commit 19cfbf611caee98c283878dbe61866963ebbebf5
Author: János Pásztor <janos@pasztor.at>
Date:   Fri Jul 6 18:05:47 2018 +0200

    Initial version

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..ff25e37
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,9 @@
+FROM alpine
+
+RUN apk add --no-cache openldap openldap-clients openldap-back-ldap openldap-overlay-deref ldapvi && mkdir -p /run/openldap
+
+COPY root /
+
+EXPOSE 389 636
+
+CMD ["/usr/sbin/slapd", "-d", "256", "-u", "ldap", "-g", "ldap","-F", "/etc/openldap", "-h", "ldap://0.0.0.0"]
diff --git a/root/etc/openldap/ldap.conf b/root/etc/openldap/ldap.conf
new file mode 100644
index 0000000..9462e01
--- /dev/null
+++ b/root/etc/openldap/ldap.conf
@@ -0,0 +1,21 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE	dc=example,dc=com
+#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never
+
+SIZELIMIT	10000
+TIMELIMIT	60
+
+BASE            dc=karinthy,dc=hu
+URI             ldap://127.0.0.1/
+#TLS_REQCERT     allow
+TLS_CACERT	/etc/openldap/ssl/cacert.pem
diff --git a/root/etc/openldap/schema/kfg.schema b/root/etc/openldap/schema/kfg.schema
new file mode 100644
index 0000000..107d758
--- /dev/null
+++ b/root/etc/openldap/schema/kfg.schema
@@ -0,0 +1,14 @@
+# kfg 20110326
+
+attributeTypes ( 1.3.6.1.4.1.999999.1.1
+    NAME 'firewallPolicy'
+    DESC 'Firewall policy name.'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.999999.2.1
+    NAME 'firewallUser'
+    DESC 'Firewall user'
+    SUP top
+    AUXILIARY
+    MAY ( firewallPolicy ) )
diff --git a/root/etc/openldap/schema/mailsrv.schema b/root/etc/openldap/schema/mailsrv.schema
new file mode 100644
index 0000000..f6452d5
--- /dev/null
+++ b/root/etc/openldap/schema/mailsrv.schema
@@ -0,0 +1,69 @@
+# mail srv 20150211
+
+attributeTypes ( 2.16.840.1.113730.3.1.12
+    NAME 'mailAccessDomain'
+    DESC 'RFC822 email domain.'
+    EQUALITY caseIgnoreMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+attributeTypes ( 2.16.840.1.113730.3.1.13
+    NAME 'mailLocalAddress'
+    DESC 'RFC822 email address of this recipient.'
+    EQUALITY caseIgnoreMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+attributeTypes ( 2.16.840.1.113730.3.1.17
+    NAME 'mailForwardingAddress'
+    DESC 'RFC822 forwarding addresses for inbound messages.'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+attributetypes ( 2.16.840.1.113730.3.1.18
+    NAME 'mailHost'
+    DESC 'FQDN of the SMTP/MTA of this recipient'
+    EQUALITY caseIgnoreMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+attributetypes ( 2.16.840.1.113730.3.1.21
+    NAME 'mailQuota'
+    DESC 'Mailbox quota in bytes'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+attributeTypes ( 2.16.840.1.113730.3.1.770
+    NAME 'mailDomainStatus'
+    DESC 'Mail domain administrative status: active, inactive, disabled, deleted, hold, overquota, unused'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+attributeTypes ( 2.16.840.1.113730.3.1.775
+    NAME ( 'mailSieveRuleSource' )
+    DESC 'RFC3028 SIEVE rule'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+attributeTypes ( 2.16.840.1.113730.3.1.778
+    NAME 'mailUserStatus'
+    DESC 'Mail user administrative status: active, inactive, disabled, deleted, removed, hold, overquota'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+
+objectclass ( 2.16.840.1.113730.3.2.2000
+    NAME 'inetMailRecipient'
+    DESC 'mail address'
+    SUP top
+    AUXILIARY
+    MUST ( mailLocalAddress )
+    MAY ( mailUserStatus $ mailHost ) )
+objectclass ( 2.16.840.1.113730.3.2.2001
+    NAME 'inetMailbox'
+    DESC 'user mailbox'
+    SUP top
+    AUXILIARY
+    MUST ( mailLocalAddress )
+    MAY ( mailUserStatus $ mailHost $ mailSieveRuleSource $ mailQuota ) )
+objectclass ( 2.16.840.1.113730.3.2.2002
+    NAME 'inetMailForwarding'
+    DESC 'mail forwarding rule'
+    SUP top
+    AUXILIARY
+    MUST ( mailLocalAddress $ mailForwardingAddress )
+    MAY ( mailUserStatus $ mailHost ) )
+objectclass ( 2.16.840.1.113730.3.2.2003
+    NAME 'inetMailDomain'
+    DESC 'mail domain'
+    SUP top
+    AUXILIARY
+    MUST ( mailAccessDomain )
+    MAY ( mailDomainStatus $ mailHost ) )
diff --git a/root/etc/openldap/slapd.conf b/root/etc/openldap/slapd.conf
new file mode 100644
index 0000000..98f8a63
--- /dev/null
+++ b/root/etc/openldap/slapd.conf
@@ -0,0 +1,30 @@
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/inetorgperson.schema
+include		/etc/openldap/schema/nis.schema
+include		/etc/openldap/schema/samba.schema
+include		/etc/openldap/schema/spamassassin.schema
+include		/etc/openldap/schema/mailsrv.schema
+include		/etc/openldap/schema/kfg.schema
+
+password-hash {crypt}
+
+TLSCACertificateFile /etc/openldap/ssl/cacert.pem  
+
+#pidfile		/run/openldap/slapd.proxy.pid
+#argsfile	/run/openldap/slapd.proxy.args
+
+moduleload	back_ldap.so
+moduleload	deref.so
+
+loglevel	stats
+
+idletimeout	3600
+sizelimit	10000
+timelimit	60
+
+database        ldap
+suffix          "dc=karinthy,dc=hu"
+uri		"ldaps://ldap1.karinthy.hu:636 ldaps://ldap2.karinthy.hu:636"
+
+overlay		deref
diff --git a/root/etc/openldap/ssl/cacert.pem b/root/etc/openldap/ssl/cacert.pem
new file mode 100644
index 0000000..bb0c221
--- /dev/null
+++ b/root/etc/openldap/ssl/cacert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF+zCCA+OgAwIBAgIJAIsPMOiVJsB4MA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD
+VQQGEwJIVTEQMA4GA1UECAwHSHVuZ2FyeTERMA8GA1UEBwwIQnVkYXBlc3QxIzAh
+BgNVBAoMGkthcmludGh5IEZyaWd5ZXMgR2ltbmF6aXVtMRIwEAYDVQQLDAlDQSBT
+ZXJ2ZXIxJjAkBgNVBAMMHUthcmludGh5IEZyaWd5ZXMgR2ltbmF6aXVtIENBMB4X
+DTE1MDQxNzIzMjQwMloXDTM1MDQxNjIzMjQwMlowgZMxCzAJBgNVBAYTAkhVMRAw
+DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhCdWRhcGVzdDEjMCEGA1UECgwaS2Fy
+aW50aHkgRnJpZ3llcyBHaW1uYXppdW0xEjAQBgNVBAsMCUNBIFNlcnZlcjEmMCQG
+A1UEAwwdS2FyaW50aHkgRnJpZ3llcyBHaW1uYXppdW0gQ0EwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDbEQVeiJjqVu+2v6PQVeK6sOVimiDT0nsAGd8X
+jtA3qai1WwpR9z1287+iYbIA6Ekt7nUbJJa0IHO3sdO4wTZcTuDBoyy2X0DyQLD4
+dB/tZPDOmgvKghqx5Ovq4beivfoLm/Pfa9HUyqZWwQ7CxqV6SGTTqZNqnA87g4N0
+t2caa0qJveEAb/zdUe9oG1ejQk9MWSu6L+lK2XLm00xkf49pwO4azBOhUpo9N+Eh
+OVKwp6aatwddEojPOVJeSl74XJJHT53Sbv5z+oOsvoxL3y2x/dBON7tGYtzDf5fo
+ivPIdCjYw2Nefej13F7+Tw4J23MSnnpzHhVVUsCnNOztvjbuI4P2UbBsWJ4/80oj
+3fuSXC1/jCAQlxAB75SSl8EFC2/PiDJbtK56lTBr808tTKz141RrXl/GEd+E0NIM
++4vDkEG9ABrKCD73nhnL3fqHBGNZWGM47O4nachp0FeOYfDVmTfPZm6oSbWU0i6p
+orh/9dVdNloWFz1e6t3JxCnR+V42HAe1/3c1GVWjxDGqBmUtcjDCeHsPqCkJPA0A
+lET8emsmSaIHThZ3iAEB1UlkGi/h9Y0fHh+Izado0fytaq+WqXZuJFkgagC2MHy8
+CIkSSXmNVCBJfkTFqVSaC/kNU1xdN8q/KuzmqcbbIXhrxZF3T33CTFjY2OABsdmQ
+AE7KQQIDAQABo1AwTjAdBgNVHQ4EFgQUDqWzQGfRM+7Yrx1uhxohaQ+L7PwwHwYD
+VR0jBBgwFoAUDqWzQGfRM+7Yrx1uhxohaQ+L7PwwDAYDVR0TBAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAnwMfezC2XjfemDkcmwx/T1sRVEFE7QxKiism0l3AR+6e
+MCG3UH/C/HfFkfFgZoJHXmj0vl9v/k/K6emaX7oz26rANFTKqGdAgakCRqBubqLr
+fhEF0naRO6lAkJ0fxFfHLSlCjqdeTew+/tV5PemqpGvvuI1La6wdG4XMhnXY+Lxf
+Tqi4nM3vwirc16MoEaNKwzoJG57QwEzavv6A92baWjG2o3/BHrJHFot2aBelm0WB
+IK/Eew7HGG73pW2uGJhSFr3wyGdsg3KR68vni1aMYCDETe4GIcjcmtQVb8aydxg6
+31SkOtuPnLo0aB+SVeZkejnfqSJvhx+EOe4iJHhf+BNhSAR3tak5LMxvsk+QDfkD
+zdkjHLQmgQxZgq7rBVCz8D7Yn9L/DT5zpSknhySHCVacugkRS5gRb+W+9PD2qNLf
+UZva8ThBtl4rR7uZWwYT1hrcBPLwabX8IBgJXumhKcn9KdA9db7I53FcCoGrDWzn
+bf+DeBQ66GMBAtIHSlXek3M41nqY6XXEXgFxebJDXPIIzW9AEhowsyy+Hr4t3tDo
+sHX24YWckb4hMnzwUd4RuHXEowCg04woC4JpGSCQmsSS0Fm13daFedHEiV9FZ6dU
+rDvhraus8/qGCkYH5/6m1qr6bYoEurHXBuYq9UyqYTMl94IcIolcdiqrdocG+WY=
+-----END CERTIFICATE-----