From c8c87c763b727753136edcf4e2ee68c36fcb6845 Mon Sep 17 00:00:00 2001 From: Romain LEON Date: Fri, 18 Oct 2019 23:02:50 +0200 Subject: [PATCH] Add ldaps and run ldif after openldap startup --- Dockerfile | 18 +++++++++++++++++- after_work.sh | 17 +++++++++++++++++ entrypoint.sh | 4 +++- ldaps.template.ldif | 14 ++++++++++++++ 4 files changed, 51 insertions(+), 2 deletions(-) create mode 100755 after_work.sh create mode 100644 ldaps.template.ldif diff --git a/Dockerfile b/Dockerfile index e34f925..959a165 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,20 @@ RUN apt-get update && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* +## LDAPS +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + libsasl2-2 \ + sasl2-bin \ + libsasl2-modules + +## LDAPS AND/OR RUN LDIF AFTER OPENLDAP STARTUP +# Mount the "/after_work" volume and copy your ldif files to it +# For ldaps see ldaps.template.ldif +RUN mkdir /after_work +COPY ./after_work.sh /after_work.sh +RUN chmod 770 /after_work.sh + RUN mv /etc/ldap /etc/ldap.dist COPY modules/ /etc/ldap.dist/modules @@ -19,9 +33,11 @@ COPY modules/ /etc/ldap.dist/modules COPY entrypoint.sh /entrypoint.sh EXPOSE 389 +## DEFAULT LDAPS PORT +EXPOSE 636 VOLUME ["/etc/ldap", "/var/lib/ldap"] ENTRYPOINT ["/entrypoint.sh"] -CMD ["sh", "-c", "slapd -h 'ldap:/// ldapi:///' -d ${DEBUG_LEVEL} -u openldap -g openldap"] +CMD ["sh", "-c", "slapd -h 'ldap:/// ldaps:/// ldapi:///' -d ${DEBUG_LEVEL} -u openldap -g openldap"] \ No newline at end of file diff --git a/after_work.sh b/after_work.sh new file mode 100755 index 0000000..8051d2d --- /dev/null +++ b/after_work.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +PATH_LDIF="/after_work/" +cd ${PATH_LDIF} +if ls *.ldif > /dev/null 2>&1 ;then + codrec=1 + while [ "$coderec" != "0" ]; do + sleep 1 + ldapsearch -Y EXTERNAL -H ldapi:/// -LLL cn=config > /dev/null 2>&1 + coderec=$? + done + for myLdif in *.ldif ;do + echo "--- $myLdif " + ldapmodify -Y EXTERNAL -H ldapi:/// -f ${PATH_LDIF}${myLdif} + echo "---" + done +fi \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 137b722..227ccd9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -112,4 +112,6 @@ fi chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/ -exec "$@" +sh /after_work.sh& + +exec "$@" \ No newline at end of file diff --git a/ldaps.template.ldif b/ldaps.template.ldif new file mode 100644 index 0000000..7ede59f --- /dev/null +++ b/ldaps.template.ldif @@ -0,0 +1,14 @@ +# Mount the "/etc/ssl/certs/" volume in your docker-compose/docker run +dn: cn=config +changetype: modify +replace: olcTLSCACertificateFile +olcTLSCACertificateFile: /etc/ssl/certs/CACertificateFile.crt +- +replace: olcTLSCertificateKeyFile +olcTLSCertificateKeyFile: /etc/ssl/certs/private/CertificateKeyFile.key +- +replace: olcTLSCertificateFile +olcTLSCertificateFile: /etc/ssl/certs/CertificateFile.crt +- +replace: olcTLSVerifyClient +olcTLSVerifyClient: never \ No newline at end of file