Fix schema and overlay tests to use SASL EXTERNAL for cn=config access

tests/test-container.sh

@@ -132,10 +132,9 @@ test_schemas() {
     local schemas="core cosine inetorgperson"
     local failed=0
 
-    # Get loaded schemas
-    local loaded_schemas=$(docker exec "$CONTAINER_NAME" ldapsearch -x -H ldap://localhost \
-        -D "cn=admin,$LDAP_BASE_DN" -w "$LDAP_ADMIN_PASSWORD" \
-        -b "cn=schema,cn=config" -s one "objectClass=*" cn 2>/dev/null | grep "^cn:" | sed 's/cn: {[0-9]*}//' | tr -d ' ')
+    # Get loaded schemas using SASL EXTERNAL via ldapi (requires root in container)
+    local loaded_schemas=$(docker exec "$CONTAINER_NAME" ldapsearch -Y EXTERNAL -H ldapi://%2Frun%2Fopenldap%2Fldapi \
+        -b "cn=schema,cn=config" -s one "objectClass=*" cn 2>/dev/null | grep "^cn:" | tr -d ' ')
 
     for schema in $schemas; do
         if echo "$loaded_schemas" | grep -qi "$schema"; then
@@ -157,9 +156,8 @@ test_overlays() {
     local failed=0
 
     for overlay in $overlays; do
-        if docker exec "$CONTAINER_NAME" ldapsearch -x -H ldap://localhost \
-            -D "cn=admin,$LDAP_BASE_DN" -w "$LDAP_ADMIN_PASSWORD" \
-            -b "cn=config" "olcOverlay=$overlay" 2>/dev/null | grep -q "olcOverlay.*$overlay"; then
+        if docker exec "$CONTAINER_NAME" ldapsearch -Y EXTERNAL -H ldapi://%2Frun%2Fopenldap%2Fldapi \
+            -b "cn=config" "olcOverlay={*}$overlay" 2>/dev/null | grep -qi "olcOverlay.*$overlay"; then
             log_pass "Overlay '$overlay' is configured"
         else
             log_fail "Overlay '$overlay' not found"