mirror of
https://github.com/luzifer-docker/openldap.git
synced 2024-12-20 12:41:17 +00:00
adapted for alpine linux
adapded clone from Christian Luginbühl <dinkel@pimprecords.com> docker-openldap
This commit is contained in:
danielguerra69
parent
cb424dd34b
commit
2e4b41c48e
3 changed files with 16 additions and 107 deletions
22
Dockerfile
22
Dockerfile
|
|
@ -1,25 +1,21 @@
|
|||
FROM debian:jessie
|
||||
FROM alpine
|
||||
|
||||
MAINTAINER Christian Luginbühl <dinkel@pimprecords.com>
|
||||
MAINTAINER Daniel Guerra
|
||||
|
||||
ENV OPENLDAP_VERSION 2.4.40
|
||||
ENV OPENLDAP_VERSION 2.4.44-r0
|
||||
|
||||
RUN apt-get update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
|
||||
slapd=${OPENLDAP_VERSION}* && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mv /etc/ldap /etc/ldap.dist
|
||||
RUN apk update \
|
||||
&& apk add openldap \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
EXPOSE 389
|
||||
|
||||
VOLUME ["/etc/ldap", "/var/lib/ldap"]
|
||||
VOLUME ["/etc/openldap-dist", "/var/lib/openldap"]
|
||||
|
||||
COPY modules/ /etc/ldap.dist/modules
|
||||
COPY modules/ /etc/openldap/modules
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"]
|
||||
CMD ["slapd", "-d", "32768", "-u", "ldap", "-g", "ldap"]
|
||||
|
|
|
|||
14
README.md
14
README.md
|
|
@ -1,7 +1,7 @@
|
|||
docker-openldap
|
||||
===============
|
||||
|
||||
The image is based on Debian stable ("jessie" at the moment). The Dockerfile is inspired by
|
||||
The image is based on alpine . The Dockerfile is inspired by
|
||||
[cnry/openldap](https://registry.hub.docker.com/u/cnry/openldap/), but as said
|
||||
before, running a stable Debian and be a little less verbose, but more complete
|
||||
in the configuration.
|
||||
|
|
@ -16,12 +16,12 @@ Usage
|
|||
The most simple form would be to start the application like so (however this is
|
||||
not the recommended way - see below):
|
||||
|
||||
docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org dinkel/openldap
|
||||
docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org danielguerra/alpine-openldap
|
||||
|
||||
To get the full potential this image offers, one should first create a data-only
|
||||
container (see "Data persistence" below), start the OpenLDAP daemon as follows:
|
||||
|
||||
docker run -d --name openldap --volumes-from your-data-container dinkel/openldap
|
||||
docker run -d --name openldap --volumes-from your-data-container danielguerra/alpine-openldap
|
||||
|
||||
An application talking to OpenLDAP should then `--link` the container:
|
||||
|
||||
|
|
@ -35,8 +35,7 @@ Configuration (environment variables)
|
|||
|
||||
For the first run, one has to set at least the first two environment variables.
|
||||
After the first start of the image (and the initial configuration), these
|
||||
envirnonment variables are not evaluated again (see the
|
||||
`SLAPD_FORCE_RECONFIGURE` option).
|
||||
envirnonment variables are not evaluated again.
|
||||
|
||||
* `SLAPD_PASSWORD` (required) - sets the password for the `admin` user.
|
||||
* `SLAPD_DOMAIN` (required) - sets the DC (Domain component) parts. E.g. if one sets
|
||||
|
|
@ -55,9 +54,6 @@ available: `collective`, `corba`, `duaconf`, `dyngroup`, `java`, `misc`, `openld
|
|||
to run `.ldif` files with a corresponsing name from the `module` directory.
|
||||
Currently only `memberof` and `ppolicy` are avaliable.
|
||||
|
||||
* `SLAPD_FORCE_RECONFIGURE` - (defaults to false) Used if one needs to reconfigure
|
||||
the `slapd` service after the image has been initialized. Set this value to `true`
|
||||
to reconfigure the image.
|
||||
|
||||
### Setting up ppolicy
|
||||
|
||||
|
|
@ -119,7 +115,7 @@ on the available attributes and what they mean.
|
|||
|
||||
## Data persistence
|
||||
|
||||
The image exposes two directories (`VOLUME ["/etc/ldap", "/var/lib/ldap"]`).
|
||||
The image exposes two directories (`VOLUME ["/etc/openldap", "/var/lib/openldap"]`).
|
||||
The first holds the "static" configuration while the second holds the actual
|
||||
database. Please make sure that these two directories are saved (in a data-only
|
||||
container or alike) in order to make sure that everything is restored after a
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
|
||||
# When not limiting the open file descritors limit, the memory consumption of
|
||||
# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
|
||||
|
|
@ -7,95 +7,12 @@ ulimit -n 8192
|
|||
|
||||
set -e
|
||||
|
||||
chown -R openldap:openldap /var/lib/ldap/ /var/run/slapd/
|
||||
|
||||
SLAPD_FORCE_RECONFIGURE="${SLAPD_FORCE_RECONFIGURE:-false}"
|
||||
|
||||
if [[ ! -d /etc/ldap/slapd.d || "$SLAPD_FORCE_RECONFIGURE" == "true" ]]; then
|
||||
|
||||
if [[ -z "$SLAPD_PASSWORD" ]]; then
|
||||
echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. "
|
||||
echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "$SLAPD_DOMAIN" ]]; then
|
||||
echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. "
|
||||
echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}"
|
||||
cp -a /etc/ldap.dist/* /etc/ldap
|
||||
|
||||
cat <<-EOF | debconf-set-selections
|
||||
slapd slapd/no_configuration boolean false
|
||||
slapd slapd/password1 password $SLAPD_PASSWORD
|
||||
slapd slapd/password2 password $SLAPD_PASSWORD
|
||||
slapd shared/organization string $SLAPD_ORGANIZATION
|
||||
slapd slapd/domain string $SLAPD_DOMAIN
|
||||
slapd slapd/backend select HDB
|
||||
slapd slapd/allow_ldap_v2 boolean false
|
||||
slapd slapd/purge_database boolean false
|
||||
slapd slapd/move_old_database boolean true
|
||||
EOF
|
||||
|
||||
dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1
|
||||
|
||||
dc_string=""
|
||||
|
||||
IFS="."; declare -a dc_parts=($SLAPD_DOMAIN)
|
||||
|
||||
for dc_part in "${dc_parts[@]}"; do
|
||||
dc_string="$dc_string,dc=$dc_part"
|
||||
done
|
||||
|
||||
base_string="BASE ${dc_string:1}"
|
||||
|
||||
sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
|
||||
|
||||
if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then
|
||||
password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
|
||||
|
||||
sed_safe_password_hash=${password_hash//\//\\\/}
|
||||
|
||||
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
|
||||
sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${sed_safe_password_hash}/g" /tmp/config.ldif
|
||||
rm -rf /etc/ldap/slapd.d/*
|
||||
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
if [[ -n "$SLAPD_ADDITIONAL_SCHEMAS" ]]; then
|
||||
IFS=","; declare -a schemas=($SLAPD_ADDITIONAL_SCHEMAS)
|
||||
|
||||
for schema in "${schemas[@]}"; do
|
||||
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ -n "$SLAPD_ADDITIONAL_MODULES" ]]; then
|
||||
IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES)
|
||||
|
||||
for module in "${modules[@]}"; do
|
||||
module_file="/etc/ldap/modules/${module}.ldif"
|
||||
|
||||
if [ "$module" == 'ppolicy' ]; then
|
||||
SLAPD_PPOLICY_DN_PREFIX="${SLAPD_PPOLICY_DN_PREFIX:-cn=default,ou=policies}"
|
||||
|
||||
sed -i "s/\(olcPPolicyDefault: \)PPOLICY_DN/\1${SLAPD_PPOLICY_DN_PREFIX}$dc_string/g" $module_file
|
||||
fi
|
||||
|
||||
slapadd -n0 -F /etc/ldap/slapd.d -l "$module_file" >/dev/null 2>&1
|
||||
done
|
||||
fi
|
||||
|
||||
chown -R openldap:openldap /etc/ldap/slapd.d/
|
||||
else
|
||||
slapd_configs_in_env=`env | grep 'SLAPD_'`
|
||||
|
||||
if [ -n "${slapd_configs_in_env:+x}" ]; then
|
||||
echo "Info: Container already configured, therefore ignoring SLAPD_xxx environment variables"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
exec "$@"
|
||||
|
|
|
|||
Loading…
Reference in a new issue