#!/bin/sh # Log everything to this log file exec &> $ENTRYLOG # Inspired by https://github.com/acobaugh/openldap-alpine # When not limiting the open file descriptors, the memory consumption # of slapd is absurdly high. See https://github.com/docker/docker/issues/8231 ulimit -n 8192 # If there's no cn=config database, initialize one. # Take the original slapd.conf file as template. if [ ! -d '/etc/openldap/slapd.d/cn=config' ]; then # Limit the access to the database SLAPD_CONFIG_ROOTPW=`< /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo` # Generate a password hash config_rootpw_hash=`slappasswd -s "${SLAPD_CONFIG_ROOTPW}"` printf "$SLAPD_CONFIG_ROOTPW" > /etc/openldap/slapd.d/slapd_config_rootpw chmod 400 /etc/openldap/slapd.d/slapd_config_rootpw # Check if all certificates and keys are present if [ ! -f ${SSL_PATH}/slurm.ch-rootCA.crt ] || \ [ ! -f ${SSL_PATH}/ldap.slurm.ch.crt ] || \ [ ! -f ${SSL_PATH}/ldap.slurm.ch.key ]; then echo "Not all certificates and keys found for TLS." exit 1 fi # Use the original slapd.conf file cp /etc/openldap/slapd.conf /tmp/slapd.conf # Set the correct suffix sed -i -e "s/dc=my-domain,dc=com/${SUFFIX}/g" /tmp/slapd.conf sed -i -e "/core.schema/a include\t\t/etc/openldap/schema/cosine.schema" /tmp/slapd.conf sed -i -e "/cosine.schema/a include\t\t/etc/openldap/schema/inetorgperson.schema" /tmp/slapd.conf # Add configuration for TLS and set root password for config database. cat <<-EOF >> /tmp/slapd.conf TLSCACertificateFile ${SSL_PATH}/slurm.ch-rootCA.crt TLSCertificateFile ${SSL_PATH}/ldap.slurm.ch.crt TLSCertificateKeyFile ${SSL_PATH}/ldap.slurm.ch.key TLSCipherSuite HIGH:-SSLv2:-SSLv3 database config rootDN "cn=admin,cn=config" rootPW $config_rootpw_hash EOF # Generate config database from slapd.conf file. echo Generating configuration slaptest -f /tmp/slapd.conf -F /etc/openldap/slapd.d fi # Set all ownerships straight. chown -R ldap:ldap /etc/openldap/slapd.d /etc/openldap/ssl /run/openldap echo Starting slapd with $@ exec "$@"