From a54183b4be8ff80112f7dd4e4cd8509a36190ad2 Mon Sep 17 00:00:00 2001
From: Deon George <deon@leenooks.net>
Date: Wed, 17 May 2023 20:49:10 +1000
Subject: [PATCH] sed should be -i -e, not -ie, added TLS configuration

---
 Dockerfile    | 11 +++++++----
 certinfo.ldif |  9 +++++++++
 2 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 certinfo.ldif

diff --git a/Dockerfile b/Dockerfile
index bb2eff9..a9814ee 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,13 +4,13 @@
 FROM alpine
 
 # Change to http respositories, so they we can cache the install packages
-RUN if [ -n ${HTTP_PROXY} ] ; then sed -ie s'/https/http/' /etc/apk/repositories; fi
+RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositories; fi
 
 RUN apk add --no-cache bash openldap openldap-back-mdb openldap-clients
 
 ADD acl.ldif samba.ldif wurley.ldif /etc/openldap/schema/
-RUN sed -ie 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \
-	&& sed -ie 's/openldap-data/data/' /etc/openldap/slapd.ldif \
+RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \
+	&& sed -i -e 's/openldap-data/data/' /etc/openldap/slapd.ldif \
 	&& mv /var/lib/openldap/openldap-data /var/lib/openldap/data \
 	&& mkdir /etc/openldap/slapd.d \
 	&& slapadd -n 0 -F /etc/openldap/slapd.d -l /etc/openldap/slapd.ldif \
@@ -20,7 +20,10 @@ RUN sed -ie 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \
 	&& slapmodify -b cn=config -l /etc/openldap/schema/acl.ldif \
 	&& chown -R ldap:ldap /etc/openldap/slapd.d /var/lib/openldap/data
 
+ADD certinfo.ldif /etc/openldap/
+RUN slapmodify -b cn=config -l /etc/openldap/certinfo.ldif
+
 # Starting
 ENTRYPOINT [ "/usr/sbin/slapd" ]
-CMD [ "-u","ldap","-h","ldap:/// ldaps:///","-d","256" ]
+CMD [ "-u","ldap","-h","ldapi:/// ldap:/// ldaps:///","-d","256" ]
 EXPOSE 389 636
diff --git a/certinfo.ldif b/certinfo.ldif
new file mode 100644
index 0000000..5b2a4d6
--- /dev/null
+++ b/certinfo.ldif
@@ -0,0 +1,9 @@
+dn: cn=config
+add: olcTLSCACertificateFile
+olcTLSCACertificateFile: /etc/openldap/tls/ldap-ca.crts
+-
+add: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/openldap/tls/ldap-server.crt
+-
+add: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/openldap/tls/ldap-server.key