diff --git a/Dockerfile b/Dockerfile index cf67f7b..3e2c941 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,8 +8,8 @@ RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositori RUN apk add --no-cache bash openldap openldap-back-mdb openldap-clients openldap-overlay-syncprov -ADD acl.ldif samba.ldif wurley.ldif /etc/openldap/schema/ -ADD certinfo.ldif /etc/openldap/ +ADD acl*.ldif samba.ldif wurley.ldif /etc/openldap/schema/ +ADD certinfo.ldif syncprov*ldif /etc/openldap/ RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \ && sed -i -e 's/openldap-data/data/' /etc/openldap/slapd.ldif \ && mv /var/lib/openldap/openldap-data /var/lib/openldap/data \ @@ -18,8 +18,12 @@ RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \ && slapadd -b cn=config -l /etc/openldap/schema/misc.ldif \ && slapadd -b cn=config -l /etc/openldap/schema/samba.ldif \ && slapadd -b cn=config -l /etc/openldap/schema/wurley.ldif \ - && slapmodify -b cn=config -l /etc/openldap/schema/acl.ldif \ && slapmodify -b cn=config -l /etc/openldap/certinfo.ldif \ + && slapmodify -b cn=config -l /etc/openldap/syncprov-enable.ldif \ + && slapmodify -b cn=config -l /etc/openldap/syncprov-options.ldif \ + && slapmodify -b cn=config -l /etc/openldap/syncprov-index.ldif \ + && slapmodify -b cn=config -l /etc/openldap/schema/acl-schema.ldif \ + && slapmodify -b cn=config -l /etc/openldap/schema/acl-data.ldif \ && mkdir /var/lib/openldap/run \ && chown -R ldap:ldap /etc/openldap/slapd.d /var/lib/openldap/data /var/lib/openldap/run diff --git a/acl.ldif b/acl-data.ldif similarity index 98% rename from acl.ldif rename to acl-data.ldif index ff8a802..d8d1678 100644 --- a/acl.ldif +++ b/acl-data.ldif @@ -1,6 +1,9 @@ dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcAccess +olcAccess: to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break olcAccess: to attrs=userPassword by self write by anonymous auth diff --git a/acl-schema.ldif b/acl-schema.ldif new file mode 100644 index 0000000..5eddabc --- /dev/null +++ b/acl-schema.ldif @@ -0,0 +1,6 @@ +dn: olcDatabase={0}config,cn=config +changetype: modify +replace: olcAccess +olcAccess: to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break diff --git a/syncprov-enable.ldif b/syncprov-enable.ldif new file mode 100644 index 0000000..3093893 --- /dev/null +++ b/syncprov-enable.ldif @@ -0,0 +1,4 @@ +dn: cn=module{0},cn=config +changetype: modify +add: olcModuleLoad +olcModuleLoad: syncprov.so diff --git a/syncprov-index.ldif b/syncprov-index.ldif new file mode 100644 index 0000000..3f14e24 --- /dev/null +++ b/syncprov-index.ldif @@ -0,0 +1,7 @@ +dn: olcDatabase={1}mdb,cn=config +changetype: modify +add: olcDbIndex +olcDbIndex: entryCSN eq +- +add: olcDbIndex +olcDbIndex: entryUUID eq diff --git a/syncprov-options.ldif b/syncprov-options.ldif new file mode 100644 index 0000000..b27abb3 --- /dev/null +++ b/syncprov-options.ldif @@ -0,0 +1,8 @@ +dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config +changetype: add +objectClass: olcOverlayConfig +objectClass: olcSyncProvConfig +olcOverlay: syncprov +olcSpNoPresent: TRUE +olcSpCheckpoint: 100 10 +olcSpSessionlog: 100