From a30c78f3122cf41fd1e2552db941aaf4c5c2a82d Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Tue, 2 May 2017 06:03:14 -0500
Subject: [PATCH] slapd config from environment variables in files

---
 comanage-registry-slapd/README.md              | 18 ++++++++++++++++++
 .../docker-slapd-entrypoint                    | 17 +++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/comanage-registry-slapd/README.md b/comanage-registry-slapd/README.md
index 7bf0052..3909fd2 100644
--- a/comanage-registry-slapd/README.md
+++ b/comanage-registry-slapd/README.md
@@ -93,3 +93,21 @@ docker run -d --name comanage-registry-slapd \
   -p 389:389 -p 636:636 \
   sphericalcowgroup/comanage-registry-slapd
 ```
+
+You may also use environment variables that point to files, for example
+
+```
+docker run -d --name comanage-registry-slapd \
+  --network comanage-registry-internal-network \
+  -v /tmp/slapd-data:/var/lib/ldap \
+  -v /tmp/slapd-config:/etc/ldap/slapd.d \
+  -e SLAPD_CERT_FILE=/run/secrets/slapd_cert_file \
+  -e SLAPD_PRIVKEY_FILE=/run/secrets/slapd_privkey_file \
+  -e SLAPD_CHAIN_FILE=/run/secrets/slapd_chain_file \
+  -e OLC_SUFFIX=dc=my,dc=org \
+  -e OLC_ROOT_DN=cn=admin,dc=my,dc=org \
+  -e OLC_ROOT_PW_FILE=/run/secrets/olc_root_pw \
+  -p 389:389 -p 636:636 \
+  sphericalcowgroup/comanage-registry-slapd
+```
+
diff --git a/comanage-registry-slapd/docker-slapd-entrypoint b/comanage-registry-slapd/docker-slapd-entrypoint
index 6842275..3e3e2f7 100755
--- a/comanage-registry-slapd/docker-slapd-entrypoint
+++ b/comanage-registry-slapd/docker-slapd-entrypoint
@@ -21,6 +21,23 @@
 
 set -e
 
+# Copy secrets and other deployment specific details into place.
+if [[ -f "${SLAPD_CERT_FILE}" ]]; then
+    cp ${SLAPD_CERT_FILE} /etc/ldap/slapd.crt
+fi
+
+if [[ -f "${SLAPD_PRIVKEY_FILE}" ]]; then
+    cp ${SLAPD_PRIVKEY_FILE} /etc/ldap/slapd.key
+fi
+
+if [[ -f "${SLAPD_CHAIN_FILE}" ]]; then
+    cp ${SLAPD_CHAIN_FILE} /etc/ldap/slapd.ca.crt
+fi
+
+if [[ -f "${OLC_ROOT_PW_FILE}" ]]; then
+    OLC_ROOT_PW=`cat ${OLC_ROOT_PW_FILE}`
+fi
+
 # Only bootstrap the directory if it does not already exist.
 if [[ ! -f /var/lib/ldap/data.mdb && ! -f /etc/ldap/slapd.d/cn=config.ldif ]]; then
     # Parse the domain, rdn, and the value of rdn from the OLC_SUFFIX