From e93e85738825adcfed372d1173239bbdb3f0fbd3 Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Wed, 11 Mar 2020 07:58:46 -0500 Subject: [PATCH] Better root DN password management If the environment variable OLC_ROOT_DN_PASSWORD is set but OLC_ROOT_DN (usually a hash) is not, then take OLC_ROOT_DN from OLC_ROOT_DN_PASSWORD. --- comanage-registry-slapd-base/comanage_ldap_utils.sh | 8 +++++++- docs/slapd-common-environment-variables.md | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh index 8413f94..fef0b68 100755 --- a/comanage-registry-slapd-base/comanage_ldap_utils.sh +++ b/comanage-registry-slapd-base/comanage_ldap_utils.sh @@ -94,6 +94,7 @@ function comanage_ldap_utils::add_schemas() { # Globals: # OLC_SUFFIX # OLC_ROOT_DN +# OLC_ROOT_DN_PASSWORD # OLC_ROOT_PW # Arguments: # None @@ -103,7 +104,12 @@ function comanage_ldap_utils::add_schemas() { function comanage_ldap_utils::bootstrap() { local suffix="${OLC_SUFFIX:-dc=my,dc=org}" local root_dn="${OLC_ROOT_DN:-cn=admin,dc=my,dc=org}" - local root_pw="${OLC_ROOT_PW:-password}" + + if [[ -n "${OLC_ROOT_DN_PASSWORD}" && -z "${OLC_ROOT_PW}" ]]; then + local root_pw="${OLC_ROOT_DN_PASSWORD}" + else + local root_pw="${OLC_ROOT_PW:-password}" + fi # Parse the domain, rdn, and the value of rdn from the OLC_SUFFIX local domain=`echo ${suffix} | sed -e 's/dc=//g' -e 's/,/./g'` diff --git a/docs/slapd-common-environment-variables.md b/docs/slapd-common-environment-variables.md index e3256dc..c53c90c 100644 --- a/docs/slapd-common-environment-variables.md +++ b/docs/slapd-common-environment-variables.md @@ -72,7 +72,7 @@ OLC_ROOT_PW ``` * Description: Password (usually hashed) for the root DN -* Required: yes +* Required: yes if `OLC_ROOT_DN_PASSWORD` is not set * Default: password * Example: {SSHA}emcy1JA+mxbHH0PMPcnasE9apBStAMks * Note: See the [slappasswd OpenLDAP password utility](https://linux.die.net/man/8/slappasswd) for details on how to