src/core/docker_settings.py
+++ b/src/core/docker_settings.py
@@ -216,13 +216,13 @@ LOGGING = {
             'handlers': ['console', ],
             'level': 'DEBUG',
         },
-        # 'django_auth_ldap': {
-        #     'level': 'WARNING',
-        #     'handlers': ['console'],
-        # },
-        # 'django': {
-        #     'handlers': ['console'],
-        #     'level': 'DEBUG',
-        # }
+        'django_auth_ldap': {
+            'level': 'WARNING',
+            'handlers': ['console'],
+        },
+        'django': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+        }
     },
 }