From 130df64e8dec3f7a25d02e220e3bb1da24326623 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Sun, 17 Jun 2018 12:46:26 -0500
Subject: [PATCH] Environment variable substitution into injected LDIF

Text in injected LDIF files of the form %%SOME_VARIABLE%% will be
replaced with the value from the environment variable SOME_VARIABLE
before the LDIF is executed. The form %%_SOME_VARIABLE_FILE%% will be
replaced with the contents of the file pointed to by the environment
variable SOME_VARIABLE.
---
 .../comanage_ldap_utils.sh                    | 34 +++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
index aa82eb1..44bfaa0 100755
--- a/comanage-registry-slapd-base/comanage_ldap_utils.sh
+++ b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -510,7 +510,9 @@ function comanage_ldap_utils::exec_slapd_proxy() {
 }
 
 ##########################################
-# Loop ldapmodify over a set of LDIF files.
+# Loop ldapmodify over a set of LDIF files with environment variable 
+# substitutions.
+#
 # Globals:
 #   OLC_ROOT_DN
 #   OLC_ROOT_DN_PASSWORD
@@ -523,6 +525,9 @@ function comanage_ldap_utils::exec_slapd_proxy() {
 function comanage_ldap_utils::loop_ldapmodify() {
     local auth
     local ldif
+    local newldif
+    local replacement
+    local substitutions
 
     if [[ "$1" == "config" ]]; then
         auth="-Y EXTERNAL"
@@ -537,7 +542,32 @@ function comanage_ldap_utils::loop_ldapmodify() {
 
     for ldif in "$@"; do
         [[ -f "${ldif}" ]] || continue
-        ldapmodify -c ${auth} -H ldapi:/// -f "${ldif}" > /dev/null 2>&1
+
+        # Copy LDIF file to temporary copy.
+        newldif="/tmp/${ldif##*/}"
+        cp "${ldif}" "${newldif}"
+
+        # Find any substitutions that need to be made.
+        substitutions=( `grep -oE '%%.+%%' "${newldif}" | tr -d %` )
+
+        # Loop over the substitutions and use sed in place to make the
+        # substitutions.
+        for s in "${substitutions[@]}"; do
+            # If the substitution ends in _FILE then use the text from
+            # the file pointed to by that environment variable. Otherwise
+            # use the text from the environment variable itself.
+            if [[ ! "${s%_FILE}" == "${s}" ]]; then
+                replacement=`cat "${!s}"`
+            else
+                replacement=${!s}
+            fi
+
+            sed -i s@%%"${s}"%%@"${replacement}"@g "${newldif}"
+        done
+
+        ldapmodify -c ${auth} -H ldapi:/// -f "${newldif}" > /dev/null 2>&1
+
+        rm -f "${newldif}" > /dev/null 2>&1
     done
 }