Fix issue when openldap user has different UID

If the deployer maps in or copies in a different /etc/passwd file that assigns the openldap user a different UID change the ownership of /var/run/slapd so that it has the correct owner.
docker · Jul 13, 2018 · 6e4ba3b · 6e4ba3b
1 parent 3ffe26f
commit 6e4ba3b
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -118,6 +118,13 @@ function comanage_ldap_utils::bootstrap() {
         fold -w 32 | head -n 1`
     local olc_root_pw_tmp_hash=`/usr/sbin/slappasswd -s ${olc_root_pw_tmp}`
 
+    # Ensure that the distribution files created by Debian installation of
+    # slapd have the correct ownership and group membership for the openldap
+    # user that is running since a deployer may have changed them by
+    # injecting their own /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
+
     # Copy over the distribution files created by Debian installation of slapd
     # so that we can start slapd.
     mkdir -p /var/lib/ldap
@@ -472,6 +479,7 @@ function comanage_ldap_utils::exec_slapd() {
     # COPY in of /etc/passwd.
     chown -R openldap:openldap /var/lib/ldap
     chown -R openldap:openldap /etc/ldap/slapd.d
+    chown openldap:openldap /var/run/slapd
 
     exec "$@"
 }
@@ -656,6 +664,7 @@ function comanage_ldap_utils::schema_installed() {
 #   None
 ##########################################
 function comanage_ldap_utils::start_slapd_socket() {
+    chown openldap:openldap /var/run/slapd
     slapd -h ldapi:/// -u openldap -g openldap > "${OUTPUT}" 2>&1
 }