added defaults for slapd

docker · May 28, 2017 · 1a80d69 · 1a80d69
1 parent 7487dd4
commit 1a80d69
Showing 1 changed file with 16 additions and 12 deletions.
diff --git a/comanage-registry-slapd/docker-slapd-entrypoint b/comanage-registry-slapd/docker-slapd-entrypoint
@@ -40,14 +40,18 @@ fi
 
 # Only bootstrap the directory if it does not already exist.
 if [[ ! -f /var/lib/ldap/data.mdb && ! -f /etc/ldap/slapd.d/cn=config.ldif ]]; then
+    SUFFIX="${OLC_SUFFIX:-dc=my,dc=org}"
+    ROOT_DN="${OLC_ROOT_DN:-cn=admin,dc=my,dc=org}"
+    ROOT_PW="${OLC_ROOT_PW:-password}"
+
     # Parse the domain, rdn, and the value of rdn from the OLC_SUFFIX
-    DOMAIN=`echo ${OLC_SUFFIX} | sed -e 's/dc=//g' -e 's/,/./g'`
-    RDN=`echo ${OLC_SUFFIX} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'`
-    RDN_VALUE=`echo ${OLC_SUFFIX} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'`
+    DOMAIN=`echo ${SUFFIX} | sed -e 's/dc=//g' -e 's/,/./g'`
+    RDN=`echo ${SUFFIX} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'`
+    RDN_VALUE=`echo ${SUFFIX} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'`
 
     # Parse the rdn and its value from the OLC_ROOT_DN
-    ADMIN_RDN=`echo ${OLC_ROOT_DN} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'`
-    ADMIN_RDN_VALUE=`echo ${OLC_ROOT_DN} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'`
+    ADMIN_RDN=`echo ${ROOT_DN} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'`
+    ADMIN_RDN_VALUE=`echo ${ROOT_DN} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'`
 
     # Create a temporary password and its hash that will be used to
     # bootstrap the OLC_SUFFIX. It is later replaced by the OLC_ROOT_PW hash.
@@ -96,11 +100,11 @@ objectClass: olcDatabaseConfig
 objectClass: olcMdbConfig
 olcDatabase: {2}mdb
 olcDbDirectory: /var/lib/ldap
-olcSuffix: ${OLC_SUFFIX}
+olcSuffix: ${SUFFIX}
 olcLastMod: TRUE
-olcRootDN: ${OLC_ROOT_DN}
+olcRootDN: ${ROOT_DN}
 olcRootPW: ${OLC_ROOT_PW_TMP_HASH}
-olcAccess: {0}to dn.base="${OLC_ROOT_DN}" by sockname.regex=/var/run/slapd/ldapi auth by users none by * none
+olcAccess: {0}to dn.base="${ROOT_DN}" by sockname.regex=/var/run/slapd/ldapi auth by users none by * none
 olcAccess: {1}to attrs=userPassword,shadowLastChange by self auth by anonymous auth by * none
 olcAccess: {2}to * by * none
 olcDbCheckpoint: 512 30
@@ -131,21 +135,21 @@ EOF
     # Create the actual contents of the directory and the admin DN
     # with the injected password hash.
     cat <<EOF > /tmp/modify.ldif
-dn: ${OLC_SUFFIX}
+dn: ${SUFFIX}
 objectClass: dcObject
 objectClass: organization
 o: ${DOMAIN}
 ${RDN}: ${RDN_VALUE}
 
-dn: ${OLC_ROOT_DN}
+dn: ${ROOT_DN}
 objectClass: simpleSecurityObject
 objectClass: organizationalRole
 ${ADMIN_RDN}: ${ADMIN_RDN_VALUE}
 description: LDAP administrator
-userPassword: ${OLC_ROOT_PW}
+userPassword: ${ROOT_PW}
 EOF
 
-    ldapmodify -x -D ${OLC_ROOT_DN} -w ${OLC_ROOT_PW_TMP} -H ldapi:/// -a -f /tmp/modify.ldif > /dev/null 2>&1
+    ldapmodify -x -D ${ROOT_DN} -w ${OLC_ROOT_PW_TMP} -H ldapi:/// -a -f /tmp/modify.ldif > /dev/null 2>&1
 
     rm -f /tmp/modify.ldif > /dev/null 2>&1