Головна сторінка Огляд Довідка
Реєстрація Увійти
tomi
/
ldap-server
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: fb4561c6cb
Гілки Теги
ldap-server
/
entrypoint.sh

entrypoint.sh 2.2 KB
Історія Запис

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. #!/bin/sh
    2. 

  2. 

  3. # Log everything to this log file
    4. 

  4. #exec &> $ENTRYLOG
    5. 

  5. 

  6. # Inspired by https://github.com/acobaugh/openldap-alpine
    7. 

  7. 

  8. # When not limiting the open file descriptors, the memory consumption
    9. 

  9. # of slapd is absurdly high. See https://github.com/docker/docker/issues/8231
    10. 

  10. ulimit -n 8192
    11. 

  11. 

  12. # If there's no cn=config database, initialize one.
    13. 

  13. # Take the original slapd.conf file as template.
    14. 

  14. if [ ! -d '/etc/openldap/slapd.d/cn=config' ]; then
    15. 

  15. 

  16. 	# Limit the access to the database
    17. 

  17. 	SLAPD_CONFIG_ROOTPW=`< /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo`
    18. 

  18. 	
    19. 

  19. 	# Generate a password hash
    20. 

  20. 	config_rootpw_hash=`slappasswd -s "${SLAPD_CONFIG_ROOTPW}"`
    21. 

  21. 	echo $SLAPD_CONFIG_ROOTPW > /etc/openldap/slapd.d/slapd_config_rootpw
    22. 

  22. 	chmod 400 /etc/openldap/slapd.d/slapd_config_rootpw
    23. 

  23. 	
    24. 

  24. 	# Check if all certificates and keys are present 
    25. 

  25. 	# if 	[ ! -f ${SSL_PATH}/slurm.ch-rootCA.crt ] || \
    26. 

  26. 	# 	[ ! -f ${SSL_PATH}/ldap.slurm.ch.crt ] || \
    27. 

  27. 	# 	[ ! -f ${SSL_PATH}/ldap.slurm.ch.key ]; then
    28. 

  28. 	# 	echo "Not all certificates and keys found for TLS."
    29. 

  29. 	# 	exit 1
    30. 

  30. 	# fi
    31. 

  31. 	
    32. 

  32. 	# Use the original slapd.conf file
    33. 

  33. 	cp /etc/openldap/slapd.conf /tmp/slapd.conf
    34. 

  34. 	
    35. 

  35. 	# Set the correct suffix
    36. 

  36. 	#sed -i -e "s/dc=my-domain,dc=com/${SUFFIX}/g" /tmp/slapd.conf
    37. 

  37. 	#sed -i -e "/core.schema/a include\t\t/etc/openldap/schema/cosine.schema" /tmp/slapd.conf
    38. 

  38. 	#sed -i -e "/cosine.schema/a include\t\t/etc/openldap/schema/inetorgperson.schema" /tmp/slapd.conf
    39. 

  39. 	
    40. 

  40. 	# Add configuration for TLS and set root password for config database.
    41. 

  41. 	cat <<-EOF >> /tmp/slapd.conf
    42. 

  42. 	
    43. 

  43. 	#TLSCACertificateFile ${SSL_PATH}/slurm.ch-rootCA.crt
    44. 

  44. 	#TLSCertificateFile ${SSL_PATH}/ldap.slurm.ch.crt
    45. 

  45. 	#TLSCertificateKeyFile ${SSL_PATH}/ldap.slurm.ch.key
    46. 

  46. 	#TLSCipherSuite HIGH:-SSLv2:-SSLv3
    47. 

  47. 

  48. #######################################################################
    49. 

  49. # Dynamic config
    50. 

  50. #######################################################################
    51. 

  51. 	
    52. 

  52. 	database 	config
    53. 

  53. 	rootDN 		"cn=admin,cn=config"
    54. 

  54. 	rootPW 		$config_rootpw_hash
    55. 

  55. 	EOF
    56. 

  56. 	
    57. 

  57. 	# Generate config database from slapd.conf file.
    58. 

  58. 	echo Generating configuration
    59. 

  59. 	slaptest -f /tmp/slapd.conf -F /etc/openldap/slapd.d
    60. 

  60. fi
    61. 

  61. 

  62. # Set all ownerships straight.	
    63. 

  63. chown -R ldap:ldap /etc/openldap/slapd.d
    64. 

  64. mkdir /var/lib/openldap/run || true
    65. 

  65. 

  66. echo Starting slapd with $@
    67. 

  67. exec "$@" 
    68.