Commit d2465093 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

now it actually works

parent 5b79b423
......@@ -15,7 +15,7 @@ RUN mv /etc/ldap /etc/ldap.dist
EXPOSE 389
VOLUME ["/etc/ldap", "/var/lib/ldap", "/var/run/slapd/ldapi"]
VOLUME ["/etc/ldap", "/var/lib/ldap", "/var/run/slapd"]
COPY modules/ /etc/ldap.dist/modules
COPY initialdb.ldif /etc/ldap.dist/initialdb.ldif
......
......@@ -18,10 +18,10 @@ chown -R openldap:openldap /var/run/slapd/
# config?
if [[ -d /etc/ldap/slapd.d ]]; then
# aye! since config is there, we're ignoring SLAPD_DBPATH and getting the DBPath from config
SLAPD_DBPATH="$( grep 'olcDbDirectory' '/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif' | cut -d ' ' -f 2 )"
SLAPD_DBPATH="$( grep 'olcDbDirectory' /etc/ldap/slapd.d/cn=config/olcDatabase={1}*.ldif | cut -d ' ' -f 2 )"
# database?
if [ -s "$SLAPD_DBPATH/DB_CONFIG" ]; then
if [ -s "$SLAPD_DBPATH/data.mdb" ]; then
# aye! skip init!
SLAPD_SKIP_INIT=1
fi
......@@ -48,7 +48,7 @@ else
if [[ -z "$SLAPD_PASSWORD" ]]; then
echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. "
echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
exit 1
exit 2
fi
# we're gonna need that later
SLAPD_PASSWORD_HASH="$( slappasswd -s "${SLAPD_PASSWORD}" )"
......@@ -57,7 +57,7 @@ else
if [[ -z "$SLAPD_DOMAIN" ]]; then
echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. "
echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
exit 1
exit 3
fi
# we're gonna need that later
SLAPD_DOMAINDN="dc=${SLAPD_DOMAIN//./,dc=}"
......@@ -74,25 +74,25 @@ else
if [[ ! -z ${SLAPD_DBPATH+x} ]]; then
mkdir -p "$SLAPD_DBPATH"
chown -R openldap:openldap "$SLAPD_DBPATH"
HANDLE_CNCONFIG=1 # flag that we need to run sed on cn=config
fi
# config password, if needed
if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then
SLAPD_CONFIG_PASSWORD_HASH=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
SAFE_SLAPD_CONFIG_PASSWORD_HASH=${SLAPD_CONFIG_PASSWORD_HASH//\//\\\/}
HANDLE_CNCONFIG=1 # flag that we need to run sed on cn=config
fi
# do we need to run sed on cn=config?
if [ ! -z ${HANDLE_CNCONFIG+x} ]; then
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${SAFE_SLAPD_CONFIG_PASSWORD_HASH}/g" /tmp/config.ldif
sed -i -r -e "s/^(olcDbDirectory|olcModulePath):.*$/\1: ${SLAPD_DBPATH}/" /tmp/config.ldif
rm -rf /etc/ldap/slapd.d/*
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
fi
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
# these are mandatory to handle
sed -i "s/olcSuffix: .*/olcSuffix: $SLAPD_DOMAINDN/" /tmp/config.ldif
perl -0777 -pi -e "s/olcRootDN: cn=admin,dc=nodomain\nolcRootPW:[^\n]+/olcRootDN: cn=admin,$SLAPD_DOMAINDN\nolcRootPW: $SAFE_SLAPD_PASSWORD_HASH/igs" /tmp/config.ldif
# handle only the options that are actually set
[ -z $SAFE_SLAPD_CONFIG_PASSWORD_HASH ] || sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${SAFE_SLAPD_CONFIG_PASSWORD_HASH}/g" /tmp/config.ldif
[ -z $SLAPD_DBPATH ] || sed -i -r -e "s/^(olcDbDirectory|olcModulePath):.*$/\1: ${SLAPD_DBPATH}/" /tmp/config.ldif
rm -rf /etc/ldap/slapd.d/*
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
if [[ -n "$SLAPD_ADDITIONAL_SCHEMAS" ]]; then
IFS=","; declare -a schemas=($SLAPD_ADDITIONAL_SCHEMAS)
......@@ -115,26 +115,28 @@ else
fi
# at this point we should definitely have working config
SLAPD_DBPATH="$( grep 'olcDbDirectory' '/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif' | cut -d ' ' -f 2 )"
SLAPD_DBPATH="$( grep 'olcDbDirectory' /etc/ldap/slapd.d/cn=config/olcDatabase={1}*.ldif | cut -d ' ' -f 2 )"
# make sure that the database folder exists
mkdir -p "$SLAPD_DBPATH"
chown -R openldap:openldap "$SLAPD_DBPATH"
# handle initial data
sed -i "s/#SLAPD_DOMAINDN#/$SLAPD_DOMAINDN/" /etc/ldap/initialdb.conf
sed -i "s/#SLAPD_PASSWORD#/$SAFE_SLAPD_PASSWORD_HASH/" /etc/ldap/initialdb.conf
sed -i "s/#SLAPD_ORGANIZATION#/$SLAPD_ORGANIZATION/" /etc/ldap/initialdb.conf
sed -i "s/#SLAPD_DOMAINDN#/$SLAPD_DOMAINDN/" /etc/ldap/initialdb.ldif
sed -i "s/#SLAPD_PASSWORD#/$SAFE_SLAPD_PASSWORD_HASH/" /etc/ldap/initialdb.ldif
sed -i "s/#SLAPD_ORGANIZATION#/$SLAPD_ORGANIZATION/" /etc/ldap/initialdb.ldif
SLAPD_ROOTDC="$( echo $SLAPD_DOMAIN | cut -d '.' -f 1 )"
sed -i "s/#SLAPD_ROOTDC#/$SLAPD_ROOTDC/" /etc/ldap/initialdb.conf
sed -i "s/#SLAPD_ROOTDC#/$SLAPD_ROOTDC/" /etc/ldap/initialdb.ldif
echo "Info: Importing config"
echo '- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -'
cat /etc/ldap/initialdb.conf
cat /etc/ldap/initialdb.ldif
echo
echo '- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -'
slapadd -n1 -F /etc/ldap/slapd.d/ -l /etc/ldap/initialdb.conf
rm /etc/ldap/initialdb.conf
slapadd -n1 -F /etc/ldap/slapd.d/ -l /etc/ldap/initialdb.ldif
rm /etc/ldap/initialdb.ldif
# permissions
chown -R openldap:openldap "$SLAPD_DBPATH"
# as a cherry on top
# handle base string in /etc/ldap/ldap.conf
......
......@@ -11,5 +11,5 @@ objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: #SLAPD_PASSWORD#
userPassword: #SLAPD_PASSWORD#
structuralObjectClass: organizationalRole
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment