Skip to content
Permalink
comanage-registry-docker/docs/slapd-common-environment-variables.md
Newer
Older
100644 122 lines (94 sloc) 3.86 KB
@skoranda
Refactor to use Docker multi-stage builds.
January 9, 2018 07:49
1
<!--
2
COmanage Registry Docker documentation
3
4
Portions licensed to the University Corporation for Advanced Internet
5
Development, Inc. ("UCAID") under one or more contributor license agreements.
6
See the NOTICE file distributed with this work for additional information
7
regarding copyright ownership.
8
9
UCAID licenses this file to you under the Apache License, Version 2.0
10
(the "License"); you may not use this file except in compliance with the
11
License. You may obtain a copy of the License at:
12
13
http://www.apache.org/licenses/LICENSE-2.0
14
15
Unless required by applicable law or agreed to in writing, software
16
distributed under the License is distributed on an "AS IS" BASIS,
17
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
See the License for the specific language governing permissions and
19
limitations under the License.
20
-->
21
22
# Environment Variables Common to All slapd Images
23
24
The environment variables detailed below apply to all OpenLDAP slapd for
25
COmanage Registry images in this repository.
26
27
## Using Files to Inject Secrets
28
29
The COmanage Registry images support the convention of an associated
30
environment variable ending with ```_FILE``` to indicate a path
31
relative to the container from which the value for an environment
32
variable should be read.
33
34
For example if the environment variable ```OLC_ROOT_DN_PASSWORD_FILE```
35
exists and its value is the path to a readable file, then the contents of the
36
file will be read into the environment variable ```OLC_ROOT_DN_PASSWORD```.
37
38
If both an environment variable and the associated ```_FILE``` environment variable
39
are defined the associated ```_FILE``` environment variable takes precedence,
40
provided that the file it points to exists and is readable.
41
42
## Environment Variables
43
44
```
45
OLC_ROOT_DN
46
```
47
48
* Description: DN for the directory root user
49
* Required: yes
50
* Default: cn=admin,dc=my,dc=org
51
* Example: cn=directoryAdministrator,dc=some,dc=university,dc=org
52
* Note: \[[1](#note01)\]
53
54
```
55
OLC_ROOT_DN_PASSWORD
56
```
57
58
* Description: Unhashed password for the root DN used by the entrypoint script to execute
59
any injected LDIF as the root DN user
60
* Required: no
61
* Default: none
62
* Example: KaVJ1FIH5IrRr6R5LElX
63
* Note: The environment variable `OLC_ROOT_DN` is used to set the hashed password for the root
64
DN during the bootstrapping of the directory. This environment variable is used to inject
65
the unhashed password so that the entrypoint script can execute injected LDIF as the root DN
66
user. If no LDIF is injected that needs to be executed as the root DN than this environment
67
variable is not necessary.
68
69
70
```
71
OLC_ROOT_PW
72
```
73
74
* Description: Password (usually hashed) for the root DN
75
* Required: yes
76
* Default: password
77
* Example: {SSHA}emcy1JA+mxbHH0PMPcnasE9apBStAMks
78
* Note: See the [slappasswd OpenLDAP password utility](https://linux.die.net/man/8/slappasswd) for details on how to
79
create a hashed password value. See also \[[1](#note01)\].
80
81
```
82
OLC_SUFFIX
83
```
84
85
* Description: Suffix for the directory
86
* Required: yes
87
* Default: dc=my,dc=org
88
* Example: dc=some,dc=university,dc=edu
89
* Note: \[[1](#note01)\]
90
91
```
92
SLAPD_CERT_FILE
93
```
94
95
* Description: Path inside the container to an X.509 certificate to use for TLS
96
* Required: no
97
* Default: none
98
* Example: /run/secrets/slapd_cert_file
99
100
```
101
SLAPD_CHAIN_FILE
102
```
103
104
* Description: Path inside the container to the certificate authority signing certificate corresponding to the X.509
105
certificate to use for TLS
106
* Required: no
107
* Default: none
108
* Example: /run/secrets/slapd_chain_file
109
110
```
111
SLAPD_PRIVKEY_FILE
112
```
113
114
* Description: Path inside the container to the private key associated with the X.509 certificate for TLS
115
* Required: no
116
* Default: none
117
* Example: /run/secrets/slapd_privkey_file
118
119
120
\[<a name="note01">1</a>\]: The environment variable is read the first time the container is
121
started and used to bootstrap the directory. Later changes to the environment
122
variable are *not* reflected in the directory state.