#!/bin/sh # Log everything to this log file #exec &> $ENTRYLOG # Inspired by https://github.com/acobaugh/openldap-alpine # When not limiting the open file descriptors, the memory consumption # of slapd is absurdly high. See https://github.com/docker/docker/issues/8231 ulimit -n 8192 # If there's no cn=config database, initialize one. # Take the original slapd.conf file as template. if [ ! -d '/etc/openldap/slapd.d/cn=config' ]; then # Limit the access to the database SLAPD_CONFIG_ROOTPW=`< /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo` # Generate a password hash config_rootpw_hash=`slappasswd -s "${SLAPD_CONFIG_ROOTPW}"` echo $SLAPD_CONFIG_ROOTPW > /etc/openldap/slapd.d/slapd_config_rootpw chmod 400 /etc/openldap/slapd.d/slapd_config_rootpw # Check if all certificates and keys are present # if [ ! -f ${SSL_PATH}/slurm.ch-rootCA.crt ] || \ # [ ! -f ${SSL_PATH}/ldap.slurm.ch.crt ] || \ # [ ! -f ${SSL_PATH}/ldap.slurm.ch.key ]; then # echo "Not all certificates and keys found for TLS." # exit 1 # fi # Use the original slapd.conf file cp /etc/openldap/slapd.conf /tmp/slapd.conf # Set the correct suffix #sed -i -e "s/dc=my-domain,dc=com/${SUFFIX}/g" /tmp/slapd.conf #sed -i -e "/core.schema/a include\t\t/etc/openldap/schema/cosine.schema" /tmp/slapd.conf #sed -i -e "/cosine.schema/a include\t\t/etc/openldap/schema/inetorgperson.schema" /tmp/slapd.conf # Add configuration for TLS and set root password for config database. cat <<-EOF >> /tmp/slapd.conf #TLSCACertificateFile ${SSL_PATH}/slurm.ch-rootCA.crt #TLSCertificateFile ${SSL_PATH}/ldap.slurm.ch.crt #TLSCertificateKeyFile ${SSL_PATH}/ldap.slurm.ch.key #TLSCipherSuite HIGH:-SSLv2:-SSLv3 ####################################################################### # Dynamic config ####################################################################### database config rootDN "cn=admin,cn=config" rootPW $config_rootpw_hash EOF # Generate config database from slapd.conf file. echo Generating configuration slaptest -f /tmp/slapd.conf -F /etc/openldap/slapd.d fi # Set all ownerships straight. chown -R ldap:ldap /etc/openldap/slapd.d mkdir /var/lib/openldap/run || true echo Starting slapd with $@ exec "$@"