Better root DN password management

If the environment variable OLC_ROOT_DN_PASSWORD is set but OLC_ROOT_DN (usually a hash) is not, then take OLC_ROOT_DN from OLC_ROOT_DN_PASSWORD.
docker · Mar 11, 2020 · e93e857 · e93e857
1 parent b70553a
commit e93e857
Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -94,6 +94,7 @@ function comanage_ldap_utils::add_schemas() {
 # Globals:
 #   OLC_SUFFIX
 #   OLC_ROOT_DN
+#   OLC_ROOT_DN_PASSWORD
 #   OLC_ROOT_PW
 # Arguments:
 #   None
@@ -103,7 +104,12 @@ function comanage_ldap_utils::add_schemas() {
 function comanage_ldap_utils::bootstrap() {
     local suffix="${OLC_SUFFIX:-dc=my,dc=org}"
     local root_dn="${OLC_ROOT_DN:-cn=admin,dc=my,dc=org}"
-    local root_pw="${OLC_ROOT_PW:-password}"
+
+    if [[ -n "${OLC_ROOT_DN_PASSWORD}" && -z "${OLC_ROOT_PW}" ]]; then
+        local root_pw="${OLC_ROOT_DN_PASSWORD}"
+    else
+        local root_pw="${OLC_ROOT_PW:-password}"
+    fi
 
     # Parse the domain, rdn, and the value of rdn from the OLC_SUFFIX
     local domain=`echo ${suffix} | sed -e 's/dc=//g' -e 's/,/./g'`

diff --git a/docs/slapd-common-environment-variables.md b/docs/slapd-common-environment-variables.md
@@ -72,7 +72,7 @@ OLC_ROOT_PW
 ```
 
 * Description: Password (usually hashed) for the root DN
-* Required: yes
+* Required: yes if `OLC_ROOT_DN_PASSWORD` is not set
 * Default: password
 * Example: {SSHA}emcy1JA+mxbHH0PMPcnasE9apBStAMks
 * Note: See the [slappasswd OpenLDAP password utility](https://linux.die.net/man/8/slappasswd) for details on how to