Added facility to read and write to dn=config branch

Dockerfile

@@ -6,8 +6,9 @@ ENV OPENLDAP_VERSION 2.4.31
 
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        ldap-utils=${OPENLDAP_VERSION}* \
         slapd=${OPENLDAP_VERSION}* \
-        ldap-utils=${OPENLDAP_VERSION}* && \
+        vim && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 

README.md

@@ -53,6 +53,14 @@ There is an optinal third variable
 
 that represents the human readable company name (e.g. `Example Inc.`).
 
+The fourth (somewhat) optional variable
+
+    SLAPD_CONFIG_PASSWORD
+
+allows password protected access to the `dn=config` branch. This helps to
+reconfigure the server without interruption (read the
+[official documentation](http://www.openldap.org/doc/admin24/guide.html#Configuring%20slapd)).
+
 After the first start of the image (and the initial configuration), these
 envirnonment variables are not evaluated anymore.
 

entrypoint.sh

@@ -22,6 +22,8 @@ if [[ ! -f /etc/ldap/docker-configured ]]; then
         slapd slapd/no_configuration boolean false
         slapd slapd/password1 password $SLAPD_PASSWORD
         slapd slapd/password2 password $SLAPD_PASSWORD
+        slapd slapd/internal/adminpw string $SLAPD_PASSWORD
+        slapd slapd/internal/generated_adminpw password $SLAPD_PASSWORD
         slapd shared/organization string $SLAPD_ORGANIZATION
         slapd slapd/domain string $SLAPD_DOMAIN
         slapd slapd/backend select hdb
@@ -44,6 +46,15 @@ EOF
 
     sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
 
+    if [[ -n  "$SLAPD_CONFIG_PASSWORD" ]]; then
+        password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
+
+        slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
+        sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${password_hash}/g" /tmp/config.ldif
+        rm -rf /etc/ldap/slapd.d/*
+        slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
+    fi
+
     touch /etc/ldap/docker-configured
 fi