test(connector/ldap): rewrite tests to use a single server instance

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
5 years ago · f11db50369
8 changed files with 555 additions and 603 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -54,6 +54,9 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Start services
        run: docker-compose -f docker-compose.test.yaml up -d
      - name: Test
        run: make testall
        env:
@ -69,6 +72,9 @@ jobs:
          DEX_POSTGRES_PORT: ${{ job.services.postgres.ports[5432] }}
          DEX_ETCD_ENDPOINTS: http://localhost:${{ job.services.etcd.ports[2379] }}
          DEX_LDAP_TESTS: 1
          DEX_LDAP_HOST: localhost
          DEX_LDAP_PORT: 389
          DEX_LDAP_TLS_PORT: 636
          DEX_KEYSTONE_URL: http://localhost:${{ job.services.keystone.ports[5000] }}
          DEX_KEYSTONE_ADMIN_URL: http://localhost:${{ job.services.keystone.ports[35357] }}
          DEX_KEYSTONE_ADMIN_USER: demo
--- a/connector/ldap/ldap_test.go
+++ b/connector/ldap/ldap_test.go
@ -5,14 +5,10 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
 	"github.com/kylelemons/godebug/pretty"
 	"github.com/sirupsen/logrus"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
 	"github.com/dexidp/dex/connector"
 )
@ -47,29 +43,8 @@ type subtest struct {
 }
 func TestQuery(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestQuery,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
@ -81,7 +56,7 @@ userpassword: bar
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestQuery,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@ -92,7 +67,7 @@ userpassword: bar
 			username: "john",
 			password: "bar",
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=TestQuery,dc=example,dc=org",
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@ -112,32 +87,12 @@ userpassword: bar
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 func TestQueryWithEmailSuffix(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 userpassword: bar
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailSuffix = "test.example.com"
 	c.UserSearch.IDAttr = "DN"
@ -149,7 +104,7 @@ userpassword: bar
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "jane@test.example.com",
 				EmailVerified: true,
@ -160,7 +115,7 @@ userpassword: bar
 			username: "john",
 			password: "bar",
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org",
 				Username:      "john",
 				Email:         "john@test.example.com",
 				EmailVerified: true,
@ -168,53 +123,12 @@ userpassword: bar
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 func TestUserFilter(t *testing.T) {
 	schema := `
 dn: ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=People,ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: ou=People,ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=Seattle,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=jane,ou=People,ou=Portland,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoefromportland@example.com
 userpassword: baz
 dn: cn=john,ou=People,ou=Seattle,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=TestUserFilter,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
@ -227,7 +141,7 @@ userpassword: bar
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,ou=Seattle,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@ -238,7 +152,7 @@ userpassword: bar
 			username: "john",
 			password: "bar",
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,ou=Seattle,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org",
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@ -258,55 +172,17 @@ userpassword: bar
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 func TestGroupQuery(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Groups,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=admins,ou=Groups,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,dc=example,dc=org
 member: cn=jane,ou=People,dc=example,dc=org
 dn: cn=developers,ou=Groups,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,dc=example,dc=org
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestGroupQuery,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
 	c.UserSearch.Username = "cn"
-	c.GroupSearch.BaseDN = "ou=Groups,dc=example,dc=org"
+	c.GroupSearch.BaseDN = "ou=Groups,ou=TestGroupQuery,dc=example,dc=org"
 	c.GroupSearch.UserMatchers = []UserMatcher{
 		{
 			UserAttr:  "DN",
@ -322,7 +198,7 @@ member: cn=jane,ou=People,dc=example,dc=org
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestGroupQuery,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@ -335,7 +211,7 @@ member: cn=jane,ou=People,dc=example,dc=org
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=TestGroupQuery,dc=example,dc=org",
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@ -344,66 +220,17 @@ member: cn=jane,ou=People,dc=example,dc=org
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 func TestGroupsOnUserEntity(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 # Groups are enumerated as part of the user entity instead of the members being
 # a list on the group entity.
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 departmentNumber: 1000
 departmentNumber: 1001
 dn: cn=john,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 departmentNumber: 1000
 departmentNumber: 1002
 # Group definitions. Notice that they don't have any "member" field.
 dn: ou=Groups,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=admins,ou=Groups,dc=example,dc=org
 objectClass: posixGroup
 cn: admins
 gidNumber: 1000
 dn: cn=developers,ou=Groups,dc=example,dc=org
 objectClass: posixGroup
 cn: developers
 gidNumber: 1001
 dn: cn=designers,ou=Groups,dc=example,dc=org
 objectClass: posixGroup
 cn: designers
 gidNumber: 1002
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
 	c.UserSearch.Username = "cn"
-	c.GroupSearch.BaseDN = "ou=Groups,dc=example,dc=org"
+	c.GroupSearch.BaseDN = "ou=Groups,ou=TestGroupsOnUserEntity,dc=example,dc=org"
 	c.GroupSearch.UserMatchers = []UserMatcher{
 		{
 			UserAttr:  "departmentNumber",
@ -418,7 +245,7 @@ gidNumber: 1002
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@ -431,7 +258,7 @@ gidNumber: 1002
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org",
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@ -439,72 +266,17 @@ gidNumber: 1002
 			},
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 func TestGroupFilter(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=Groups,ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
 objectClass: groupOfNames
 cn: qa
 member: cn=john,ou=People,dc=example,dc=org
 dn: cn=admins,ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,dc=example,dc=org
 member: cn=jane,ou=People,dc=example,dc=org
 dn: cn=developers,ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,dc=example,dc=org
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestGroupFilter,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
 	c.UserSearch.Username = "cn"
-	c.GroupSearch.BaseDN = "dc=example,dc=org"
+	c.GroupSearch.BaseDN = "ou=TestGroupFilter,dc=example,dc=org"
 	c.GroupSearch.UserMatchers = []UserMatcher{
 		{
 			UserAttr:  "DN",
@ -521,7 +293,7 @@ member: cn=jane,ou=People,dc=example,dc=org
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestGroupFilter,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@ -534,7 +306,7 @@ member: cn=jane,ou=People,dc=example,dc=org
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=TestGroupFilter,dc=example,dc=org",
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@ -543,94 +315,17 @@ member: cn=jane,ou=People,dc=example,dc=org
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 func TestGroupToUserMatchers(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 uid: janedoe
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 uid: johndoe
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=UnixGroups,ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: UnixGroups
 dn: ou=Groups,ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=UnixGroups,ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: UnixGroups
 dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
 objectClass: groupOfNames
 cn: qa
 member: cn=john,ou=People,dc=example,dc=org
 dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
 objectClass: posixGroup
 gidNumber: 1000
 cn: logger
 memberUid: johndoe
 dn: cn=admins,ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,dc=example,dc=org
 member: cn=jane,ou=People,dc=example,dc=org
 dn: cn=developers,ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,dc=example,dc=org
 dn: cn=frontend,ou=UnixGroups,ou=Seattle,dc=example,dc=org
 objectClass: posixGroup
 gidNumber: 1001
 cn: frontend
 memberUid: janedoe
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
 	c.UserSearch.Username = "cn"
-	c.GroupSearch.BaseDN = "dc=example,dc=org"
+	c.GroupSearch.BaseDN = "ou=TestGroupToUserMatchers,dc=example,dc=org"
 	c.GroupSearch.UserMatchers = []UserMatcher{
 		{
 			UserAttr:  "DN",
@ -651,7 +346,7 @@ memberUid: janedoe
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@ -664,84 +359,29 @@ memberUid: janedoe
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org",
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
-				Groups:        []string{"qa", "admins", "logger"},
+				Groups:        []string{"admins", "qa", "logger"},
 			},
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 // Test deprecated group to user matching implementation
 // which was left for backward compatibility.
 // See "Config.GroupSearch.UserMatchers" comments for the details
 func TestDeprecatedGroupToUserMatcher(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=Groups,ou=Portland,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
 objectClass: groupOfNames
 cn: qa
 member: cn=john,ou=People,dc=example,dc=org
 dn: cn=admins,ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,dc=example,dc=org
 member: cn=jane,ou=People,dc=example,dc=org
 dn: cn=developers,ou=Groups,ou=Seattle,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,dc=example,dc=org
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
 	c.UserSearch.Username = "cn"
-	c.GroupSearch.BaseDN = "dc=example,dc=org"
+	c.GroupSearch.BaseDN = "ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org"
 	c.GroupSearch.UserAttr = "DN"
 	c.GroupSearch.GroupAttr = "member"
 	c.GroupSearch.NameAttr = "cn"
@ -754,7 +394,7 @@ member: cn=jane,ou=People,dc=example,dc=org
 			password: "foo",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
@ -767,7 +407,7 @@ member: cn=jane,ou=People,dc=example,dc=org
 			password: "bar",
 			groups:   true,
 			want: connector.Identity{
-				UserID:        "cn=john,ou=People,dc=example,dc=org",
+				UserID:        "cn=john,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org",
 				Username:      "john",
 				Email:         "johndoe@example.com",
 				EmailVerified: true,
@ -776,25 +416,12 @@ member: cn=jane,ou=People,dc=example,dc=org
 		},
 	}
-	runTests(t, schema, connectLDAP, c, tests)
+	runTests(t, connectLDAP, c, tests)
 }
 func TestStartTLS(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestStartTLS,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
@ -806,32 +433,19 @@ userpassword: foo
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestStartTLS,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
 			},
 		},
 	}
-	runTests(t, schema, connectStartTLS, c, tests)
+	runTests(t, connectStartTLS, c, tests)
 }
 func TestInsecureSkipVerify(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
@ -843,32 +457,19 @@ userpassword: foo
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
 			},
 		},
 	}
-	runTests(t, schema, connectInsecureSkipVerify, c, tests)
+	runTests(t, connectInsecureSkipVerify, c, tests)
 }
 func TestLDAPS(t *testing.T) {
 	schema := `
 dn: ou=People,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 `
 	c := &Config{}
-	c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
+	c.UserSearch.BaseDN = "ou=People,ou=TestLDAPS,dc=example,dc=org"
 	c.UserSearch.NameAttr = "cn"
 	c.UserSearch.EmailAttr = "mail"
 	c.UserSearch.IDAttr = "DN"
@ -880,14 +481,14 @@ userpassword: foo
 			username: "jane",
 			password: "foo",
 			want: connector.Identity{
-				UserID:        "cn=jane,ou=People,dc=example,dc=org",
+				UserID:        "cn=jane,ou=People,ou=TestLDAPS,dc=example,dc=org",
 				Username:      "jane",
 				Email:         "janedoe@example.com",
 				EmailVerified: true,
 			},
 		},
 	}
-	runTests(t, schema, connectLDAPS, c, tests)
+	runTests(t, connectLDAPS, c, tests)
 }
 func TestUsernamePrompt(t *testing.T) {
@ -915,89 +516,24 @@ func TestUsernamePrompt(t *testing.T) {
 	}
 }
-// runTests runs a set of tests against an LDAP schema. It does this by
+func getenv(key, defaultVal string) string {
-// setting up an OpenLDAP server and injecting the provided scheme.
+	if val := os.Getenv(key); val != "" {
 		return val
 	}
 	return defaultVal
 }
 // runTests runs a set of tests against an LDAP schema.
 //
-// The tests require Docker.
+// The tests require LDAP to be runnning.
 // You can use the provided docker-compose file to setup an LDAP server.
 //
 // The DEX_LDAP_TESTS must be set to "1"
-func runTests(t *testing.T, schema string, connMethod connectionMethod, config *Config, tests []subtest) {
+func runTests(t *testing.T, connMethod connectionMethod, config *Config, tests []subtest) {
 	if os.Getenv(envVar) != "1" {
 		t.Skipf("%s not set. Skipping test (run 'export %s=1' to run tests)", envVar, envVar)
 	}
 	wd, err := os.Getwd()
 	if err != nil {
 		t.Fatal(err)
 	}
 	tempDir, err := ioutil.TempDir("", "")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tempDir)
 	schemaPath := filepath.Join(tempDir, "schema.ldif")
 	if err := ioutil.WriteFile(schemaPath, []byte(schema), 0777); err != nil {
 		t.Fatal(err)
 	}
 	req := testcontainers.ContainerRequest{
 		Image:        "osixia/openldap:1.3.0",
 		ExposedPorts: []string{"389/tcp", "636/tcp"},
 		Cmd:          []string{"--copy-service"},
 		Env: map[string]string{
 			"LDAP_BASE_DN":           "dc=example,dc=org",
 			"LDAP_TLS":               "true",
 			"LDAP_TLS_VERIFY_CLIENT": "try",
 		},
 		BindMounts: map[string]string{
 			filepath.Join(wd, "testdata", "certs"): "/container/service/slapd/assets/certs",
 			schemaPath:                             "/container/service/slapd/assets/config/bootstrap/ldif/99-schema.ldif",
 		},
 		WaitingFor: wait.ForAll(
 			wait.ForLog("slapd starting").WithOccurrence(3).WithStartupTimeout(time.Minute),
 			wait.ForListeningPort("389/tcp"),
 			wait.ForListeningPort("636/tcp"),
 		),
 	}
 	ctx := context.Background()
 	slapd, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
 		ContainerRequest: req,
 		Started:          true,
 	})
 	if err != nil {
 		if slapd != nil {
 			logs, err := slapd.Logs(ctx)
 			if err == nil {
 				defer logs.Close()
 				logLines, err := ioutil.ReadAll(logs)
 				if err != nil {
 					t.Log(string(logLines))
 				}
 			}
 		}
 		t.Fatal(err)
 	}
 	defer slapd.Terminate(ctx)
 	ip, err := slapd.Host(ctx)
 	if err != nil {
 		t.Fatal(err)
 	}
 	port, err := slapd.MappedPort(ctx, "389")
 	if err != nil {
 		t.Fatal(err)
 	}
 	tlsPort, err := slapd.MappedPort(ctx, "636")
 	if err != nil {
 		t.Fatal(err)
 	}
 	// Shallow copy.
 	c := *config
@ -1005,17 +541,17 @@ func runTests(t *testing.T, schema string, connMethod connectionMethod, config *
 	// group search configuration.
 	switch connMethod {
 	case connectStartTLS:
-		c.Host = fmt.Sprintf("%s:%s", ip, port.Port())
+		c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_PORT", "389"))
 		c.RootCA = "testdata/certs/ca.crt"
 		c.StartTLS = true
 	case connectLDAPS:
-		c.Host = fmt.Sprintf("%s:%s", ip, tlsPort.Port())
+		c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_TLS_PORT", "636"))
 		c.RootCA = "testdata/certs/ca.crt"
 	case connectInsecureSkipVerify:
-		c.Host = fmt.Sprintf("%s:%s", ip, tlsPort.Port())
+		c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_TLS_PORT", "636"))
 		c.InsecureSkipVerify = true
 	case connectLDAP:
-		c.Host = fmt.Sprintf("%s:%s", ip, port.Port())
+		c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_PORT", "389"))
 		c.InsecureNoSSL = true
 	}
--- a/connector/ldap/testdata/schema.ldif
+++ b/connector/ldap/testdata/schema.ldif
@ -0,0 +1,447 @@
 dn: ou=TestQuery,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestQuery
 dn: ou=People,ou=TestQuery,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestQuery,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,ou=TestQuery,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 ########################################################################
 dn: ou=TestQueryWithEmailSuffix,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestQueryWithEmailSuffix
 dn: ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 userpassword: bar
 ########################################################################
 dn: ou=TestUserFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestUserFilter
 dn: ou=Seattle,ou=TestUserFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,ou=TestUserFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: ou=People,ou=Portland,ou=TestUserFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=jane,ou=People,ou=Portland,ou=TestUserFilter,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoefromportland@example.com
 userpassword: baz
 dn: cn=john,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 ########################################################################
 dn: ou=TestGroupQuery,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestGroupQuery
 dn: ou=People,ou=TestGroupQuery,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestGroupQuery,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,ou=TestGroupQuery,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Groups,ou=TestGroupQuery,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=admins,ou=Groups,ou=TestGroupQuery,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,ou=TestGroupQuery,dc=example,dc=org
 member: cn=jane,ou=People,ou=TestGroupQuery,dc=example,dc=org
 dn: cn=developers,ou=Groups,ou=TestGroupQuery,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,ou=TestGroupQuery,dc=example,dc=org
 ########################################################################
 dn: ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestGroupsOnUserEntity
 dn: ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 # Groups are enumerated as part of the user entity instead of the members being
 # a list on the group entity.
 dn: cn=jane,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 departmentNumber: 1000
 departmentNumber: 1001
 dn: cn=john,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 departmentNumber: 1000
 departmentNumber: 1002
 # Group definitions. Notice that they don't have any "member" field.
 dn: ou=Groups,ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=admins,ou=Groups,ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: posixGroup
 cn: admins
 gidNumber: 1000
 dn: cn=developers,ou=Groups,ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: posixGroup
 cn: developers
 gidNumber: 1001
 dn: cn=designers,ou=Groups,ou=TestGroupsOnUserEntity,dc=example,dc=org
 objectClass: posixGroup
 cn: designers
 gidNumber: 1002
 ########################################################################
 dn: ou=TestGroupFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestGroupFilter
 dn: ou=People,ou=TestGroupFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestGroupFilter,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,ou=TestGroupFilter,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Seattle,ou=TestGroupFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,ou=TestGroupFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=Groups,ou=Seattle,ou=TestGroupFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=Groups,ou=Portland,ou=TestGroupFilter,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=qa,ou=Groups,ou=Portland,ou=TestGroupFilter,dc=example,dc=org
 objectClass: groupOfNames
 cn: qa
 member: cn=john,ou=People,ou=TestGroupFilter,dc=example,dc=org
 dn: cn=admins,ou=Groups,ou=Seattle,ou=TestGroupFilter,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,ou=TestGroupFilter,dc=example,dc=org
 member: cn=jane,ou=People,ou=TestGroupFilter,dc=example,dc=org
 dn: cn=developers,ou=Groups,ou=Seattle,ou=TestGroupFilter,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,ou=TestGroupFilter,dc=example,dc=org
 ########################################################################
 dn: ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestGroupToUserMatchers
 dn: ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 uid: janedoe
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 uid: johndoe
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Seattle,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=Groups,ou=Seattle,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=UnixGroups,ou=Seattle,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: UnixGroups
 dn: ou=Groups,ou=Portland,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=UnixGroups,ou=Portland,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: organizationalUnit
 ou: UnixGroups
 dn: cn=qa,ou=Groups,ou=Portland,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: groupOfNames
 cn: qa
 member: cn=john,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org
 dn: cn=logger,ou=UnixGroups,ou=Portland,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: posixGroup
 gidNumber: 1000
 cn: logger
 memberUid: johndoe
 dn: cn=admins,ou=Groups,ou=Seattle,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org
 member: cn=jane,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org
 dn: cn=developers,ou=Groups,ou=Seattle,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org
 dn: cn=frontend,ou=UnixGroups,ou=Seattle,ou=TestGroupToUserMatchers,dc=example,dc=org
 objectClass: posixGroup
 gidNumber: 1001
 cn: frontend
 memberUid: janedoe
 ########################################################################
 dn: ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestDeprecatedGroupToUserMatcher
 dn: ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 dn: cn=john,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: john
 mail: johndoe@example.com
 userpassword: bar
 # Group definitions.
 dn: ou=Seattle,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Seattle
 dn: ou=Portland,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Portland
 dn: ou=Groups,ou=Seattle,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: ou=Groups,ou=Portland,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: organizationalUnit
 ou: Groups
 dn: cn=qa,ou=Groups,ou=Portland,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: groupOfNames
 cn: qa
 member: cn=john,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 dn: cn=admins,ou=Groups,ou=Seattle,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: groupOfNames
 cn: admins
 member: cn=john,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 member: cn=jane,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 dn: cn=developers,ou=Groups,ou=Seattle,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 objectClass: groupOfNames
 cn: developers
 member: cn=jane,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org
 ########################################################################
 dn: ou=TestStartTLS,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestStartTLS
 dn: ou=People,ou=TestStartTLS,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestStartTLS,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 ########################################################################
 dn: ou=TestInsecureSkipVerify,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestInsecureSkipVerify
 dn: ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
 ########################################################################
 dn: ou=TestLDAPS,dc=example,dc=org
 objectClass: organizationalUnit
 ou: TestLDAPS
 dn: ou=People,ou=TestLDAPS,dc=example,dc=org
 objectClass: organizationalUnit
 ou: People
 dn: cn=jane,ou=People,ou=TestLDAPS,dc=example,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 sn: doe
 cn: jane
 mail: janedoe@example.com
 userpassword: foo
--- a/docker-compose.override.yaml.dist
+++ b/docker-compose.override.yaml.dist
@ -12,3 +12,8 @@ services:
    etcd:
        ports:
            - "127.0.0.1:2379:2379"
    ldap:
        ports:
            - "127.0.0.1:389:389"
            - "127.0.0.1:636:636"
--- a/docker-compose.test.yaml
+++ b/docker-compose.test.yaml
@ -0,0 +1,18 @@
 version: "3.8"
 services:
    ldap:
        image: osixia/openldap:1.4.0
        # Copying is required because the entrypoint modifies the *.ldif files.
        # For verbose output, use:  command: ["--copy-service", "--loglevel", "debug"]
        command: ["--copy-service"]
        environment:
            LDAP_BASE_DN: "dc=example,dc=org"
            LDAP_TLS: "true"
            LDAP_TLS_VERIFY_CLIENT: try
        ports:
            - 389:389
            - 636:636
        volumes:
            - ./connector/ldap/testdata/certs:/container/service/slapd/assets/certs
            - ./connector/ldap/testdata/schema.ldif:/container/service/slapd/assets/config/bootstrap/ldif/99-schema.ldif
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -32,3 +32,16 @@ services:
    # For testing the Kubernetes storage backend we suggest https://kind.sigs.k8s.io/:
    # kind create cluster
    ldap:
        image: osixia/openldap:1.4.0
        # Copying is required because the entrypoint modifies the *.ldif files.
        # For verbose output, use:  command: ["--copy-service", "--loglevel", "debug"]
        command: ["--copy-service"]
        environment:
            LDAP_BASE_DN: "dc=example,dc=org"
            LDAP_TLS: "true"
            LDAP_TLS_VERIFY_CLIENT: try
        volumes:
            - ./connector/ldap/testdata/certs:/container/service/slapd/assets/certs
            - ./connector/ldap/testdata/schema.ldif:/container/service/slapd/assets/config/bootstrap/ldif/99-schema.ldif
--- a/go.mod
+++ b/go.mod
@ -4,13 +4,13 @@ go 1.15
 require (
 	github.com/AppsFlyer/go-sundheit v0.3.1
 	github.com/Microsoft/hcsshim v0.8.14 // indirect
 	github.com/beevik/etree v1.1.0
 	github.com/coreos/go-oidc/v3 v3.0.0
 	github.com/dexidp/dex/api/v2 v2.0.0
 	github.com/felixge/httpsnoop v1.0.1
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/gogo/protobuf v1.3.1 // indirect
 	github.com/golang/protobuf v1.3.2
 	github.com/gorilla/handlers v1.5.1
 	github.com/gorilla/mux v1.8.0
@ -20,17 +20,19 @@ require (
 	github.com/mattermost/xml-roundtrip-validator v0.0.0-20201219040909-8fd2afad43d1
 	github.com/mattn/go-sqlite3 v1.14.6
 	github.com/oklog/run v1.1.0
 	github.com/onsi/ginkgo v1.8.0 // indirect
 	github.com/onsi/gomega v1.5.0 // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.4.0
 	github.com/russellhaering/goxmldsig v1.1.0
 	github.com/sirupsen/logrus v1.7.0
 	github.com/spf13/cobra v1.1.3
 	github.com/stretchr/testify v1.7.0
 	github.com/testcontainers/testcontainers-go v0.0.9
 	go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738
 	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
 	golang.org/x/net v0.0.0-20201224014010-6772e930b67b
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3 // indirect
 	google.golang.org/api v0.15.0
 	google.golang.org/grpc v1.26.0
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
--- a/go.sum
+++ b/go.sum
@ -15,17 +15,9 @@ cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiy
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/AppsFlyer/go-sundheit v0.3.1 h1:Zqnr3wV3WQmXonc234k9XZAoV2KHUHw3osR5k2iHQZE=
 github.com/AppsFlyer/go-sundheit v0.3.1/go.mod h1:iZ8zWMS7idcvmqewf5mEymWWgoOiG/0WD4+aeh+heX4=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Microsoft/go-winio v0.4.11 h1:zoIOcVf0xPN1tnMVbTtEdI+P8OofVk3NObnwOQ6nK2Q=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331 h1:3YnB7Hpmh1lPecPE8doMOtYCrMdrpedZOvxfuNES/Vk=
 github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/Microsoft/hcsshim v0.8.14 h1:lbPVK25c1cu5xTLITwpUcxoA9vKrKErASPYygvouJns=
 github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@ -42,26 +34,14 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa h1:OaNxuTZr7kxeODyLWsRMC+OD03aFUH+mW6r2d+MWa5Y=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
 github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
 github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
 github.com/coreos/bbolt v1.3.2 h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.13+incompatible h1:8F3hqu9fGYLBifCmRCJsicFqDx/D68Rt3q1JMazcgBQ=
@ -74,11 +54,9 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -87,16 +65,6 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible h1:dvc1KSkIYTVjZgHf/CTC2diTYC8PzhaA5sFISRfNVrE=
 github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v0.7.3-0.20190506211059-b20a14b54661 h1:ZuxGvIvF01nfc/G9RJ5Q7Va1zQE2WJyG18Zv3DqCEf4=
 github.com/docker/docker v0.7.3-0.20190506211059-b20a14b54661/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk=
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4 h1:qk/FSDDxo05wdJH28W+p5yivv7LuLYLRXPPD8KQCtZs=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@ -115,15 +83,10 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-redis/redis v6.15.6+incompatible h1:H9evprGPLI8+ci7fxQx6WNZHJSb7be8FqJQRhdQZ5Sg=
 github.com/go-redis/redis v6.15.6+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
@ -160,10 +123,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
@ -216,8 +177,6 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@ -254,8 +213,6 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c h1:nXxl5PrvVm2L/wCy8dQu6DMTwH4oIuGN8GJDAlqDdVE=
 github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
@ -268,15 +225,6 @@ github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
 github.com/onsi/gomega v1.3.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.5.0 h1:izbySO9zDPmjJ8rDjLvkA2zJHIo+HkYXHnf7eN7SSyo=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@ -301,7 +249,6 @@ github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@ -314,12 +261,9 @@ github.com/russellhaering/goxmldsig v1.1.0 h1:lK/zeJie2sqG52ZAlPNn1oBBqsIsEKypUU
 github.com/russellhaering/goxmldsig v1.1.0/go.mod h1:QK8GhXPB3+AfuCrfo0oRISa9NfzeCpWmxeGnqEpDF9o=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
@ -354,13 +298,10 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/testcontainers/testcontainers-go v0.0.9 h1:mwvFz+FkuQMqQ9oLkG4cVzPsZTRmrCo2NcaerJNaptA=
 github.com/testcontainers/testcontainers-go v0.0.9/go.mod h1:0Qe9qqjNZgxHzzdHPWwmQ2D49FFO7920hLdJ4yUJXJI=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 h1:LnC5Kc/wtumK+WB441p7ynQJzVuNRJiqddSIE3IlSEQ=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@ -422,8 +363,6 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200505041828-1ed23360d12c h1:zJ0mtu4jCalhKg6Oaukv6iIkb+cOvDrajDH9DH46Q4M=
 golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw=
@ -449,7 +388,6 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181228144115-9a3f9b0469bb/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -459,10 +397,7 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -482,8 +417,6 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180810170437-e96c4e24768d/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -528,7 +461,6 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a h1:Ob5/580gVHBJZgXnff1cZDbG+xLtMVE5mDRTe+nIsX4=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@ -561,17 +493,10 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v0.0.0-20181223230014-1083505acf35 h1:zpdCK+REwbk+rqjJmHhiCN6iBIigrZ39glqSF0P3KF0=
 gotest.tools v0.0.0-20181223230014-1083505acf35/go.mod h1:R//lfYlUuTOTfblYI3lGoAAAebUdzjvbmQsuB7Ykd90=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=