From 8638ea5a6f11f5bc42539fb9ffa9ce08ae628a77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Luginb=C3=BChl?= <dinkel@pimprecords.com>
Date: Mon, 16 Mar 2015 23:22:40 +0100
Subject: [PATCH] Added modules/overlays to configuration

---
 Dockerfile            |  2 ++
 README.md             | 11 +++++++++++
 entrypoint.sh         | 10 +++++++++-
 modules/memberof.ldif | 33 +++++++++++++++++++++++++++++++++
 4 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 modules/memberof.ldif

diff --git a/Dockerfile b/Dockerfile
index 2a24602..0fc4586 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,8 @@ EXPOSE 389
 
 VOLUME ["/etc/ldap", "/var/lib/ldap"]
 
+COPY modules/ /etc/ldap.dist/modules
+
 COPY entrypoint.sh /entrypoint.sh
 
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/README.md b/README.md
index 0e4f510..5297da4 100644
--- a/README.md
+++ b/README.md
@@ -71,6 +71,17 @@ instructions, there are the following additional schemas available:
 `collective`, `corba`, `duaconf`, `dyngroup`, `java`, `misc`, `openldap`, `pmi`
 and `ppolicy`.
 
+At least one quite common module is neither loaded nor configured by default (I
+am talking about the `memberof` overlay). In order to activate this (and
+possibly other modules in the future), there is another environment variable
+called
+
+    SLAPD_ADDITIONAL_MODULES
+
+which can hold comma-separated enties. It will try to run `.ldif` files with
+a corresponsing name from th `module` directory. Currently only `memberof` is
+avaliable.
+
 After the first start of the image (and the initial configuration), these
 envirnonment variables are not evaluated anymore.
 
diff --git a/entrypoint.sh b/entrypoint.sh
index 4ec0b8c..b5e44c6 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -27,7 +27,7 @@ if [[ ! -d /etc/ldap/slapd.d ]]; then
         slapd slapd/password2 password $SLAPD_PASSWORD
         slapd shared/organization string $SLAPD_ORGANIZATION
         slapd slapd/domain string $SLAPD_DOMAIN
-        slapd slapd/backend select hdb
+        slapd slapd/backend select HDB
         slapd slapd/allow_ldap_v2 boolean false
         slapd slapd/purge_database boolean false
         slapd slapd/move_old_database boolean true
@@ -65,6 +65,14 @@ EOF
             slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1
         done
     fi
+
+    if [[ -n "$SLAPD_ADDITIONAL_MODULES" ]]; then
+        IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES)
+
+        for module in "${modules[@]}"; do
+             slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1
+        done
+    fi
 else
     slapd_configs_in_env=`env | grep 'SLAPD_'`
 
diff --git a/modules/memberof.ldif b/modules/memberof.ldif
new file mode 100644
index 0000000..fd9cce9
--- /dev/null
+++ b/modules/memberof.ldif
@@ -0,0 +1,33 @@
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+objectClass: top
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: memberof.la
+
+dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
+
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+objectClass: top
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: refint.la
+
+dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: {1}refint
+olcRefintAttribute: memberof member manager owner