Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
libre
docker-openldap
Commits
5b79b423
Commit
5b79b423
authored
Sep 20, 2015
by
Michał 'rysiek' Woźniak
Browse files
first version after changes
parent
390f2a87
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
139 additions
and
67 deletions
+139
-67
Dockerfile
Dockerfile
+5
-4
entrypoint.sh
entrypoint.sh
+119
-63
initialdb.ldif
initialdb.ldif
+15
-0
No files found.
Dockerfile
View file @
5b79b423
FROM
debian:jessie
MAINTAINER
Christian Luginbühl <dinke@pimprecords.com>
MAINTAINER
Michał "rysiek" Woźniak <rysiek@hackerspace.pl>
# original maintainer Christian Luginbühl <dinke@pimprecords.com>
ENV
OPENLDAP_VERSION 2.4.40
...
...
@@ -14,12 +15,12 @@ RUN mv /etc/ldap /etc/ldap.dist
EXPOSE
389
VOLUME
["/etc/ldap", "/var/lib/ldap"]
VOLUME
["/etc/ldap", "/var/lib/ldap"
, "/var/run/slapd/ldapi"
]
COPY
modules/ /etc/ldap.dist/modules
COPY
initialdb.ldif /etc/ldap.dist/initialdb.ldif
COPY
entrypoint.sh /entrypoint.sh
ENTRYPOINT
["/entrypoint.sh"]
CMD
["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"]
CMD
["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"
, "-h", "ldapi://%2fvar%2frun%2fslapd%2fldapi ldap:///"
]
entrypoint.sh
View file @
5b79b423
...
...
@@ -7,86 +7,142 @@ ulimit -n 8192
set
-e
chown
-R
openldap:openldap /var/lib/ldap/
# make sure that the run directory exists and has proper permissions
mkdir
-p
/var/run/slapd/
chown
-R
openldap:openldap /var/run/slapd/
#
# if we have config *and* database initialized, skip init
#
# config?
if
[[
-d
/etc/ldap/slapd.d
]]
;
then
# aye! since config is there, we're ignoring SLAPD_DBPATH and getting the DBPath from config
SLAPD_DBPATH
=
"
$(
grep
'olcDbDirectory'
'/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif'
|
cut
-d
' '
-f
2
)
"
# database?
if
[
-s
"
$SLAPD_DBPATH
/DB_CONFIG"
]
;
then
# aye! skip init!
SLAPD_SKIP_INIT
=
1
fi
fi
# are we supposed to skip init?
if
[
!
-z
${
SLAPD_SKIP_INIT
+x
}
]
;
then
slapd_configs_in_env
=
`
env
|
grep
-v
'SLAPD_SKIP_INIT'
|
grep
'SLAPD_'
`
if
[[
!
-d
/etc/ldap/slapd.d
]]
;
then
if
[
-n
"
${
slapd_configs_in_env
:+x
}
"
]
;
then
echo
"Info: Container already configured, therefore ignoring SLAPD_xxx environment variables"
fi
#
# not skipping init
#
# if config exists, that means the db doesn't
# if config does not exis, we do not care about db
#
else
# we need those
if
[[
-z
"
$SLAPD_PASSWORD
"
]]
;
then
echo
-n
>
&2
"Error: Container not configured and SLAPD_PASSWORD not set. "
echo
>
&2
"Did you forget to add -e SLAPD_PASSWORD=... ?"
exit
1
fi
# we're gonna need that later
SLAPD_PASSWORD_HASH
=
"
$(
slappasswd
-s
"
${
SLAPD_PASSWORD
}
"
)
"
SAFE_SLAPD_PASSWORD_HASH
=
${
SLAPD_PASSWORD_HASH
//\//\\\/
}
if
[[
-z
"
$SLAPD_DOMAIN
"
]]
;
then
echo
-n
>
&2
"Error: Container not configured and SLAPD_DOMAIN not set. "
echo
>
&2
"Did you forget to add -e SLAPD_DOMAIN=... ?"
exit
1
fi
# we're gonna need that later
SLAPD_DOMAINDN
=
"dc=
${
SLAPD_DOMAIN
//./,dc=
}
"
# and this.
SLAPD_ORGANIZATION
=
"
${
SLAPD_ORGANIZATION
:-${
SLAPD_DOMAIN
}}
"
cp
-a
/etc/ldap.dist/
*
/etc/ldap
cat
<<-
EOF
| debconf-set-selections
slapd slapd/no_configuration boolean false
slapd slapd/password1 password
$SLAPD_PASSWORD
slapd slapd/password2 password
$SLAPD_PASSWORD
slapd shared/organization string
$SLAPD_ORGANIZATION
slapd slapd/domain string
$SLAPD_DOMAIN
slapd slapd/backend select HDB
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/purge_database boolean false
slapd slapd/move_old_database boolean true
EOF
dpkg-reconfigure
-f
noninteractive slapd
>
/dev/null 2>&1
dc_string
=
""
IFS
=
"."
;
declare
-a
dc_parts
=(
$SLAPD_DOMAIN
)
for
dc_part
in
"
${
dc_parts
[@]
}
"
;
do
dc_string
=
"
$dc_string
,dc=
$dc_part
"
done
base_string
=
"BASE
${
dc_string
:1
}
"
sed
-i
"s/^#BASE.*/
${
base_string
}
/g"
/etc/ldap/ldap.conf
if
[[
-n
"
$SLAPD_CONFIG_PASSWORD
"
]]
;
then
password_hash
=
`
slappasswd
-s
"
${
SLAPD_CONFIG_PASSWORD
}
"
`
sed_safe_password_hash
=
${
password_hash
//\//\\\/
}
slapcat
-n0
-F
/etc/ldap/slapd.d
-l
/tmp/config.ldif
sed
-i
"s/
\(
olcRootDN: cn=admin,cn=config
\)
/
\1\n
olcRootPW:
${
sed_safe_password_hash
}
/g"
/tmp/config.ldif
rm
-rf
/etc/ldap/slapd.d/
*
slapadd
-n0
-F
/etc/ldap/slapd.d
-l
/tmp/config.ldif
>
/dev/null 2>&1
# if the config does not exist...
if
[[
!
-d
/etc/ldap/slapd.d
]]
;
then
# create it
cp
-a
/etc/ldap.dist/
*
/etc/ldap
# if SLAPD_DBPATH is set, we need to handle it
if
[[
!
-z
${
SLAPD_DBPATH
+x
}
]]
;
then
mkdir
-p
"
$SLAPD_DBPATH
"
chown
-R
openldap:openldap
"
$SLAPD_DBPATH
"
HANDLE_CNCONFIG
=
1
# flag that we need to run sed on cn=config
fi
# config password, if needed
if
[[
-n
"
$SLAPD_CONFIG_PASSWORD
"
]]
;
then
SLAPD_CONFIG_PASSWORD_HASH
=
`
slappasswd
-s
"
${
SLAPD_CONFIG_PASSWORD
}
"
`
SAFE_SLAPD_CONFIG_PASSWORD_HASH
=
${
SLAPD_CONFIG_PASSWORD_HASH
//\//\\\/
}
HANDLE_CNCONFIG
=
1
# flag that we need to run sed on cn=config
fi
# do we need to run sed on cn=config?
if
[
!
-z
${
HANDLE_CNCONFIG
+x
}
]
;
then
slapcat
-n0
-F
/etc/ldap/slapd.d
-l
/tmp/config.ldif
sed
-i
"s/
\(
olcRootDN: cn=admin,cn=config
\)
/
\1\n
olcRootPW:
${
SAFE_SLAPD_CONFIG_PASSWORD_HASH
}
/g"
/tmp/config.ldif
sed
-i
-r
-e
"s/^(olcDbDirectory|olcModulePath):.*
$/
\1
:
${
SLAPD_DBPATH
}
/"
/tmp/config.ldif
rm
-rf
/etc/ldap/slapd.d/
*
slapadd
-n0
-F
/etc/ldap/slapd.d
-l
/tmp/config.ldif
>
/dev/null 2>&1
fi
if
[[
-n
"
$SLAPD_ADDITIONAL_SCHEMAS
"
]]
;
then
IFS
=
","
;
declare
-a
schemas
=(
$SLAPD_ADDITIONAL_SCHEMAS
)
for
schema
in
"
${
schemas
[@]
}
"
;
do
slapadd
-n0
-F
/etc/ldap/slapd.d
-l
"/etc/ldap/schema/
${
schema
}
.ldif"
>
/dev/null 2>&1
done
fi
if
[[
-n
"
$SLAPD_ADDITIONAL_MODULES
"
]]
;
then
IFS
=
","
;
declare
-a
modules
=(
$SLAPD_ADDITIONAL_MODULES
)
for
module
in
"
${
modules
[@]
}
"
;
do
slapadd
-n0
-F
/etc/ldap/slapd.d
-l
"/etc/ldap/modules/
${
module
}
.ldif"
>
/dev/null 2>&1
done
fi
chown
-R
openldap:openldap /etc/ldap/slapd.d/
# TODO FIXME handle SLAPD_PASSWORD also in cn=config for olcRootPW?
fi
# at this point we should definitely have working config
SLAPD_DBPATH
=
"
$(
grep
'olcDbDirectory'
'/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif'
|
cut
-d
' '
-f
2
)
"
# make sure that the database folder exists
mkdir
-p
"
$SLAPD_DBPATH
"
chown
-R
openldap:openldap
"
$SLAPD_DBPATH
"
# handle initial data
sed
-i
"s/#SLAPD_DOMAINDN#/
$SLAPD_DOMAINDN
/"
/etc/ldap/initialdb.conf
sed
-i
"s/#SLAPD_PASSWORD#/
$SAFE_SLAPD_PASSWORD_HASH
/"
/etc/ldap/initialdb.conf
sed
-i
"s/#SLAPD_ORGANIZATION#/
$SLAPD_ORGANIZATION
/"
/etc/ldap/initialdb.conf
SLAPD_ROOTDC
=
"
$(
echo
$SLAPD_DOMAIN
|
cut
-d
'.'
-f
1
)
"
sed
-i
"s/#SLAPD_ROOTDC#/
$SLAPD_ROOTDC
/"
/etc/ldap/initialdb.conf
echo
"Info: Importing config"
echo
'- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -'
cat
/etc/ldap/initialdb.conf
echo
'- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -'
slapadd
-n1
-F
/etc/ldap/slapd.d/
-l
/etc/ldap/initialdb.conf
rm
/etc/ldap/initialdb.conf
# as a cherry on top
# handle base string in /etc/ldap/ldap.conf
sed
-i
"s/^#BASE.*/BASE
$SLAPD_DOMAINDN
/g"
/etc/ldap/ldap.conf
# slapd slapd/backend select HDB TODO
if
[[
-n
"
$SLAPD_ADDITIONAL_SCHEMAS
"
]]
;
then
IFS
=
","
;
declare
-a
schemas
=(
$SLAPD_ADDITIONAL_SCHEMAS
)
for
schema
in
"
${
schemas
[@]
}
"
;
do
slapadd
-n0
-F
/etc/ldap/slapd.d
-l
"/etc/ldap/schema/
${
schema
}
.ldif"
>
/dev/null 2>&1
done
fi
if
[[
-n
"
$SLAPD_ADDITIONAL_MODULES
"
]]
;
then
IFS
=
","
;
declare
-a
modules
=(
$SLAPD_ADDITIONAL_MODULES
)
for
module
in
"
${
modules
[@]
}
"
;
do
slapadd
-n0
-F
/etc/ldap/slapd.d
-l
"/etc/ldap/modules/
${
module
}
.ldif"
>
/dev/null 2>&1
done
fi
chown
-R
openldap:openldap /etc/ldap/slapd.d/
else
slapd_configs_in_env
=
`
env
|
grep
'SLAPD_'
`
if
[
-n
"
${
slapd_configs_in_env
:+x
}
"
]
;
then
echo
"Info: Container already configured, therefore ignoring SLAPD_xxx environment variables"
fi
fi
exec
"
$@
"
# run the darn thing
exec
"
$@
"
\ No newline at end of file
initialdb.ldif
0 → 100644
View file @
5b79b423
dn: #SLAPD_DOMAINDN#
objectClass: top
objectClass: dcObject
objectClass: organization
o: #SLAPD_ORGANIZATION#
dc: #SLAPD_ROOTDC#
structuralObjectClass: organization
dn: cn=admin,#SLAPD_DOMAINDN#
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: #SLAPD_PASSWORD#
structuralObjectClass: organizationalRole
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment