탐색 도움말
가입하기 로그인
tomi
/
docker-ldap-server
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: e896bdf51c
브랜치 태그
docker-ldap-ser...
/
entrypoint.sh

entrypoint.sh 2.0 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. #!/bin/sh
    2. 

  2. 

  3. # Log everything to this log file
    4. 

  4. exec &> $ENTRYLOG
    5. 

  5. 

  6. # Inspired by https://github.com/acobaugh/openldap-alpine
    7. 

  7. 

  8. # When not limiting the open file descriptors, the memory consumption
    9. 

  9. # of slapd is absurdly high. See https://github.com/docker/docker/issues/8231
    10. 

  10. ulimit -n 8192
    11. 

  11. 

  12. # If there's no cn=config database, initialize one.
    13. 

  13. # Take the original slapd.conf file as template.
    14. 

  14. if [ ! -d '/etc/openldap/slapd.d/cn=config' ]; then
    15. 

  15. 

  16. 	# Limit the access to the database
    17. 

  17. 	SLAPD_CONFIG_ROOTPW=`< /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo`
    18. 

  18. 	
    19. 

  19. 	# Generate a password hash
    20. 

  20. 	config_rootpw_hash=`slappasswd -s "${SLAPD_CONFIG_ROOTPW}"`
    21. 

  21. 	printf "$SLAPD_CONFIG_ROOTPW" > /etc/openldap/slapd.d/slapd_config_rootpw
    22. 

  22. 	chmod 400 /etc/openldap/slapd.d/slapd_config_rootpw
    23. 

  23. 	
    24. 

  24. 	# Check if all certificates and keys are present 
    25. 

  25. 	if 	[ ! -f ${SSL_PATH}/slurm.ch-rootCA.crt ] || \
    26. 

  26. 		[ ! -f ${SSL_PATH}/ldap.slurm.ch.crt ] || \
    27. 

  27. 		[ ! -f ${SSL_PATH}/ldap.slurm.ch.key ]; then
    28. 

  28. 		echo "Not all certificates and keys found for TLS."
    29. 

  29. 		exit 1
    30. 

  30. 	fi
    31. 

  31. 	
    32. 

  32. 	# Use the original slapd.conf file
    33. 

  33. 	cp /etc/openldap/slapd.conf /tmp/slapd.conf
    34. 

  34. 	
    35. 

  35. 	# Set the correct suffix
    36. 

  36. 	sed -i -e "s/dc=my-domain,dc=com/${SUFFIX}/g" /tmp/slapd.conf
    37. 

  37. 	sed -i -e "/core.schema/a include\t\t/etc/openldap/schema/cosine.schema" /tmp/slapd.conf
    38. 

  38. 	sed -i -e "/cosine.schema/a include\t\t/etc/openldap/schema/inetorgperson.schema" /tmp/slapd.conf
    39. 

  39. 	
    40. 

  40. 	# Add configuration for TLS and set root password for config database.
    41. 

  41. 	cat <<-EOF >> /tmp/slapd.conf
    42. 

  42. 	TLSCACertificateFile ${SSL_PATH}/slurm.ch-rootCA.crt
    43. 

  43. 	TLSCertificateFile ${SSL_PATH}/ldap.slurm.ch.crt
    44. 

  44. 	TLSCertificateKeyFile ${SSL_PATH}/ldap.slurm.ch.key
    45. 

  45. 	TLSCipherSuite HIGH:-SSLv2:-SSLv3
    46. 

  46. 	
    47. 

  47. 	database 	config
    48. 

  48. 	rootDN 		"cn=admin,cn=config"
    49. 

  49. 	rootPW 		$config_rootpw_hash
    50. 

  50. 	EOF
    51. 

  51. 	
    52. 

  52. 	# Generate config database from slapd.conf file.
    53. 

  53. 	echo Generating configuration
    54. 

  54. 	slaptest -f /tmp/slapd.conf -F /etc/openldap/slapd.d
    55. 

  55. fi
    56. 

  56. 

  57. # Set all ownerships straight.	
    58. 

  58. chown -R ldap:ldap /etc/openldap/slapd.d /etc/openldap/ssl /run/openldap
    59. 

  59. 

  60. echo Starting slapd with $@
    61. 

  61. exec "$@" 
    62.