From 9d1708513e535cbf0b2293f8df48e5e744a2c114 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Luginb=C3=BChl?= <dinkel@pimprecords.com>
Date: Wed, 18 Feb 2015 20:43:34 +0100
Subject: [PATCH] Added facility to read and write to dn=config branch

---
 Dockerfile    |  3 ++-
 README.md     |  8 ++++++++
 entrypoint.sh | 13 ++++++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6495335..1ecdf30 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,8 +6,9 @@ ENV OPENLDAP_VERSION 2.4.31
 
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        ldap-utils=${OPENLDAP_VERSION}* \
         slapd=${OPENLDAP_VERSION}* \
-        ldap-utils=${OPENLDAP_VERSION}* && \
+        vim && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/README.md b/README.md
index 3fc3e85..53aa3b5 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,14 @@ There is an optinal third variable
 
 that represents the human readable company name (e.g. `Example Inc.`).
 
+The fourth (somewhat) optional variable
+
+    SLAPD_CONFIG_PASSWORD
+
+allows password protected access to the `dn=config` branch. This helps to
+reconfigure the server without interruption (read the
+[official documentation](http://www.openldap.org/doc/admin24/guide.html#Configuring%20slapd)).
+
 After the first start of the image (and the initial configuration), these
 envirnonment variables are not evaluated anymore.
 
diff --git a/entrypoint.sh b/entrypoint.sh
index c60b873..7abcc2c 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -22,6 +22,8 @@ if [[ ! -f /etc/ldap/docker-configured ]]; then
         slapd slapd/no_configuration boolean false
         slapd slapd/password1 password $SLAPD_PASSWORD
         slapd slapd/password2 password $SLAPD_PASSWORD
+        slapd slapd/internal/adminpw string $SLAPD_PASSWORD
+        slapd slapd/internal/generated_adminpw password $SLAPD_PASSWORD
         slapd shared/organization string $SLAPD_ORGANIZATION
         slapd slapd/domain string $SLAPD_DOMAIN
         slapd slapd/backend select hdb
@@ -30,7 +32,7 @@ if [[ ! -f /etc/ldap/docker-configured ]]; then
         slapd slapd/move_old_database boolean true
 EOF
 
-    dpkg-reconfigure -fnoninteractive slapd >/dev/null 2>&1
+    dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1
 
     dc_string=""
 
@@ -44,6 +46,15 @@ EOF
 
     sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
 
+    if [[ -n  "$SLAPD_CONFIG_PASSWORD" ]]; then
+        password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
+
+        slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
+        sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${password_hash}/g" /tmp/config.ldif
+        rm -rf /etc/ldap/slapd.d/*
+        slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
+    fi
+
     touch /etc/ldap/docker-configured
 fi