| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- #!/bin/sh
- # Log everything to this log file. Use LOG env var or default /var/log/ldap.log
- ENTRYLOG=${LOG:-/var/log/ldap.log}
- echo Logfile: $ENTRYLOG
- exec &> $ENTRYLOG
- # Inspired by https://github.com/acobaugh/openldap-alpine
- # When not limiting the open file descriptors, the memory consumption
- # of slapd is absurdly high. See https://github.com/docker/docker/issues/8231
- ulimit -n 8192
- # If there's no cn=config database, initialize one.
- # Take the original slapd.conf file as template.
- if [ ! -d '/etc/openldap/slapd.d/cn=config' ]; then
- # Limit the access to the database
- SLAPD_CONFIG_ROOTPW=`< /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo`
-
- # Generate a password hash
- config_rootpw_hash=`slappasswd -s "${SLAPD_CONFIG_ROOTPW}"`
- echo $SLAPD_CONFIG_ROOTPW > /etc/openldap/slapd.d/slapd_config_rootpw
- chmod 400 /etc/openldap/slapd.d/slapd_config_rootpw
-
- # Use the original slapd.conf file
- cp /etc/openldap/slapd.conf /tmp/slapd.conf
-
- # Set the correct suffix
- sed -i -e "s/dc=my-domain,dc=com/${SUFFIX}/g" /tmp/slapd.conf
- # Add more schemas
- sed -i -e "/core.schema/a include\t\t/etc/openldap/schema/cosine.schema" /tmp/slapd.conf
- sed -i -e "/cosine.schema/a include\t\t/etc/openldap/schema/inetorgperson.schema" /tmp/slapd.conf
-
- cat <<-EOF >> /tmp/slapd.conf
-
- #######################################################################
- # Dynamic config
- #######################################################################
-
- database config
- rootDN "cn=admin,cn=config"
- rootPW $config_rootpw_hash
- EOF
-
- # Generate config database from slapd.conf file.
- echo Generating configuration
- slaptest -f /tmp/slapd.conf -F /etc/openldap/slapd.d
- fi
- # Set all ownerships straight.
- chown -R ldap:ldap /etc/openldap/slapd.d
- mkdir /var/lib/openldap/run || true
- echo Starting slapd with $@
- exec "$@"
|
