Added facility to read and write to dn=config branch

This commit is contained in:
Christian Luginbühl 2015-02-18 20:43:34 +01:00
parent befe7c5b26
commit 9d1708513e
3 changed files with 22 additions and 2 deletions

View file

@ -6,8 +6,9 @@ ENV OPENLDAP_VERSION 2.4.31
RUN apt-get update && \ RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \ DEBIAN_FRONTEND=noninteractive apt-get install -y \
ldap-utils=${OPENLDAP_VERSION}* \
slapd=${OPENLDAP_VERSION}* \ slapd=${OPENLDAP_VERSION}* \
ldap-utils=${OPENLDAP_VERSION}* && \ vim && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*

View file

@ -53,6 +53,14 @@ There is an optinal third variable
that represents the human readable company name (e.g. `Example Inc.`). that represents the human readable company name (e.g. `Example Inc.`).
The fourth (somewhat) optional variable
SLAPD_CONFIG_PASSWORD
allows password protected access to the `dn=config` branch. This helps to
reconfigure the server without interruption (read the
[official documentation](http://www.openldap.org/doc/admin24/guide.html#Configuring%20slapd)).
After the first start of the image (and the initial configuration), these After the first start of the image (and the initial configuration), these
envirnonment variables are not evaluated anymore. envirnonment variables are not evaluated anymore.

View file

@ -22,6 +22,8 @@ if [[ ! -f /etc/ldap/docker-configured ]]; then
slapd slapd/no_configuration boolean false slapd slapd/no_configuration boolean false
slapd slapd/password1 password $SLAPD_PASSWORD slapd slapd/password1 password $SLAPD_PASSWORD
slapd slapd/password2 password $SLAPD_PASSWORD slapd slapd/password2 password $SLAPD_PASSWORD
slapd slapd/internal/adminpw string $SLAPD_PASSWORD
slapd slapd/internal/generated_adminpw password $SLAPD_PASSWORD
slapd shared/organization string $SLAPD_ORGANIZATION slapd shared/organization string $SLAPD_ORGANIZATION
slapd slapd/domain string $SLAPD_DOMAIN slapd slapd/domain string $SLAPD_DOMAIN
slapd slapd/backend select hdb slapd slapd/backend select hdb
@ -30,7 +32,7 @@ if [[ ! -f /etc/ldap/docker-configured ]]; then
slapd slapd/move_old_database boolean true slapd slapd/move_old_database boolean true
EOF EOF
dpkg-reconfigure -fnoninteractive slapd >/dev/null 2>&1 dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1
dc_string="" dc_string=""
@ -44,6 +46,15 @@ EOF
sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then
password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${password_hash}/g" /tmp/config.ldif
rm -rf /etc/ldap/slapd.d/*
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
fi
touch /etc/ldap/docker-configured touch /etc/ldap/docker-configured
fi fi