diff --git a/comanage-registry-slapd/docker-slapd-entrypoint b/comanage-registry-slapd/docker-slapd-entrypoint index 3e3e2f7..5290f1e 100755 --- a/comanage-registry-slapd/docker-slapd-entrypoint +++ b/comanage-registry-slapd/docker-slapd-entrypoint @@ -40,14 +40,18 @@ fi # Only bootstrap the directory if it does not already exist. if [[ ! -f /var/lib/ldap/data.mdb && ! -f /etc/ldap/slapd.d/cn=config.ldif ]]; then + SUFFIX="${OLC_SUFFIX:-dc=my,dc=org}" + ROOT_DN="${OLC_ROOT_DN:-cn=admin,dc=my,dc=org}" + ROOT_PW="${OLC_ROOT_PW:-password}" + # Parse the domain, rdn, and the value of rdn from the OLC_SUFFIX - DOMAIN=`echo ${OLC_SUFFIX} | sed -e 's/dc=//g' -e 's/,/./g'` - RDN=`echo ${OLC_SUFFIX} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'` - RDN_VALUE=`echo ${OLC_SUFFIX} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'` + DOMAIN=`echo ${SUFFIX} | sed -e 's/dc=//g' -e 's/,/./g'` + RDN=`echo ${SUFFIX} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'` + RDN_VALUE=`echo ${SUFFIX} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'` # Parse the rdn and its value from the OLC_ROOT_DN - ADMIN_RDN=`echo ${OLC_ROOT_DN} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'` - ADMIN_RDN_VALUE=`echo ${OLC_ROOT_DN} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'` + ADMIN_RDN=`echo ${ROOT_DN} | sed -E -e 's/^([^=]+)=[^=,]+.*/\1/'` + ADMIN_RDN_VALUE=`echo ${ROOT_DN} | sed -E -e 's/^[^=]+=([^=,]+).*/\1/'` # Create a temporary password and its hash that will be used to # bootstrap the OLC_SUFFIX. It is later replaced by the OLC_ROOT_PW hash. @@ -96,11 +100,11 @@ objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {2}mdb olcDbDirectory: /var/lib/ldap -olcSuffix: ${OLC_SUFFIX} +olcSuffix: ${SUFFIX} olcLastMod: TRUE -olcRootDN: ${OLC_ROOT_DN} +olcRootDN: ${ROOT_DN} olcRootPW: ${OLC_ROOT_PW_TMP_HASH} -olcAccess: {0}to dn.base="${OLC_ROOT_DN}" by sockname.regex=/var/run/slapd/ldapi auth by users none by * none +olcAccess: {0}to dn.base="${ROOT_DN}" by sockname.regex=/var/run/slapd/ldapi auth by users none by * none olcAccess: {1}to attrs=userPassword,shadowLastChange by self auth by anonymous auth by * none olcAccess: {2}to * by * none olcDbCheckpoint: 512 30 @@ -131,21 +135,21 @@ EOF # Create the actual contents of the directory and the admin DN # with the injected password hash. cat < /tmp/modify.ldif -dn: ${OLC_SUFFIX} +dn: ${SUFFIX} objectClass: dcObject objectClass: organization o: ${DOMAIN} ${RDN}: ${RDN_VALUE} -dn: ${OLC_ROOT_DN} +dn: ${ROOT_DN} objectClass: simpleSecurityObject objectClass: organizationalRole ${ADMIN_RDN}: ${ADMIN_RDN_VALUE} description: LDAP administrator -userPassword: ${OLC_ROOT_PW} +userPassword: ${ROOT_PW} EOF - ldapmodify -x -D ${OLC_ROOT_DN} -w ${OLC_ROOT_PW_TMP} -H ldapi:/// -a -f /tmp/modify.ldif > /dev/null 2>&1 + ldapmodify -x -D ${ROOT_DN} -w ${OLC_ROOT_PW_TMP} -H ldapi:/// -a -f /tmp/modify.ldif > /dev/null 2>&1 rm -f /tmp/modify.ldif > /dev/null 2>&1