From b574af5b79e0aa1a7d39c5060c4777abe5bf498a Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Thu, 15 Mar 2018 12:16:14 +0100 Subject: [PATCH] Add a built-in way to enable cn=config password Signed-off-by: Knut Ahlers --- README.md | 1 + config/slapd.ldif | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 5d79631..794abe0 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ For the first run, one has to set at least the first two environment variables. * `SLAPD_ORGANIZATION` (defaults to `Example Inc.`) - represents the human readable company name (e.g. `Example Inc.`). * `SLAPD_ADDITIONAL_SCHEMAS` - loads additional schemas provided in the `slapd` package that are not installed using the environment variable with comma-separated enties. As of writing these instructions, there are the following additional schemas available: `collective`, `corba`, `cosine`, `duaconf`, `dyngroup`, `inetorgperson`, `java`, `misc`, `nis`, `openldap`, `pmi` and `ppolicy`. * `SLAPD_ADDITIONAL_MODULES` - comma-separated list of modules to load. It will try to run `.ldif` files with a corresponsing name from the `module` directory. Currently only `memberof` and `ppolicy` are avaliable. +* `SLAPD_CONFIG_PASSWORD` - If set the root password for `cn=config` is set (Connect using username and base-dn `cn=config`) ### Setting up ppolicy diff --git a/config/slapd.ldif b/config/slapd.ldif index a2c1471..d75d03d 100644 --- a/config/slapd.ldif +++ b/config/slapd.ldif @@ -23,6 +23,15 @@ objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend +{{ if ne (env `SLAPD_CONFIG_PASSWORD` `NONE`) `NONE` }} +dn: olcDatabase=config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: config +olcRootPW: {{ env `SLAPD_CONFIG_PASSWORD` `secret` }} +olcAccess: to * by * none + +{{ end }} + dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig