kenoxa
diff --git a/‎.gitignore
+2 b/‎.gitignore
+2
diff --git a/‎Dockerfile.bootstrap
+26 b/‎Dockerfile.bootstrap
+26
diff --git a/‎Dockerfile.final
+34 b/‎Dockerfile.final
+34
diff --git a/‎Readme.md
+98 b/‎Readme.md
+98
diff --git a/‎bootstrap/bootstrap.sh
+39 b/‎bootstrap/bootstrap.sh
+39
diff --git a/‎bootstrap/config/00_partition.ldif
+37 b/‎bootstrap/config/00_partition.ldif
+37
diff --git a/‎bootstrap/config/01_msad.ldif
+75 b/‎bootstrap/config/01_msad.ldif
+75
diff --git a/‎bootstrap/data/00_people.ldif
+5 b/‎bootstrap/data/00_people.ldif
+5
diff --git a/‎bootstrap/data/10_people_amy.ldif
+14 b/‎bootstrap/data/10_people_amy.ldif
+14
@@ -0,0 +1,2 @@
+packages/
+build_out/
@@ -0,0 +1,26 @@
+# Must be 11 or less because of https://issues.apache.org/jira/browse/DIRSTUDIO-1277
+FROM openjdk:11-jre-slim
+
+WORKDIR /opt
+
+COPY packages/apacheds.deb .
+COPY bootstrap bootstrap
+COPY tools/import-ldif.sh /usr/local/bin/import-ldif
+COPY tools/ldap-ready.sh /usr/local/bin/ldap-ready
+
+RUN apt-get update && \
+  apt-get install -y --no-install-recommends ldap-utils procps && \
+  rm -rf /var/lib/apt/lists/* && \
+  dpkg -i apacheds.deb && \
+  rm -f apacheds.deb
+
+ENV LDAP_BINDDN=${LDAP_BINDDN:-"uid=admin,ou=system"}
+ENV LDAP_SECRET=${LDAP_SECRET:-"secret"}
+ENV APACHEDS_VERSION=${APACHEDS_VERSION:-"2.0.0.AM26"}
+ENV APACHEDS_INSTANCE_DIR=/var/lib/apacheds-${APACHEDS_VERSION}/default
+
+ENV PATH=/opt/apacheds-${APACHEDS_VERSION}/bin:${PATH}
+
+EXPOSE 10389 10636
+
+ENTRYPOINT ["/opt/bootstrap/bootstrap.sh"]
@@ -0,0 +1,34 @@
+# Based upon:
+# https://github.com/OpenIdentityPlatform/OpenDJ/blob/825e1d6/opendj-packages/opendj-docker/Dockerfile
+
+# Must be 11 or less because of https://issues.apache.org/jira/browse/DIRSTUDIO-1277
+FROM openjdk:11-jre-slim
+
+WORKDIR /tmp
+
+COPY packages/apacheds.deb .
+COPY packages/dumb-init /usr/local/bin/dumb-init
+COPY build_out/data.tar .
+COPY tools/ldap-ready.sh /usr/local/bin/ldap-ready
+COPY run.sh /run.sh
+
+ENV LDAP_BINDDN=${LDAP_BINDDN:-"uid=admin,ou=system"}
+ENV LDAP_SECRET=${LDAP_SECRET:-"secret"}
+ENV APACHEDS_VERSION=${APACHEDS_VERSION:-"2.0.0.AM26"}
+ENV APACHEDS_INSTANCE=${APACHEDS_INSTANCE:-"default"}
+ENV APACHEDS_INSTANCE_DIR=/var/lib/apacheds-${APACHEDS_VERSION}/${APACHEDS_INSTANCE}
+
+RUN apt-get update && \
+  apt-get install -y --no-install-recommends ldap-utils procps && \
+  rm -rf /var/lib/apt/lists/* && \
+  dpkg -i apacheds.deb && \
+  rm -f apacheds.deb && \
+  tar -xf data.tar -C /var/lib/apacheds-${APACHEDS_VERSION}/ && \
+  rm -f data.tar ${APACHEDS_INSTANCE_DIR}/conf/config.ldif
+
+ENV PATH=/opt/apacheds-${APACHEDS_VERSION}/bin:${PATH}
+
+EXPOSE 10389 10636
+
+WORKDIR /
+ENTRYPOINT ["/run.sh"]
@@ -0,0 +1,98 @@
+# docker-test-apacheds
+
+The purpose of this repository is to provide an [Apache
+DS](https://directory.apache.org/apacheds/) Docker image that can be used for
+integration testing. The main goal being to be able to test the VirtualListView
+control.
+
+## Building And Running
+
+1. Run `build.sh` to generate the image
+2. Run `docker run --rm -it -p 389:10389 --name apacheds apacheds` to start
+a server
+
+## Testing The VLV Control
+
+Using the `ldapsearch` tool from the [UnboundId
+SDK](https://github.com/pingidentity/ldapsdk/releases), we can issue a search
+that contains the VLV control by:
+
+```sh
+/ldapsearch --hostname localhost --port 389 \
+  --bindDN 'uid=admin,ou=system' --bindPassword 'secret' \
+  --baseDN 'dc=planetexpress,dc=com' \
+  --requestedAttribute 'uid' \
+  --sortOrder '+uid:2.5.13.6' \
+  --virtualListView 0:2:1:1 \
+  '(objectClass=person)'
+```
+
+Note: the ordering rule `2.5.13.6` is `caseExactOrderingMatch`.
+
+If we capture the above request with [Wireshark](https://wireshark.org/),
+we can see that the request is:
+
+```
+02 00 00 00 45 00 00 e3 00 00 40 00 40 06 00 00   ....E.....@.@...
+7f 00 00 01 7f 00 00 01 d8 5f 01 85 9d 64 ea 73   ........._...d.s
+af 77 1e fa 80 18 18 eb fe d7 00 00 01 01 08 0a   .w..............
+1a d2 0d 02 1a d2 0c fe 30 81 ac 02 01 02 63 46   ........0.....cF
+04 17 64 63 3d 70 6c 61 6e 65 74 65 78 70 72 65   ..dc=planetexpre
+73 73 2c 64 63 3d 63 6f 6d 0a 01 02 0a 01 00 02   ss,dc=com.......
+01 00 02 01 00 01 01 00 a3 15 04 0b 6f 62 6a 65   ............obje
+63 74 43 6c 61 73 73 04 06 70 65 72 73 6f 6e 30   ctClass..person0
+05 04 03 75 69 64 a0 5f 30 2d 04 16 31 2e 32 2e   ...uid._0-..1.2.
+38 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 34   840.113556.1.4.4
+37 33 04 13 30 11 30 0f 04 03 75 69 64 80 08 32   73..0.0...uid..2
+2e 35 2e 31 33 2e 36 30 2e 04 17 32 2e 31 36 2e   .5.13.60...2.16.
+38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34   840.1.113730.3.4
+2e 39 01 01 ff 04 10 30 0e 02 01 00 02 01 02 a0   .9.....0........
+06 02 01 01 02 01 01                              .......
+
+```
+
+And thus the controls are:
+
+```
+30 2d 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35
+35 36 2e 31 2e 34 2e 34 37 33 04 13 30 11 30 0f
+04 03 75 69 64 80 08 32 2e 35 2e 31 33 2e 36 30
+2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31
+33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 30
+0e 02 01 00 02 01 02 a0 06 02 01 01 02 01 01
+
+```
+
+Specifically, the Server Side Sorting control is:
+
+```
+30 2d 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35
+35 36 2e 31 2e 34 2e 34 37 33 04 13 30 11 30 0f
+04 03 75 69 64 80 08 32 2e 35 2e 31 33 2e 36
+```
+
+And the Virtual List View control is:
+
+```
+30 2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31
+31 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10
+30 0e 02 01 00 02 01 02 a0 06 02 01 01 02 01 01
+```
+
+Finally, the resulting response is:
+
+```
+02 00 00 00 45 00 00 65 00 00 40 00 40 06 00 00   ....E..e..@.@...
+7f 00 00 01 7f 00 00 01 01 85 d8 5f af 77 21 35   ..........._.w!5
+9d 64 eb 22 80 18 18 e8 fe 59 00 00 01 01 08 0a   .d.".....Y......
+1a d2 0d 0e 1a d2 0d 08 30 2f 02 01 02 65 07 0a   ........0/...e..
+01 00 04 00 04 00 a0 21 30 1f 04 16 31 2e 32 2e   .......!0...1.2.
+38 34 30 2e 31 31 33 35 35 36 2e 31 2e 34 2e 34   840.113556.1.4.4
+37 34 04 05 30 03 0a 01 00                        74..0....
+```
+
+The end result being that a `SortResult` control is included but not a
+`VLVResponse` control. Thus, we conclude that at this time Apache Directory
+Server does not actually support the VLV control. This is despite the server
+returning the control as supported when querying for the list of supported
+controls.
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -e
+
+BOOTSTRAP_DIR=/opt/bootstrap
+CONFIG_DIR=${BOOTSTRAP_DIR}/config
+DATA_DIR=${BOOTSTRAP_DIR}/data/
+
+echo "Bootstrapping server ..."
+apacheds start default
+ldap-ready
+wait
+
+data=$(find ${CONFIG_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort)
+for ldif in ${data}; do
+  echo "Processing file ${ldif}..."
+  ldapadd -x -H ldap://localhost:10389/ \
+    -D ${LDAP_BINDDN} \
+    -w ${LDAP_SECRET} \
+    -f ${ldif}
+done
+
+apacheds restart default
+ldap-ready
+wait
+
+echo "Load data..."
+data=$(find ${DATA_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort)
+for ldif in ${data}; do
+  echo "Processing file ${ldif}..."
+  ldapadd -x -H ldap://localhost:10389/ \
+    -D ${LDAP_BINDDN} \
+    -w ${LDAP_SECRET} \
+    -f ${ldif}
+done
+
+apacheds stop default
+cd /var/lib/apacheds-${APACHEDS_VERSION}/
+tar cf /build_out/data.tar .
@@ -0,0 +1,37 @@
+# https://unix.stackexchange.com/a/577250
+
+dn: ads-partitionId=planetexpress,ou=partitions,ads-directoryServiceId=default,ou=config
+objectclass: top
+objectClass: ads-base
+objectclass: ads-partition
+objectclass: ads-jdbmPartition
+ads-partitionSuffix: dc=planetexpress,dc=com
+ads-contextentry:: ZG46IGRjPXBsYW5ldGV4cHJlc3MsZGM9Y29tCmRjOiBwbGFuZXRleHByZXNzCm9iamVjdGNsYXNzOiBkb21haW4Kb2JqZWN0Y2xhc3M6IHRvcA==
+ads-jdbmpartitionoptimizerenabled: TRUE
+ads-partitioncachesize: 10000
+ads-partitionsynconwrite: TRUE
+ads-partitionid: planetexpress
+ads-enabled: TRUE
+
+dn: ou=indexes,ads-partitionId=planetexpress,ou=partitions,ads-directoryServiceId=default,ou=config
+objectclass: top
+objectclass: organizationalUnit
+ou: indexes
+
+dn: ads-indexAttributeId=uid,ou=indexes,ads-partitionId=planetexpress,ou=partitions,ads-directoryServiceId=default,ou=config
+objectclass: top
+objectclass: ads-base
+objectclass: ads-index
+objectclass: ads-jdbmIndex
+ads-indexAttributeId: uid
+ads-enabled: TRUE
+ads-indexhasreverse: FALSE
+
+dn: ads-indexAttributeId=dc,ou=indexes,ads-partitionId=planetexpress,ou=partitions,ads-directoryServiceId=default,ou=config
+objectclass: top
+objectclass: ads-base
+objectclass: ads-index
+objectclass: ads-jdbmIndex
+ads-indexAttributeId: dc
+ads-enabled: TRUE
+ads-indexhasreverse: FALSE
@@ -0,0 +1,75 @@
+## https://stackoverflow.com/a/34502363
+
+## Define base schema
+dn: cn=planetexpress, ou=schema
+objectclass: metaSchema
+objectclass: top
+cn: planetexpress
+
+dn: ou=attributetypes, cn=planetexpress, ou=schema
+objectclass: organizationalUnit
+objectclass: top
+ou: attributetypes
+
+## Add sAMAccountName
+dn: m-oid=1.2.840.113556.1.4.221, ou=attributetypes, cn=planetexpress, ou=schema
+objectclass: metaAttributeType
+objectclass: metaTop
+objectclass: top
+m-oid: 1.2.840.113556.1.4.221
+m-name: sAMAccountName
+m-equality: caseIgnoreMatch
+m-syntax: 1.3.6.1.4.1.1466.115.121.1.15
+m-singleValue: TRUE
+
+## Add memberOf
+dn: m-oid=1.2.840.113556.1.4.222, ou=attributetypes, cn=planetexpress, ou=schema
+objectclass: metaAttributeType
+objectclass: metaTop
+objectclass: top
+m-oid: 1.2.840.113556.1.4.222
+m-name: memberOf
+m-equality: caseIgnoreMatch
+m-syntax: 1.3.6.1.4.1.1466.115.121.1.15
+m-singleValue: FALSE
+
+dn: ou=objectclasses, cn=planetexpress, ou=schema
+objectclass: organizationalUnit
+objectclass: top
+ou: objectClasses
+
+dn: m-oid=1.2.840.113556.1.5.6, ou=objectclasses, cn=planetexpress, ou=schema
+objectclass: metaObjectClass
+objectclass: metaTop
+objectclass: top
+m-oid: 1.2.840.113556.1.5.6
+m-name: simulatedMicrosoftSecurityPrincipal
+m-supObjectClass: top
+m-typeObjectClass: AUXILIARY
+m-must: sAMAccountName
+m-may: memberOf
+
+### Add the groupType Attribute
+dn: m-oid=1.2.840.113556.1.4.750, ou=attributetypes, cn=planetexpress, ou=schema
+objectclass: metaAttributeType
+objectclass: metaTop
+objectclass: top
+m-oid: 1.2.840.113556.1.4.750
+m-name: groupType
+m-equality: caseIgnoreMatch
+m-syntax: 1.3.6.1.4.1.1466.115.121.1.27
+m-singleValue: TRUE
+
+### Add the group class
+dn: m-oid= 1.2.840.113556.1.5.8, ou=objectclasses, cn=planetexpress, ou=schema
+objectclass: metaObjectClass
+objectclass: metaTop
+objectclass: top
+m-oid:  1.2.840.113556.1.5.8
+m-description: A group of users
+m-name: Group
+m-supObjectClass: top
+m-typeObjectClass: STRUCTURAL
+m-must: groupType
+m-must: cn
+m-may: member
@@ -0,0 +1,5 @@
+dn: ou=people,dc=planetexpress,dc=com
+objectClass: top
+objectClass: organizationalUnit
+description: Planet Express crew
+ou: people
@@ -0,0 +1,14 @@
+dn: cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Amy Wong
+sn: Kroker
+description: Human
+givenName: Amy
+mail: [email protected]
+ou: Intern
+uid: amy
+userPassword:: e3NzaGF9M3UzcUdCSmFMc2tiUEg0OVJrYlFtUk9HTktFb1lOUXZkU2lOZmc9P
+ Q==