Set ownership on distribution LDAP files

Add logic to perform a chown openldap:openldap on the directory files from the Debian distribution so that slapd always may start even when the numeric uid has changed, for example when /etc/passwd is mounted in. This was previously done for the directory files being used (database with n 2) but not for those that are not being used (database with n 1).
docker · Aug 1, 2018 · cc8ebfa · cc8ebfa
1 parent 0436ac2
commit cc8ebfa
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -483,6 +483,8 @@ function comanage_ldap_utils::exec_slapd() {
     # Always set user and group in case external source of user and
     # group mappings to numeric UID and GID is being used, such as
     # COPY in of /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
     chown -R openldap:openldap /var/lib/ldap
     chown -R openldap:openldap /etc/ldap/slapd.d
     chown openldap:openldap /var/run/slapd
@@ -527,8 +529,11 @@ function comanage_ldap_utils::exec_slapd_proxy() {
     # Always set user and group in case external source of user and
     # group mappings to numeric UID and GID is being used, such as
     # COPY in of /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
     chown -R openldap:openldap /var/lib/ldap
     chown -R openldap:openldap /etc/ldap/slapd.d
+    chown openldap:openldap /var/run/slapd
 
     exec "$@"
 }
@@ -671,6 +676,16 @@ function comanage_ldap_utils::schema_installed() {
 ##########################################
 function comanage_ldap_utils::start_slapd_socket() {
     chown openldap:openldap /var/run/slapd
+
+    # Always set user and group in case external source of user and
+    # group mappings to numeric UID and GID is being used, such as
+    # COPY in of /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
+    chown -R openldap:openldap /var/lib/ldap
+    chown -R openldap:openldap /etc/ldap/slapd.d
+    chown openldap:openldap /var/run/slapd
+
     slapd -h ldapi:/// -u openldap -g openldap > "${OUTPUT}" 2>&1
 }