86 lines
2.6 KiB
Bash
Executable File
86 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
msg(){ ${VERBOSE:-true} && echo ${@} ; }
|
|
assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && msg ${@} ; exit 1 ; } }
|
|
|
|
# from https://github.com/dinkel/docker-openldap/blob/master/entrypoint.sh:
|
|
# When not limiting the open file descritors limit, the memory consumption of
|
|
# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
|
|
ulimit -n 8192
|
|
|
|
msg "I: running slapd for initial setup..."
|
|
slapd -u openldap -g openldap -h ldapi:///
|
|
assert "E: openldap died unexpectedly!"
|
|
|
|
PIDFILE=$(ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config" -s base \
|
|
"" olcPidFile | grep olcPidFile | awk "{print $2}")
|
|
msg "I: slapd running with PID ${PIDFILE}"
|
|
|
|
[[ -n "${OPENLDAP_ADMIN_PASSWORD}" ]]
|
|
assert "E: please set non-empty password in OPENLDAP_ADMIN_PASSWORD and retry."
|
|
|
|
HASHED_PW=$(slappasswd -h {SSHA} -s "${OPENLDAP_ADMIN_PASSWORD}")
|
|
[[ -n "${HASHED_PW}" ]]
|
|
assert "E: password hash unexpectedly empty!"
|
|
|
|
msg "I: Setting administrator password..."
|
|
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
|
|
dn: olcDatabase={0}config,cn=config
|
|
changetype: modify
|
|
replace: olcRootPW
|
|
olcRootPW: ${HASHED_PW}
|
|
|
|
EOF
|
|
assert "FATAL: failure setting administrator password!"
|
|
|
|
# find current schemas
|
|
eval "declare -A LOADED_SCHEMAS=( $(ldapsearch -LLL -Y EXTERNAL -H ldapi:/// \
|
|
-b "cn=schema,cn=config" -s one cn \
|
|
| sed -n 's/^cn:.*[{].*[}]\(.*\)$/[\1]=loaded/p') )"
|
|
msg "I: currently loaded schemas: ${!LOADED_SCHEMAS[@]}"
|
|
|
|
# load schemas
|
|
# built-in: core, cosine, nis, inetorgperson
|
|
# available: collective, corba, duaconf, dyngroup, java, misc, nis, openldap, pmi, ppolicy
|
|
for schema in ${OPENLDAP_SCHEMAS}
|
|
do
|
|
[[ -z "${LOADED_SCHEMAS[$schema]}" ]] || continue;
|
|
msg "I: loading schema ${schema}..."
|
|
[[ -f /etc/ldap/schema/${schema}.ldif ]]
|
|
assert "E: schema /etc/ldap/schema/${schema}.ldif not found!"
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/${schema}.ldif
|
|
assert "E: failure loading schema ${schema}!"
|
|
done
|
|
|
|
# enable memberof module
|
|
if ${OPENLDAP_ENABLE_MEMBEROF}
|
|
then
|
|
msg "I: enabling memberof module ..."
|
|
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
|
|
dn: cn=module{0},cn=config
|
|
changetype: modify
|
|
add: olcModuleLoad
|
|
olcModuleLoad: memberof
|
|
|
|
EOF
|
|
RES=$?
|
|
[[ $RES -eq 0 ]] || [[ $RES -eq 20 ]]
|
|
assert "E: failed loading memberof module (${RES})"
|
|
msg "I: module memberof enabled (${RES})"
|
|
unset RES
|
|
fi
|
|
|
|
# kill slapd after initial setup
|
|
msg "I: killing initial server..."
|
|
kill -INT $(cat ${PIDFILE})
|
|
|
|
# unset sensitive variables
|
|
unset OPENLDAP_ROOT_PASSWORD
|
|
unset HASHED_PW
|
|
unset LOADED_SCHEMAS
|
|
unset PIDFILE
|
|
|
|
# run Dockerfile CMD
|
|
msg "I: running CMD $@"
|
|
set -e
|
|
exec "$@"
|