commit inicial

files/entrypoint.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+msg(){ ${VERBOSE:-true} && echo ${@} ; }
+assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && msg ${@} ; exit 1 ; } }
+
+# from https://github.com/dinkel/docker-openldap/blob/master/entrypoint.sh:
+# When not limiting the open file descritors limit, the memory consumption of
+# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
+ulimit -n 8192
+
+msg "I: running slapd for initial setup..."
+slapd -u openldap -g openldap -h ldapi:///
+assert "E: openldap died unexpectedly!"
+
+PIDFILE=$(ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config" -s base \
+		     "" olcPidFile | grep olcPidFile | awk "{print $2}")
+msg "I: slapd running with PID ${PIDFILE}"
+
+[[ -n "${OPENLDAP_ADMIN_PASSWORD}" ]]
+assert "E: please set non-empty password in OPENLDAP_ADMIN_PASSWORD and retry."
+
+HASHED_PW=$(slappasswd -h {SSHA} -s "${OPENLDAP_ADMIN_PASSWORD}")
+[[ -n "${HASHED_PW}" ]]
+assert "E: password hash unexpectedly empty!"
+
+msg "I: Setting administrator password..."
+ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: ${HASHED_PW}
+
+EOF
+assert "FATAL: failure setting administrator password!"
+
+# find current schemas
+eval "declare -A LOADED_SCHEMAS=( $(ldapsearch -LLL -Y EXTERNAL -H ldapi:/// \
+                                     -b "cn=schema,cn=config" -s one cn \
+                          | sed -n 's/^cn:.*[{].*[}]\(.*\)$/[\1]=loaded/p') )"
+msg "I: currently loaded schemas: ${!LOADED_SCHEMAS[@]}"
+
+# load schemas
+# built-in: core, cosine, nis, inetorgperson
+# available: collective, corba, duaconf, dyngroup, java, misc, nis, openldap, pmi, ppolicy
+for schema in ${OPENLDAP_SCHEMAS}
+do
+    [[ -z "${LOADED_SCHEMAS[$schema]}" ]] || continue;
+    msg "I: loading schema ${schema}..."
+    [[ -f /etc/ldap/schema/${schema}.ldif ]]
+    assert "E: schema /etc/ldap/schema/${schema}.ldif not found!"
+    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/${schema}.ldif
+    assert "E: failure loading schema ${schema}!"
+done
+
+# enable memberof module
+if ${OPENLDAP_ENABLE_MEMBEROF}
+then
+    msg "I: enabling memberof module ..."
+    ldapmodify -LLL -Y EXTERNAL -H ldapi:/// <<EOF
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof
+
+EOF
+    RES=$?
+    [[ $RES -eq 0 ]] || [[ $RES -eq 20 ]]
+    assert "E: failed loading memberof module (${RES})"
+    msg "I: module memberof enabled (${RES})"
+    unset RES
+fi
+
+# kill slapd after initial setup
+msg "I: killing initial server..."
+kill -INT $(cat ${PIDFILE})
+
+# unset sensitive variables
+unset OPENLDAP_ROOT_PASSWORD
+unset HASHED_PW
+unset LOADED_SCHEMAS
+unset PIDFILE
+
+# run Dockerfile CMD
+msg "I: running CMD $@"
+set -e
+exec "$@"