tests: Change OpenLDAP image to bitnami/openldap (#3494)

**TL;DR:**
- New image is actively maintained vs existing one that is over 5 years old. 
- Slight improvement to LDAP tree config via `.ldif` files.
- No more `Dockerfile` required to build, we can just rely on `docker run`.

`osixia/openldap` has not seen any activity since Feb 2021, while our `Dockerfile` was fixed to v1.1.6` (Feb 2018).

Startup time for this new image is around 5 seconds? (_The LDAP test uses a standard 20 second timeout check to wait until the server is ready before continuing with starting the DMS image_).

This commit migrates to `bitnami/openldap` which required modifying the `01_mail-tree.ldif` to also include adding the root object to start successfully. This image is actively maintained and one of the most popular OpenLDAP images on DockerHub.

The user account `.ldif` files have minimal changes:
- Lines moved around for better organization
- Additional comments for context
- Removal of inherited `objectClass` attributes (`person`, `top`) from the `orgnizationalPerson` class. Attribute `sn` changed to long form `surname` and values corrected with `givenName`. `changetype: add` was also not necessary.

Additionally the image does not support the `.schema` format, they must be converted to `.ldif` which has been done for `postfix-book.schema`.

See PR for more details.

test/config/ldap/docker-openldap/Dockerfile

@@ -1,5 +0,0 @@
-FROM osixia/openldap:1.1.6
-LABEL maintainer="Dennis Stumm <dstumm95@gmail.com>"
-
-COPY bootstrap /container/service/slapd/assets/config/bootstrap
-RUN rm /container/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema

test/config/ldap/docker-openldap/bootstrap/ldif/01_mail-tree.ldif

@@ -1,5 +1,11 @@
+# The root object, all entries will branch off this one:
+dn: dc=localhost,dc=localdomain
+objectClass: dcObject
+objectClass: organization
+dc: localhost
+o: DMS Test
+
+# User accounts will belong to this subtree:
 dn: ou=people,dc=localhost,dc=localdomain
-changetype: add
 objectClass: organizationalUnit
-objectClass: top
 ou: people

test/config/ldap/docker-openldap/bootstrap/ldif/02_user-email.ldif

@@ -1,25 +1,22 @@
-# --------------------------------------------------------------------
+# NOTE: A standard user account to test against
-# Create mail accounts
-# --------------------------------------------------------------------
-# Some User
 dn: uniqueIdentifier=some.user,ou=people,dc=localhost,dc=localdomain
-changetype: add
 objectClass: organizationalPerson
-objectClass: person
-objectClass: top
 objectClass: PostfixBookMailAccount
 objectClass: extensibleObject
 cn: Some User
-givenName: User
+givenName: Some
+surname: User
+uniqueIdentifier: some.user
+# Password is: secret
+userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx
 mail: some.user@localhost.localdomain
+# postfix-book.schema:
 mailAlias: postmaster@localhost.localdomain
 mailGroupMember: employees@localhost.localdomain
-mailEnabled: TRUE
-mailGidNumber: 5000
 mailHomeDirectory: /var/mail/localhost.localdomain/some.user/
-mailQuota: 10240
 mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.user/
+# postfix-book.schema generic options:
+mailEnabled: TRUE
 mailUidNumber: 5000
-sn: Some
+mailGidNumber: 5000
-uniqueIdentifier: some.user
+mailQuota: 10240
-userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx

test/config/ldap/docker-openldap/bootstrap/ldif/03_user-email-other-primary-domain.ldif

@@ -1,25 +1,23 @@
-# --------------------------------------------------------------------
+# NOTE: This user differs via the domain-part of their mail address
-# Create mail accounts
+# They also have their mail directory attributes using the primary domain, not their domain-part
-# --------------------------------------------------------------------
-# Some User
 dn: uniqueIdentifier=some.other.user,ou=people,dc=localhost,dc=localdomain
-changetype: add
 objectClass: organizationalPerson
-objectClass: person
-objectClass: top
 objectClass: PostfixBookMailAccount
 objectClass: extensibleObject
 cn: Some Other User
-givenName: Other User
+givenName: Some
+surname: Other User
+uniqueIdentifier: some.other.user
+# Password is: secret
+userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx
 mail: some.other.user@localhost.otherdomain
+# postfix-book.schema:
 mailAlias: postmaster@localhost.otherdomain
 mailGroupMember: employees@localhost.otherdomain
-mailEnabled: TRUE
-mailGidNumber: 5000
 mailHomeDirectory: /var/mail/localhost.localdomain/some.other.user/
-mailQuota: 10240
 mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.other.user/
+# postfix-book.schema generic options:
+mailEnabled: TRUE
 mailUidNumber: 5000
-sn: Some
+mailGidNumber: 5000
-uniqueIdentifier: some.other.user
+mailQuota: 10240
-userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx

test/config/ldap/docker-openldap/bootstrap/ldif/04_user-email-different-uid.ldif

@@ -1,23 +1,21 @@
-# --------------------------------------------------------------------
+# NOTE: This user differs by local-part of mail address not matching their uniqueIdentifier attribute
-# Create mail accounts
+# They also do not have any alias or groups configured
-# --------------------------------------------------------------------
-# Some User
 dn: uniqueIdentifier=some.user.id,ou=people,dc=localhost,dc=localdomain
-changetype: add
 objectClass: organizationalPerson
-objectClass: person
-objectClass: top
 objectClass: PostfixBookMailAccount
 objectClass: extensibleObject
 cn: Some User
-givenName: User
+givenName: Some
-mail: some.user.email@localhost.localdomain
+surname: User
-mailEnabled: TRUE
-mailGidNumber: 5000
-mailHomeDirectory: /var/mail/localhost.localdomain/some.user.id/
-mailQuota: 10240
-mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.user.id/
-mailUidNumber: 5000
-sn: Some
 uniqueIdentifier: some.user.id
+# Password is: secret
 userPassword: {SSHA}eLtqGpid+hkSVhxvsdTPztv4uapRofGx
+mail: some.user.email@localhost.localdomain
+# postfix-book.schema:
+mailHomeDirectory: /var/mail/localhost.localdomain/some.user.id/
+mailStorageDirectory: maildir:/var/mail/localhost.localdomain/some.user.id/
+# postfix-book.schema generic options:
+mailEnabled: TRUE
+mailUidNumber: 5000
+mailGidNumber: 5000
+mailQuota: 10240

test/config/ldap/docker-openldap/bootstrap/schema/mmc/postfix-book.schema

@@ -1,70 +0,0 @@
-# $Id$
-#
-# State of Mind
-# Private Enterprise Number: 29426
-#
-# OID prefix: 1.3.6.1.4.1.29426
-#
-# Attributes: 1.3.6.1.4.1.29426.1.10.x
-#
-
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory'
-	DESC 'The absolute path to the mail user home directory'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias'
-        DESC 'RFC822 Mailbox - mail alias'
-        EQUALITY caseIgnoreIA5Match
-        SUBSTR caseIgnoreIA5SubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber'
-        DESC 'UID required to access the mailbox'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber'
-        DESC 'GID required to access the mailbox'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled'
-	DESC 'TRUE to enable, FALSE to disable account'
-        EQUALITY booleanMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember'
-	DESC 'Name of a mail distribution list'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota'
-	DESC 'Mail quota limit in kilobytes'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory'
-	DESC 'The absolute path to the mail users mailbox'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-
-#
-# Objects: 1.3.6.1.4.1.29426.1.2.2.x
-#
-
-objectclass ( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount'
-        SUP top AUXILIARY
-	DESC 'Mail account used in Postfix Book'
-	MUST ( mail )
-        MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember
-		$ mailUidNumber $ mailGidNumber $ mailEnabled
-		$ mailQuota $mailStorageDirectory ) )
-
-objectclass ( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForward'
-        SUP top AUXILIARY
-	DESC 'Mail forward used in Postfix Book'
-	MUST ( mail $ mailAlias ))
-

test/config/ldap/docker-openldap/bootstrap/schemas/postfix-book.ldif

@@ -0,0 +1,14 @@
+dn: cn=postfix-book,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: postfix-book
+olcAttributeTypes: {0}( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory' DESC 'The absolute path to the mail user home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias' DESC 'RFC822 Mailbox - mail alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber' DESC 'UID required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber' DESC 'GID required to access the mailbox' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled' DESC 'TRUE to enable, FALSE to disable account' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember' DESC 'Name of a mail distribution list' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota' DESC 'Mail quota limit in kilobytes' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory' DESC 'The absolute path to the mail users mailbox' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+# PostfixBook object classes:
+olcObjectClasses: {0}( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount' DESC 'Mail account used in Postfix Book' SUP top AUXILIARY MUST mail MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember $ mailUidNumber $ mailGidNumber $ mailEnabled $ mailQuota $ mailStorageDirectory ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForward' DESC 'Mail forward used in Postfix Book' SUP top AUXILIARY MUST ( mail $ mailAlias ) )

test/tests/serial/mail_with_ldap.bats

@@ -19,15 +19,18 @@ function setup_file() {
   docker network create "${DMS_TEST_NETWORK}"
 
   # Setup local openldap service:
-  # NOTE: Building via Dockerfile is required? Image won't accept read-only if it needs to adjust permissions for bootstrap files.
+  docker run --rm -d --name "${CONTAINER2_NAME}" \
-  # TODO: Upstream image is no longer maintained, may want to migrate?
+    --env LDAP_ADMIN_PASSWORD=admin \
-  docker build -t dms-openldap test/config/ldap/docker-openldap/
+    --env LDAP_ROOT='dc=localhost,dc=localdomain' \
-
+    --env LDAP_PORT_NUMBER=389 \
-  docker run -d --name "${CONTAINER2_NAME}" \
+    --env LDAP_SKIP_DEFAULT_TREE=yes \
-    --env LDAP_DOMAIN="${FQDN_LOCALHOST_A}" \
+    --volume './test/config/ldap/docker-openldap/bootstrap/ldif/:/ldifs/:ro' \
+    --volume './test/config/ldap/docker-openldap/bootstrap/schemas/:/schemas/:ro' \
     --hostname "${FQDN_LDAP}" \
     --network "${DMS_TEST_NETWORK}" \
-    dms-openldap
+    bitnami/openldap:latest
+
+  _run_until_success_or_timeout 20 sh -c "docker logs ${CONTAINER2_NAME} 2>&1 | grep 'LDAP setup finished'"
 
   #
   # Setup DMS container