2015-02-18 15:23:34 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
2015-03-25 15:46:27 +00:00
|
|
|
# When not limiting the open file descritors limit, the memory consumption of
|
|
|
|
# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
|
|
|
|
ulimit -n 8192
|
|
|
|
|
2015-03-25 22:02:50 +00:00
|
|
|
|
|
|
|
set -e
|
|
|
|
|
2015-09-19 17:09:10 +00:00
|
|
|
chown -R openldap:openldap /var/lib/ldap/ /var/run/slapd/
|
2015-02-18 21:12:48 +00:00
|
|
|
|
2015-12-20 14:59:32 +00:00
|
|
|
SLAPD_FORCE_RECONFIGURE="${SLAPD_FORCE_RECONFIGURE:-false}"
|
|
|
|
|
|
|
|
if [[ ! -d /etc/ldap/slapd.d || "$SLAPD_FORCE_RECONFIGURE" == "true" ]]; then
|
2015-02-18 15:23:34 +00:00
|
|
|
|
|
|
|
if [[ -z "$SLAPD_PASSWORD" ]]; then
|
2015-03-11 22:35:56 +00:00
|
|
|
echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. "
|
2015-02-18 15:23:34 +00:00
|
|
|
echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ -z "$SLAPD_DOMAIN" ]]; then
|
2015-03-11 22:35:56 +00:00
|
|
|
echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. "
|
2015-02-18 15:23:34 +00:00
|
|
|
echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2015-12-11 05:11:40 +00:00
|
|
|
SLAPD_PPOLICY_DN_PREFIX="${SLAPD_PPOLICY_DN_PREFIX:-cn=default,ou=policies}"
|
2015-02-18 15:23:34 +00:00
|
|
|
SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}"
|
2015-03-11 22:35:56 +00:00
|
|
|
cp -a /etc/ldap.dist/* /etc/ldap
|
|
|
|
|
2015-02-18 15:23:34 +00:00
|
|
|
cat <<-EOF | debconf-set-selections
|
|
|
|
slapd slapd/no_configuration boolean false
|
|
|
|
slapd slapd/password1 password $SLAPD_PASSWORD
|
|
|
|
slapd slapd/password2 password $SLAPD_PASSWORD
|
|
|
|
slapd shared/organization string $SLAPD_ORGANIZATION
|
|
|
|
slapd slapd/domain string $SLAPD_DOMAIN
|
2015-03-16 22:22:40 +00:00
|
|
|
slapd slapd/backend select HDB
|
2015-02-18 15:23:34 +00:00
|
|
|
slapd slapd/allow_ldap_v2 boolean false
|
|
|
|
slapd slapd/purge_database boolean false
|
|
|
|
slapd slapd/move_old_database boolean true
|
|
|
|
EOF
|
|
|
|
|
2015-02-18 19:43:34 +00:00
|
|
|
dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1
|
2015-02-18 15:23:34 +00:00
|
|
|
|
|
|
|
dc_string=""
|
|
|
|
|
|
|
|
IFS="."; declare -a dc_parts=($SLAPD_DOMAIN)
|
|
|
|
|
|
|
|
for dc_part in "${dc_parts[@]}"; do
|
|
|
|
dc_string="$dc_string,dc=$dc_part"
|
|
|
|
done
|
|
|
|
|
|
|
|
base_string="BASE ${dc_string:1}"
|
|
|
|
|
|
|
|
sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
|
|
|
|
|
2015-02-19 02:12:12 +00:00
|
|
|
if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then
|
2015-02-18 19:43:34 +00:00
|
|
|
password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
|
|
|
|
|
2015-02-18 21:12:48 +00:00
|
|
|
sed_safe_password_hash=${password_hash//\//\\\/}
|
|
|
|
|
2015-02-18 19:43:34 +00:00
|
|
|
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
|
2015-02-18 20:28:26 +00:00
|
|
|
sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${sed_safe_password_hash}/g" /tmp/config.ldif
|
2015-02-18 19:43:34 +00:00
|
|
|
rm -rf /etc/ldap/slapd.d/*
|
|
|
|
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
|
|
|
|
fi
|
|
|
|
|
2015-02-19 02:12:12 +00:00
|
|
|
if [[ -n "$SLAPD_ADDITIONAL_SCHEMAS" ]]; then
|
|
|
|
IFS=","; declare -a schemas=($SLAPD_ADDITIONAL_SCHEMAS)
|
|
|
|
|
|
|
|
for schema in "${schemas[@]}"; do
|
|
|
|
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1
|
|
|
|
done
|
|
|
|
fi
|
2015-03-16 22:22:40 +00:00
|
|
|
|
|
|
|
if [[ -n "$SLAPD_ADDITIONAL_MODULES" ]]; then
|
|
|
|
IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES)
|
|
|
|
|
|
|
|
for module in "${modules[@]}"; do
|
2015-12-11 05:11:40 +00:00
|
|
|
moduleFile="/etc/ldap/modules/${module}.ldif"
|
|
|
|
|
|
|
|
if [ "$module" == 'ppolicy' ]; then
|
|
|
|
sed -i'' "s|\(olcPPolicyDefault: \)PPOLICY_DN|\1${SLAPD_PPOLICY_DN_PREFIX}$dc_string|" $moduleFile
|
|
|
|
fi
|
|
|
|
|
|
|
|
slapadd -n0 -F /etc/ldap/slapd.d -l "$moduleFile" >/dev/null 2>&1
|
2015-03-16 22:22:40 +00:00
|
|
|
done
|
|
|
|
fi
|
2015-06-02 22:10:21 +00:00
|
|
|
|
|
|
|
chown -R openldap:openldap /etc/ldap/slapd.d/
|
2015-03-11 22:35:56 +00:00
|
|
|
else
|
|
|
|
slapd_configs_in_env=`env | grep 'SLAPD_'`
|
2015-02-19 02:12:12 +00:00
|
|
|
|
2015-03-11 22:35:56 +00:00
|
|
|
if [ -n "${slapd_configs_in_env:+x}" ]; then
|
|
|
|
echo "Info: Container already configured, therefore ignoring SLAPD_xxx environment variables"
|
|
|
|
fi
|
2015-02-18 15:23:34 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
exec "$@"
|