openldap/docker-entrypoint.sh

84 lines
2.3 KiB
Bash
Raw Normal View History

#!/bin/bash
set -euxo pipefail
export SLAPD_CONFDIR=/etc/openldap/slapd.d
export SLAPD_DATADIR=/var/lib/openldap/openldap-data
# Generate SLAPD_SUFFIX from given domain
IFS="."
declare -a dc_parts=(${SLAPD_DOMAIN:-example.com})
unset IFS
for dc_part in "${dc_parts[@]}"; do
dc_string="${dc_string:-},dc=${dc_part}"
done
export SLAPD_SUFFIX=${dc_string#,}
# Add included module configs to base directory
cp -r /config/modules /etc/openldap/
# Configure and start slapd
if [ "${1:-}" = 'slapd' ]; then
# When not limiting the open file descritors limit, the memory consumption of
# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
ulimit -n 8192
# Fix missing directory
mkdir -p /run/openldap && chown ldap:ldap /run/openldap
# Generate templates
korvike -i /config/slapd.conf -o /etc/openldap/slapd.conf
korvike -i /config/slapd.ldif -o /etc/openldap/slapd.ldif
korvike -i /config/init.ldif -o /tmp/init.ldif
if ! [ -d "${SLAPD_CONFDIR}/cn=config" ]; then
# Generate basic configuration
mkdir -p ${SLAPD_CONFDIR}
slapadd -n 0 -F ${SLAPD_CONFDIR} -l /etc/openldap/slapd.ldif
slapadd -F ${SLAPD_CONFDIR} -b ${SLAPD_SUFFIX} -l /tmp/init.ldif
# Load schemas into configuration database
if [ -n "$SLAPD_ADDITIONAL_SCHEMAS" ]; then
IFS=","
declare -a schemas=($SLAPD_ADDITIONAL_SCHEMAS)
unset IFS
for schema in "${schemas[@]}"; do
slapadd -n 0 -F ${SLAPD_CONFDIR} -l "/etc/openldap/schema/${schema}.ldif"
done
fi
# Activate module configurations
if [ -n "$SLAPD_ADDITIONAL_MODULES" ]; then
IFS=","
declare -a modules=($SLAPD_ADDITIONAL_MODULES)
unset IFS
for module in "${modules[@]}"; do
module_file="/etc/openldap/modules/${module}.ldif"
if [ "$module" == 'ppolicy' ]; then
SLAPD_PPOLICY_DN_PREFIX="${SLAPD_PPOLICY_DN_PREFIX:-cn=default,ou=policies}"
sed -i "s/\(olcPPolicyDefault: \)PPOLICY_DN/\1${SLAPD_PPOLICY_DN_PREFIX}$dc_string/g" $module_file
fi
slapadd -n0 -F ${SLAPD_CONFDIR} -l "$module_file"
done
fi
chown -R ldap:ldap ${SLAPD_CONFDIR} ${SLAPD_DATADIR}
else
# Check for configuration variables when container is already configured
if (env | grep -q "SLAPD_"); then
echo "Info: LDAP container is already configured, SLAPD_* env variables are ignored."
fi
fi
exec "$@"
fi
# Other binary was called, execute directly
exec "$@"