# GNS3 appliance https://hub.docker.com/r/gns3/ubuntu
FROM gns3/ubuntu:noble

# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive
ENV LDAP_SUFFIX="dc=example,dc=com"
ENV LDAP_ROOT_ADMIN_DN="cn=admin,dc=example,dc=com"
ENV LDAP_ROOT_ADMIN_PASSWORD="ldapAdMiNPassw0rd!"

# Install OpenLDAP, utilities, and networking tools
RUN apt-get update && \
    apt-get install -y \
    slapd \
    ldap-utils \
    iproute2 \
    iputils-ping \
    && apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Preconfigure slapd with debconf using the LDAP_ROOT_ADMIN_PASSWORD
RUN echo "slapd slapd/internal/generated_adminpw password ${LDAP_ROOT_ADMIN_PASSWORD}" | debconf-set-selections && \
    echo "slapd slapd/internal/adminpw password ${LDAP_ROOT_ADMIN_PASSWORD}" | debconf-set-selections && \
    echo "slapd slapd/password2 password ${LDAP_ROOT_ADMIN_PASSWORD}" | debconf-set-selections && \
    echo "slapd slapd/password1 password ${LDAP_ROOT_ADMIN_PASSWORD}" | debconf-set-selections && \
    echo "slapd slapd/domain string example.com" | debconf-set-selections && \
    echo "slapd shared/organization string Example Organization" | debconf-set-selections && \
    echo "slapd slapd/backend string MDB" | debconf-set-selections && \
    echo "slapd slapd/purge_database boolean true" | debconf-set-selections && \
    echo "slapd slapd/move_old_database boolean true" | debconf-set-selections && \
    echo "slapd slapd/allow_ldap_v2 boolean false" | debconf-set-selections

# Reconfigure slapd with the new settings
RUN dpkg-reconfigure -f noninteractive slapd

# Expose LDAP ports
EXPOSE 389 636

# Copy the LDIF file into the container
COPY add_fortigate_user.ldif /tmp/add_fortigate_user.ldif

# Add a script to apply the LDIF after slapd starts
RUN echo '#!/bin/bash\n\
# Configure network interfaces\n\
ip link set eth0 up\n\
ip addr add 192.168.0.2/24 dev eth0 2>/dev/null || true\n\
\n\
# Start LDAP service\n\
service slapd start\n\
\n\
# Wait a moment for slapd to be fully up\n\
sleep 5\n\
\n\
# Add the admin user from the LDIF file using the LDAP_ROOT_ADMIN credentials\n\
echo "Adding admin user to LDAP using LDAP_ROOT_ADMIN credentials..."\n\
ldapadd -x -D "${LDAP_ROOT_ADMIN_DN}" -w "${LDAP_ROOT_ADMIN_PASSWORD}" -f /tmp/add_fortigate_user.ldif\n\
\n\
# Verify the user was added (optional)\n\
echo "Verifying admin user exists:"\n\
ldapsearch -x -D "${LDAP_ROOT_ADMIN_DN}" -w "${LDAP_ROOT_ADMIN_PASSWORD}" -b "${LDAP_SUFFIX}" "(cn=admin)"\n\
\n\
echo "LDAP Server started successfully!"\n\
echo "LDAP Suffix: ${LDAP_SUFFIX}"\n\
echo "LDAP Root Admin DN: ${LDAP_ROOT_ADMIN_DN}"\n\
echo "LDAP URI: ldap://localhost:389"\n\
echo "Network configured:"\n\
echo "  eth0: 192.168.0.2/24"\n\
echo ""\n\
echo "To watch slapd daemon output, run:"\n\
echo "  tail -f /var/log/slapd.log 2>/dev/null || tail -f /dev/null"\n\
exec /bin/bash\n\
' > /start-ldap.sh && chmod +x /start-ldap.sh

# Set the startup script as the entry point
CMD ["/start-ldap.sh"]