Commit 9d170851 authored by Christian Luginbühl's avatar Christian Luginbühl
Browse files

Added facility to read and write to dn=config branch

parent befe7c5b
......@@ -6,8 +6,9 @@ ENV OPENLDAP_VERSION 2.4.31
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
ldap-utils=${OPENLDAP_VERSION}* \
ldap-utils=${OPENLDAP_VERSION}* && \
vim && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
......@@ -53,6 +53,14 @@ There is an optinal third variable
that represents the human readable company name (e.g. `Example Inc.`).
The fourth (somewhat) optional variable
allows password protected access to the `dn=config` branch. This helps to
reconfigure the server without interruption (read the
[official documentation](
After the first start of the image (and the initial configuration), these
envirnonment variables are not evaluated anymore.
......@@ -22,6 +22,8 @@ if [[ ! -f /etc/ldap/docker-configured ]]; then
slapd slapd/no_configuration boolean false
slapd slapd/password1 password $SLAPD_PASSWORD
slapd slapd/password2 password $SLAPD_PASSWORD
slapd slapd/internal/adminpw string $SLAPD_PASSWORD
slapd slapd/internal/generated_adminpw password $SLAPD_PASSWORD
slapd shared/organization string $SLAPD_ORGANIZATION
slapd slapd/domain string $SLAPD_DOMAIN
slapd slapd/backend select hdb
......@@ -30,7 +32,7 @@ if [[ ! -f /etc/ldap/docker-configured ]]; then
slapd slapd/move_old_database boolean true
dpkg-reconfigure -fnoninteractive slapd >/dev/null 2>&1
dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1
......@@ -44,6 +46,15 @@ EOF
sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then
password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${password_hash}/g" /tmp/config.ldif
rm -rf /etc/ldap/slapd.d/*
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
touch /etc/ldap/docker-configured
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment