docs: 更新说明文档

.gitlab-ci.yml

@@ -62,8 +62,8 @@ build-artifact:
 test:
   stage: test
   script:
-    - docker run --pull always --rm --platform=linux/arm64 "$IMG_URL$IMG_TAG" -VV 
+    - docker run --pull always --rm --platform=linux/arm64 "$IMG_URL$IMG_TAG" -V 
-    - docker run --pull always --rm --platform=linux/amd64 "$IMG_URL$IMG_TAG" -VV 
+    - docker run --pull always --rm --platform=linux/amd64 "$IMG_URL$IMG_TAG" -V 
     - docker images -q "$IMG_URL" | sort -u | xargs docker rmi -f
 
 # 部署阶段任务

Dockerfile

@@ -16,7 +16,7 @@
 # 该部分变量，在编译命令中通过 `--build-arg` 传入；如果未设置，则使用下面对应的默认值
 
 ARG APP_NAME=openldap										# 设置当前应用名称
-ARG APP_VER=2.6.6											# 设置当前应用版本
+ARG APP_VER=2.4.59											# 设置当前应用版本
 ARG REGISTRY_URL="docker.colovu.com/"						# 设置默认仓库地址，默认为本地仓库；定义时需要包含末尾的`/`
 ARG APT_SOURCE=aliyun										# 设置 apt-get 源：default / ustc / aliyun
 ARG LOCAL_URL="http://local.colovu.com/dist"				# 编译镜像时指定用于加速的本地软件包存储服务器地址
@@ -35,15 +35,14 @@ RUN select_source ${APT_SOURCE};
 
 # 安装依赖的软件包及库
 # 官方推荐包：Cyrus SASL 2.1.27+、OpenSSL 1.1.1+、libevent 2.1.8+、libsodium（groff）
-# dbuilder已安装: libtool libltdl7 libltdl-dev libssl3 libssl-dev
+RUN install_pkg libperl-dev libcrypto++-dev libsasl2-dev libevent-dev libdb5.3-dev groff groff-base
-# groff: 解决`soelim: not found`问题
+# dbuilder已安装: libtool libltdl7 libltdl-dev libssl1.1 libssl-dev 
-RUN install_pkg libwrap0-dev libcrypt-dev libsodium-dev libsasl2-dev libevent-dev groff-base unixodbc-dev libperl-dev
 
 # 参考文档: 
 #     编译: https://www.cnblogs.com/si-jie/p/8214206.html
 #     seolim解决(groff): http://www.emreakkas.com/linux-tips/ubuntu-solve-bin-sh-soelim-not-found
 
-# 下载并解压软件包
+# 下载并解压软件包(OpenLDAP 2.4.59)
 RUN set -eux; \
 	appName=${APP_NAME}-${APP_VER}.tgz; \
 	[ -n ${LOCAL_URL} ] && localURL=${LOCAL_URL}/${APP_NAME}; \
@@ -62,25 +61,11 @@ RUN set -eux; \
 	CPPFLAGS="-I/usr/local/include -D_GNU_SOURCE" \
 	./configure \
 		--prefix=/usr/local/${APP_NAME} \
-		\
+		--enable-dynamic \
-		--enable-dynamic --enable-syslog \
+		--enable-slapd --enable-cleartext --enable-crypt --enable-spasswd --enable-modules \
-		\
+		--enable-bdb --enable-mdb --enable-ndb=no --enable-sql=no \
-		--enable-slapd --enable-cleartext --enable-crypt --enable-spasswd --enable-modules --enable-rlookups --enable-wrappers \
+		--enable-overlays \
-		\
+		--with-cyrus-sasl --with-tls=openssl \
-		--enable-dnssrv=mod --enable-ldap=mod --enable-mdb=mod --enable-meta=mod --enable-asyncmeta=mod --enable-null=mod \
-		--enable-passwd=mod --enable-perl=mod --enable-relay=mod --enable-sock=mod --enable-sql=mod \
-		\
-		--enable-overlays=mod --enable-accesslog=mod --enable-auditlog=mod --enable-autoca=mod --enable-collect=mod \
-		--enable-constraint=mod --enable-dds=mod --enable-deref=mod --enable-dyngroup=mod --enable-dynlist=mod \
-		--enable-homedir=mod --enable-memberof=mod --enable-otp=mod --enable-ppolicy=mod --enable-refint=mod \
-		--enable-remoteauth=mod --enable-retcode=mod --enable-sssvlv=mod --enable-syncprov=mod --enable-unique=mod \
-		--enable-valsort=mod \
-		\
-		--enable-argon2 \
-		\
-		--enable-balancer=mod \
-		\
-		--with-cyrus-sasl --with-tls=openssl --with-systemd=no --with-argon2=libsodium \
 		; \
 	make depend; \
 	make -j "$(nproc)" && make install;
@@ -111,7 +96,7 @@ ENV APP_NAME=${APP_NAME} \
 	APP_VER=${APP_VER} \
 	APP_EXEC=slapd \
 	APP_USER=${APP_NAME} \
-	LD_LIBRARY_PATH="/usr/local/${APP_NAME}/lib:/usr/local/${APP_NAME}/libexec/openldap" \
+	LD_LIBRARY_PATH="/usr/local/${APP_NAME}/lib" \
 	PATH="${PATH}:/usr/local/${APP_NAME}/sbin:/usr/local/${APP_NAME}/bin:/usr/local/${APP_NAME}/libexec"
 
 LABEL \
@@ -147,7 +132,7 @@ RUN set -eux; \
 	[ -e "${overrideShell}" ] && /bin/bash "${overrideShell}"; \
 	\
 	# 验证安装的应用
-	${APP_EXEC} -VV;
+	${APP_EXEC} -V;
 
 # 配置容器的数据卷、工作目录及服务端口（必须保证端口在1024之上）
 VOLUME ["/srv/${APP_NAME}/conf", "/srv/${APP_NAME}/data", "/srv/${APP_NAME}/cert", "/srv/${APP_NAME}/log"]

README.md

@@ -8,13 +8,13 @@
 
 **版本信息：**
 
-- 2.6、latest
+- 2.4
 
 **镜像信息：**
 
 * 镜像地址：
-  * 阿里云: registry.cn-shenzhen.aliyuncs.com/colovu/openldap:latest
+  * 阿里云: registry.cn-shenzhen.aliyuncs.com/colovu/openldap:2.4
-  * Colovu Registry: docker.colovu.com/colovu/openldap:latest
+  * Colovu Registry: docker.colovu.com/colovu/openldap:2.4
   * 依赖镜像：colovu/debian:12
 
 > 后续相关命令行默认使用 Aliyun ACR 镜像服务器做说明
@@ -25,7 +25,7 @@ Docker 快速启动命令：
 
 ```shell
 # 从 Registry 服务器下载镜像并启动
-$ docker run -d --name imgname registry.cn-shenzhen.aliyuncs.com/colovu/openldap:latest
+$ docker run -d --name imgname registry.cn-shenzhen.aliyuncs.com/colovu/openldap:2.4
 ```
 
 - `registry.cn-shenzhen.aliyuncs.com/colovu/imgname:<TAG>`：镜像名称及版本标签 TAG；标签不指定时默认使用最新版本
@@ -92,7 +92,7 @@ $ docker run --detach --rm --name openldap \
   --env LDAP_BIND_PASSWORD=bindpassword \
   --env LDAP_USERS=customuser \
   --env LDAP_PASSWORDS=custompassword \
-  registry.cn-shenzhen.aliyuncs.com/colovu/openldap:latest
+  registry.cn-shenzhen.aliyuncs.com/colovu/openldap:2.4
 ```
 
 则 OpenLDAP 容器初始化完成后，相关配置信息如下：
@@ -138,7 +138,7 @@ $ docker run -it --rm --name mariadb-client \
 在初始化 `OpenLDAP` 容器时，如果没有预置配置文件，可以在命令行中设置相应环境变量对默认参数进行修改。类似命令如下（配置环境变量`APP_ENV_KEY_NAME`的值为`key_value`）：
 
 ```shell
-$ docker run -d -e "APP_ENV_KEY_NAME=key_value" registry.cn-shenzhen.aliyuncs.com/openldap:latest
+$ docker run -d -e "APP_ENV_KEY_NAME=key_value" registry.cn-shenzhen.aliyuncs.com/openldap:2.4
 ```
 
 ### 常规配置参数
@@ -212,7 +212,7 @@ $ docker run -d -e "APP_ENV_KEY_NAME=key_value" registry.cn-shenzhen.aliyuncs.co
 
 ## 更新记录
 
-- 2023/9/25 (2.6): 更新版本,基于 OpenLDAP 2.6.6，Debian 12。
+- 2021/7/1 (2.4): 初始版本,基于 OpenLDAP 2.4.59
 
 ----
 

customer/usr/local/bin/common.sh

@@ -4,7 +4,7 @@
 # 应用通用业务处理函数
 #   {0}config
 #   {-1}frontend
-#   {1}mdb
+#   {1}hdb
 #   {2}monitor
 
 . /colovu/lib/libcommon.sh       # 通用函数库
@@ -57,7 +57,7 @@ app_root_credentials() {
 
 cat > "${APP_CONF_DIR}/default_rootdn.ldif" << EOF
 # RootDN configration
-dn: olcDatabase={1}mdb,cn=config
+dn: olcDatabase={1}hdb,cn=config
 changetype: modify
 replace: olcSuffix
 olcSuffix: $LDAP_ROOT
@@ -89,7 +89,7 @@ olcAccess: {0}to *
   by dn.base="${LDAP_ADMIN_DN}" read 
   by * none
 
-dn: olcDatabase={1}mdb,cn=config
+dn: olcDatabase={1}hdb,cn=config
 changetype: modify
 replace: olcAccess
 olcAccess: {0}to *

customer/usr/local/bin/setup.sh

@@ -25,8 +25,8 @@ for dir in ${APP_DIRS[@]}; do
 done
 
 # 检测指定文件是否在配置文件存储目录存在，如果不存在则拷贝（新挂载数据卷、手动删除都会导致不存在）
-LOG_I "Check config files in: ${LDAP_ONLINE_CONF_DIR}"
+LOG_I "Check config files in: ${APP_CONF_DIR}"
-if [[ -z "$(ls -A "${LDAP_ONLINE_CONF_DIR}")" ]]; then
+if [[ -z "$(ls -A "${APP_CONF_DIR}")" ]]; then
 	app_ensure_config_file_exist "${APP_CONF_DIR}" "${APP_DEF_DIR}" $(ls -A "${APP_DEF_DIR}")
 fi
 

customer/usr/local/openldap/etc/openldap/slapd.ldif

@@ -27,13 +27,12 @@ dn: cn=module,cn=config
 objectClass: olcModuleList
 cn: module
 olcModulepath:	/usr/local/openldap/libexec/openldap
-olcModuleload:	back_mdb.la
+olcModuleload:	back_hdb.la
 olcModuleload:	back_monitor.la
-#olcModuleload:	back_bdb.la
-olcModuleload:	memberof.la
 olcModuleload:	refint.la
-olcModuleload:	ppolicy.la
+olcModuleload:	memberof.la
 #olcModuleload:	syncprov.la
+#olcModuleload:	ppolicy.la
 
 #
 # Schema settings
@@ -44,17 +43,6 @@ cn: schema
 
 include: file:///srv/openldap/conf/schema/core.ldif
 
-#
-# Define global ACLs to disable default read access.
-#
-#
-# if no access controls are present, the default policy
-# allows anyone and everyone to read anything but restricts
-# updates to rootdn.  (e.g., "access to * by * read")
-#
-# rootdn can always read and write EVERYTHING!
-#
-
 #
 # Frontend settings, olcDatabase: -1
 #
@@ -75,11 +63,10 @@ olcAccess: to * by * manage
 #
 # Backend database definitions, olcDatabase: 1
 #
-dn: olcDatabase=mdb,cn=config
+dn: olcDatabase=hdb,cn=config
 objectClass: olcDatabaseConfig
-objectClass: olcMdbConfig
+objectClass: olcHdbConfig
-olcDatabase: mdb
+olcDatabase: hdb
-olcDbMaxSize: 1073741824
 olcSuffix: dc=example,dc=com
 olcRootDN: cn=root,dc=example,dc=com
 olcDbDirectory:	/srv/openldap/data
@@ -93,34 +80,32 @@ olcAccess: to * by * manage
 dn: olcDatabase=monitor,cn=config
 objectClass: olcDatabaseConfig
 olcDatabase: monitor
-olcRootDN: cn=config
-olcMonitoring: FALSE
 olcAccess: to * by * manage
 
 #
 # Add overlay
 #
-#dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
+dn: olcOverlay=memberof,olcDatabase={1}hdb,cn=config
-#objectClass: olcConfig
+objectClass: olcConfig
-#objectClass: olcMemberOf
+objectClass: olcMemberOf
-#objectClass: olcOverlayConfig
+objectClass: olcOverlayConfig
-#objectClass: top
+objectClass: top
-#olcOverlay: memberof
+olcOverlay: memberof
-#olcMemberOfDangling: ignore
+olcMemberOfDangling: ignore
-#olcMemberOfRefInt: TRUE
+olcMemberOfRefInt: TRUE
-#olcMemberOfGroupOC: groupOfNames
+olcMemberOfGroupOC: groupOfNames
-#olcMemberOfMemberAD: member
+olcMemberOfMemberAD: member
-#olcMemberOfMemberOfAD: memberOf
+olcMemberOfMemberOfAD: memberOf
 
-#dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
+dn: olcOverlay=refint,olcDatabase={1}hdb,cn=config
-#objectClass: olcConfig
+objectClass: olcConfig
-#objectClass: olcOverlayConfig
+objectClass: olcOverlayConfig
-#objectClass: olcRefintConfig
+objectClass: olcRefintConfig
-#objectClass: top
+objectClass: top
-#olcOverlay: refint
+olcOverlay: refint
-#olcRefintAttribute: memberof uniqueMember owner
+olcRefintAttribute: memberof uniqueMember owner
 
-#dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
+#dn: olcOverlay=ppolicy,olcDatabase={1}hdb,cn=config
 #objectClass: olcConfig
 #objectClass: olcOverlayConfig
 #objectClass: olcPPolicyConfig