Simplified saving the configuration as own VOLUME and so removed symlink hack

Dockerfile

@@ -12,9 +12,11 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+RUN mv /etc/ldap /etc/ldap.dist
+
 EXPOSE 389
 
-VOLUME ["/var/lib/ldap"]
+VOLUME ["/etc/ldap", "/var/lib/ldap"]
 
 COPY entrypoint.sh /entrypoint.sh
 

README.md

@@ -9,13 +9,13 @@ in the configuration.
 
 NOTE: On purpose, there is no secured channel (TLS/SSL), because I believe that
 this service should never be exposed to the internet, but only be used directly
-by Docker containers using the `--link` option.
+by other Docker containers using the `--link` option.
 
 Usage
 -----
 
 The most simple form would be to start the application like so (however this is
-not the recommended way - see above):
+not the recommended way - see below):
 
     docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org dinkel/openldap
 
@@ -34,7 +34,7 @@ OpenLDAP daemon is listening to (the port is the default port `389`).
 Configuration (environment variables)
 -------------------------------------
 
-For the first run one has to set at least two envrironment variables. The first
+For the first run, one has to set at least two environment variables. The first
 
     SLAPD_PASSWORD
 
@@ -77,8 +77,8 @@ envirnonment variables are not evaluated anymore.
 Data persistence
 ----------------
 
-The image exposes one directory (`VOLUME ["/var/lib/ldap"]`). It both holds the
-database and the configuration (which is symlinked in a pretty hacky way - see
-the `entrypoint.sh` file if interested). Please make sure that this directory is
-saved (in a data-only container or alike) in order to make sure that everything
-is restored after a new restart of the container.
+The image exposes two directories (`VOLUME ["/etc/ldap", "/var/lib/ldap"]`).
+The first holds the "static" configurationm while the second holds the actual
+database. Please make sure that these two directories are saved (in a data-only
+container or alike) in order to make sure that everything is restored after a
+restart of the container.

entrypoint.sh

@@ -3,27 +3,24 @@ set -e
 
 chown openldap:openldap /var/lib/ldap/
 
-if [[ -d /var/lib/ldap/config ]]; then
-
-    rm -rf /etc/ldap
-    ln -s /var/lib/ldap/config /etc/ldap
-
-else
+if [[ ! -d /etc/ldap/slapd.d ]]; then
 
     if [[ -z "$SLAPD_PASSWORD" ]]; then
-        echo >&2 "Error: slapd not configured and SLAPD_PASSWORD not set"
+        echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. "
         echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
         exit 1
     fi
 
     if [[ -z "$SLAPD_DOMAIN" ]]; then
-        echo >&2 "Error: slapd not configured and SLAPD_DOMAIN not set"
+        echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. "
         echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
         exit 1
     fi
 
     SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}"
 
+    cp -a /etc/ldap.dist/* /etc/ldap
+
     cat <<-EOF | debconf-set-selections
         slapd slapd/no_configuration boolean false
         slapd slapd/password1 password $SLAPD_PASSWORD
@@ -68,9 +65,12 @@ EOF
             slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1
         done
     fi
+else
+    slapd_configs_in_env=`env | grep 'SLAPD_'`
 
-    mv /etc/ldap /var/lib/ldap/config
-    ln -s /var/lib/ldap/config /etc/ldap
+    if [ -n "${slapd_configs_in_env:+x}" ]; then
+        echo "Info: Container already configured, therefore ignoring SLAPD_xxx environment variables"
+    fi
 fi
 
 exec "$@"