FROM debian:buster-slim AS builder
ADD build.sh /
# https://rt.symas.com/rt/Ticket/Display.html?id=1628
# Fix access log ADD/DELETE order bug
# ADD its9295.patch /
RUN /build.sh

FROM debian:buster-slim
LABEL maintainer="sfeng@stanford.edu"

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && \
	apt-get install -y -qq \
	ca-certificates \
	coreutils \
	libsasl2-2 \
	libltdl7 \
	libtcmalloc-minimal4 \
	libsasl2-modules-gssapi-mit \
	openssl \
	lmdb-utils \
	krb5-user \
	gnupg \
	kstart \
	procps

# local apt repos
RUN apt-get -qq update \
    && count=0 \
    && until apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FDF37CD4279D4962 || [ $count -eq 5 ]; \
    do \
        count=`expr $count + 1`; sleep $count; \
    done

# Add souces file to find stanford-server-directory package
ADD etc/apt/sources.list.d/stanford.list /etc/apt/sources.list.d/stanford.list
ADD etc/apt/sources.list.d/local.list /etc/apt/sources.list.d/local.list
RUN apt-get update --allow-unauthenticated \
    && apt-get --assume-yes --allow-unauthenticated install --no-install-recommends \
        stanford-keyring \
        libreadonly-perl \
        stanford-server-directory

# Copy software from stage image
COPY --from=builder /artifacts /

RUN rm -rfv /etc/ldap/slapd.d/* \
	&& mkdir -p /etc/ldap/sasl2 \
	&& echo "mech_list: GSSAPI EXTERNAL" >> /etc/ldap/sasl2/slapd.conf \
	&& mkdir -p /var/lib/ldap/accesslog \
	&& mkdir -p /var/lib/ldap/logs \
	&& ln -s /var/lib/ldap/logs/ldap /var/log/ldap \
	&& openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.pem -days 365 -nodes -subj "/CN=$HOSTNAME"

# krb5 conf, sldapd conf, sasldauthd conf
COPY etc /etc/

# Link default configuration path to customized paths
RUN ln -s /usr/lib/slapd /usr/sbin/slapd \
	&& ln -sf /etc/ldap/sasl2/slapd.conf /usr/lib/sasl2/slapd.conf

# Start up file
COPY start.sh /start.sh

# Expose these ports
EXPOSE 389 636
  
WORKDIR /workspace
CMD ["/bin/bash"]