docker/ldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add all backends and overlays, configure dynlist, enhancements to startup to allow schema modification
All checks were successful
Create Docker Image / Build Docker Image (x86_64) (push) Successful in 18s
Details
Create Docker Image / Build Docker Image (arm64) (push) Successful in 44s
Details
Create Docker Image / Final Docker Image Manifest (push) Successful in 8s
Details

Browse Source
This commit is contained in:
Deon George 2025-03-20 11:19:50 +11:00
parent 95f1cf6cd1
commit 086a28bb33
4 changed files with 43 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docker/Dockerfile
View File

@ -6,7 +6,8 @@ FROM alpine
# Change to http respositories, so they we can cache the install packages # Change to http respositories, so they we can cache the install packages
RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
RUN apk add --no-cache bash openldap openldap-back-mdb openldap-clients openldap-overlay-syncprov openldap-overlay-accesslog RUN apk add --no-cache bash openldap openldap-backend-all openldap-clients openldap-overlay-all \
openldap-passwd-argon2 openldap-passwd-pbkdf2 openldap-passwd-sha2
ADD schema /etc/openldap/schema/custom ADD schema /etc/openldap/schema/custom
ADD tls /etc/openldap/tls ADD tls /etc/openldap/tls
@ -16,11 +17,13 @@ RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \
&& mv /var/lib/openldap/openldap-data /var/lib/openldap/data \ && mv /var/lib/openldap/openldap-data /var/lib/openldap/data \
&& mkdir /etc/openldap/slapd.d /etc/openldap/schema/add.d /etc/openldap/schema/modify.d /etc/openldap/schema/data.d \ && mkdir /etc/openldap/slapd.d /etc/openldap/schema/add.d /etc/openldap/schema/modify.d /etc/openldap/schema/data.d \
&& ln -s ../misc.ldif /etc/openldap/schema/add.d/01-misc.ldif \ && ln -s ../misc.ldif /etc/openldap/schema/add.d/01-misc.ldif \
&& ln -s ../dyngroup.ldif /etc/openldap/schema/add.d/01-dyngroup.ldif \
&& ln -s ../custom/samba.ldif /etc/openldap/schema/add.d/02-samba.ldif \ && ln -s ../custom/samba.ldif /etc/openldap/schema/add.d/02-samba.ldif \
&& ln -s ../custom/wurley.ldif /etc/openldap/schema/add.d/10-wurley.ldif \ && ln -s ../custom/wurley.ldif /etc/openldap/schema/add.d/10-wurley.ldif \
&& ln -s ../custom/syncprov-enable.ldif /etc/openldap/schema/modify.d/20-syncprov-enable.ldif \ && ln -s ../custom/modules-enable.ldif /etc/openldap/schema/modify.d/20-modules-enable.ldif \
&& ln -s ../custom/syncprov-options.ldif /etc/openldap/schema/modify.d/21-syncprov-options.ldif \ && ln -s ../custom/syncprov-options.ldif /etc/openldap/schema/modify.d/21-syncprov-options.ldif \
&& ln -s ../custom/syncprov-index.ldif /etc/openldap/schema/modify.d/22-syncprov-index.ldif \ && ln -s ../custom/syncprov-index.ldif /etc/openldap/schema/modify.d/22-syncprov-index.ldif \
&& ln -s ../custom/dynlist-options.ldif /etc/openldap/schema/modify.d/23-dynlist-options.ldif \
&& ln -s ../custom/certinfo.ldif /etc/openldap/schema/modify.d/23-certinfo.ldif \ && ln -s ../custom/certinfo.ldif /etc/openldap/schema/modify.d/23-certinfo.ldif \
&& ln -s ../custom/acl-schema.ldif /etc/openldap/schema/modify.d/90-acl-schema.ldif \ && ln -s ../custom/acl-schema.ldif /etc/openldap/schema/modify.d/90-acl-schema.ldif \
&& ln -s ../custom/acl-data.ldif /etc/openldap/schema/modify.d/91-acl-data.ldif \ && ln -s ../custom/acl-data.ldif /etc/openldap/schema/modify.d/91-acl-data.ldif \

26
docker/init-docker
View File

@ -10,11 +10,21 @@ SLAPD_DEBUG=${SLAPD_DEBUG:-0}
SLAPD_URLS=${SLAPD_URLS:-"ldapi:/// ldap:/// ldaps:///"} SLAPD_URLS=${SLAPD_URLS:-"ldapi:/// ldap:/// ldaps:///"}
SLAPD_OPTIONS="${SLAPD_OPTIONS} -d ${SLAPD_DEBUG}" SLAPD_OPTIONS="${SLAPD_OPTIONS} -d ${SLAPD_DEBUG}"
SLAPD_SCHEMA_BASE=${SLAPD_SCHEMA_BASE:-"/etc/openldap/schema"} SLAPD_SCHEMA_BASE=${SLAPD_SCHEMA_BASE:-"/etc/openldap/schema"}
SLAPD_DBS=${SLAPD_DBS:-10}
SLAPD_CUSTOM_BASES=${SLAPD_CUSTOM_BASES:-"/ldap/bases"} SLAPD_CUSTOM_BASES=${SLAPD_CUSTOM_BASES:-"/ldap/bases"}
SLAPD_CUSTOM_SCHEMA=${SLAPD_CUSTOM_SCHEMA:-"/ldap/schema"} SLAPD_CUSTOM_SCHEMA=${SLAPD_CUSTOM_SCHEMA:-"/ldap/schema"}
SLAPD_CUSTOM_DATA=${SLAPD_CUSTOM_DATA:-"/ldap/data"} SLAPD_CUSTOM_DATA=${SLAPD_CUSTOM_DATA:-"/ldap/data"}
# The flow of activity when a DB doesnt exist
# * items in SLAPD_CUSTOM_SCHEMA/[add|modify] are queued for inclusion in SLAPD_SCHEMA_BASE/[add.d|modify.d]
# * items in SLAPD_CUSTOM_DATA are queued for inclusion in SLAPD_SCHEMA_BASE/data.d
# * items in SLAPD_CUSTOM_BASES are slapadd'ed to the server
# * items in SLAPD_SCHEMA_BASE/add.d are slapadd'ed to the server
# * items in SLAPD_SCHEMA_BASE/modify.d are slapmodify'ed to the server
# * items in SLAPD_SCHEMA_BASE/data.d/ are combined (first 2 chars are DB id) and slapadd'ed to the server
function stop { function stop {
echo "Stopping ${NAME}" echo "Stopping ${NAME}"
kill $(pidof slapd) kill $(pidof slapd)
@ -41,11 +51,18 @@ if [ -z "$@" ]; then
# Check if we have any custom schema to add # Check if we have any custom schema to add
[ -d ${SLAPD_SCHEMA_BASE}/add.d ] || mkdir ${SLAPD_SCHEMA_BASE}/add.d [ -d ${SLAPD_SCHEMA_BASE}/add.d ] || mkdir ${SLAPD_SCHEMA_BASE}/add.d
[ -d ${SLAPD_SCHEMA_BASE}/modify.d ] || mkdir ${SLAPD_SCHEMA_BASE}/modify.d
if [ -d ${SLAPD_CUSTOM_SCHEMA} ]; then if [ -d ${SLAPD_CUSTOM_SCHEMA} ]; then
for f in ${SLAPD_CUSTOM_SCHEMA}/*.ldif; do for f in ${SLAPD_CUSTOM_SCHEMA}/add/*.ldif; do
echo "- Adding SCHEMA item [${f}]" echo "- Adding SCHEMA item [${f}]"
ln -s ${f} ${SLAPD_SCHEMA_BASE}/add.d ln -s ${f} ${SLAPD_SCHEMA_BASE}/add.d
done done
for f in ${SLAPD_CUSTOM_SCHEMA}/modify/*.ldif; do
echo "- Modify SCHEMA item [${f}]"
ln -s ${f} ${SLAPD_SCHEMA_BASE}/modify.d
done
fi fi
# Check if we have any custom data to add # Check if we have any custom data to add
@ -79,9 +96,12 @@ if [ -z "$@" ]; then
shopt -u nullglob shopt -u nullglob
# Add custom data definitions # Add custom data definitions
for i in 01 03 04 05 06 07; do for i in $(seq -w 0 ${SLAPD_DBS}); do
ls -al ${SLAPD_SCHEMA_BASE}/data.d/${i}-* >/dev/null 2>&1 || continue
echo "- Processing DATABASE item(s) for DB [${i}]" echo "- Processing DATABASE item(s) for DB [${i}]"
if ! ls -al ${SLAPD_SCHEMA_BASE}/data.d/${i}-* >/dev/null 2>&1; then
echo " - Nothing to process"
continue
fi
cat ${SLAPD_SCHEMA_BASE}/data.d/${i}-* | slapadd -n ${i} cat ${SLAPD_SCHEMA_BASE}/data.d/${i}-* | slapadd -n ${i}
done done

11
schema/dynlist-options.ldif Normal file
View File

@ -0,0 +1,11 @@
dn: olcOverlay=dynlist,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcDynListConfig
olcOverlay: dynlist
olcDynListAttrSet: nisMailAlias labeledURI
#olcDynListAttrSet: groupOfURLs memberURL memberOf
#olcDynListAttrSet: groupOfURLs memberURL member+dgMemberOf
#olcDynListAttrSet: groupOfURLs memberURL member
#olcDynListAttrSet: groupOfURLs memberURL member
#olcDynListAttrSet: groupOfURLs labeledURI member

1
schema/syncprov-enable.ldif → schema/modules-enable.ldif
View File

@ -3,3 +3,4 @@ changetype: modify
add: olcModuleLoad add: olcModuleLoad
olcModuleLoad: syncprov.so olcModuleLoad: syncprov.so
olcModuleLoad: accesslog.so olcModuleLoad: accesslog.so
olcModuleLoad: dynlist.so