diff --git a/certinfo.ldif b/certinfo.ldif deleted file mode 100644 index 5b2a4d6..0000000 --- a/certinfo.ldif +++ /dev/null @@ -1,9 +0,0 @@ -dn: cn=config -add: olcTLSCACertificateFile -olcTLSCACertificateFile: /etc/openldap/tls/ldap-ca.crts -- -add: olcTLSCertificateFile -olcTLSCertificateFile: /etc/openldap/tls/ldap-server.crt -- -add: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /etc/openldap/tls/ldap-server.key diff --git a/docker/Dockerfile b/docker/Dockerfile index 53bec73..9dd6155 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -# NAME leenooks/ldap +# NAME local/ldap # VERSION latest FROM alpine @@ -8,30 +8,30 @@ RUN if [ -n ${HTTP_PROXY} ] ; then sed -i -e s'/https/http/' /etc/apk/repositori RUN apk add --no-cache bash openldap openldap-back-mdb openldap-clients openldap-overlay-syncprov openldap-overlay-accesslog -ADD acl*.ldif samba.ldif wurley.ldif /etc/openldap/schema/ -ADD certinfo.ldif syncprov*ldif /etc/openldap/ +ADD schema /etc/openldap/schema/custom +ADD tls /etc/openldap/tls + RUN sed -i -e 's/dc=my-domain,dc=com/c=AU/' /etc/openldap/slapd.ldif \ && sed -i -e 's/openldap-data/data/' /etc/openldap/slapd.ldif \ && mv /var/lib/openldap/openldap-data /var/lib/openldap/data \ - && mkdir /etc/openldap/slapd.d \ - && slapadd -n 0 -F /etc/openldap/slapd.d -l /etc/openldap/slapd.ldif \ - && slapadd -b cn=config -l /etc/openldap/schema/misc.ldif \ - && slapadd -b cn=config -l /etc/openldap/schema/samba.ldif \ - && slapadd -b cn=config -l /etc/openldap/schema/wurley.ldif \ - && slapmodify -b cn=config -l /etc/openldap/certinfo.ldif \ - && slapmodify -b cn=config -l /etc/openldap/syncprov-enable.ldif \ - && slapmodify -b cn=config -l /etc/openldap/syncprov-options.ldif \ - && slapmodify -b cn=config -l /etc/openldap/syncprov-index.ldif \ - && slapmodify -b cn=config -l /etc/openldap/schema/acl-schema.ldif \ - && slapmodify -b cn=config -l /etc/openldap/schema/acl-data.ldif \ + && mkdir /etc/openldap/slapd.d /etc/openldap/schema/add.d /etc/openldap/schema/modify.d \ + && ln -s ../misc.ldif /etc/openldap/schema/add.d/01-misc.ldif \ + && ln -s ../custom/samba.ldif /etc/openldap/schema/add.d/02-samba.ldif \ + && ln -s ../custom/wurley.ldif /etc/openldap/schema/add.d/10-wurley.ldif \ + && ln -s ../custom/syncprov-enable.ldif /etc/openldap/schema/modify.d/20-syncprov-enable.ldif \ + && ln -s ../custom/syncprov-options.ldif /etc/openldap/schema/modify.d/21-syncprov-options.ldif \ + && ln -s ../custom/syncprov-index.ldif /etc/openldap/schema/modify.d/22-syncprov-index.ldif \ + && ln -s ../custom/certinfo.ldif /etc/openldap/schema/modify.d/23-certinfo.ldif \ + && ln -s ../custom/acl-schema.ldif /etc/openldap/schema/modify.d/90-acl-schema.ldif \ + && ln -s ../custom/acl-data.ldif /etc/openldap/schema/modify.d/91-acl-data.ldif \ && mkdir /var/lib/openldap/run \ && chown -R ldap:ldap /etc/openldap/slapd.d /var/lib/openldap/data /var/lib/openldap/run -ENV SLAPD_CONFIG /etc/openldap/slapd.d/cn=config -RUN cp -pr ${SLAPD_CONFIG} ${SLAPD_CONFIG}.orig +ENV SLAPD_CONFIG=/etc/openldap/slapd.d/cn=config COPY docker/init-docker /sbin/ # Starting ENTRYPOINT [ "/sbin/init-docker" ] +VOLUME [ "/var/lib/openldap/data" ] EXPOSE 389 636 diff --git a/docker/init-docker b/docker/init-docker index d04493b..722349d 100755 --- a/docker/init-docker +++ b/docker/init-docker @@ -1,9 +1,14 @@ -#!/bin/bash +#!/bin/sh set -e NAME="OPENLDAP" -SLAPD_CONFIG=${SLAPD_CONFIG:-"/etc/openldap/slapd.d/cn=config"} + +SLAPD_BASE=${SLAPD_BASE:-"/etc/openldap/slapd.d"} +SLAPD_CONFIG=${SLAPD_CONFIG:-"${SLAPD_BASE}/cn=config"} +SLAPD_INIT=${SLAPD_INIT:="/etc/openldap/slapd.ldif"} SLAPD_DEBUG=${SLAPD_DEBUG:-0} +SLAPD_URLS=${SLAPD_URLS:-"ldapi:/// ldap:/// ldaps:///"} +SLAPD_OPTIONS="${SLAPD_OPTIONS} -d ${SLAPD_DEBUG}" function stop { echo "Stopping ${NAME}" @@ -21,19 +26,39 @@ function mp() { trap 'stop' SIGTERM if [ -z "$@" ]; then - SLAPD_URLS="ldapi:/// ldap:/// ldaps:///" - SLAPD_OPTIONS="-d ${SLAPD_DEBUG}" - # If /etc/openldap is an external mount point - if mp ${SLAPD_CONFIG}; then - echo "* ${SLAPD_CONFIG} is mounted, checking for existing config" + if [ -e ${SLAPD_CONFIG}/olcDatabase=\{0\}config.ldif ]; then + echo "* [${SLAPD_CONFIG}] exists, ready to go" + else - if [ -f ${SLAPD_CONFIG}/olcDatabase=\{0\}config.ldif ]; then - echo "= ${SLAPD_CONFIG} existing configuration detected, aborting..." - else - echo "- ${SLAPD_CONFIG} populating default configuration" - cp -pr ${SLAPD_CONFIG}.orig/* ${SLAPD_CONFIG} - fi + echo "- [${SLAPD_CONFIG}] rebuilding schema configuration" + + slapadd -n 0 -F ${SLAPD_BASE} -l ${SLAPD_INIT} + + # Add custom schema definitions + for f in /etc/openldap/schema/add.d/*.ldif; do + [ -e "${f}" ] || continue + + echo "- Processing SCHEMA item [${f}]" + slapadd -b cn=config -l ${f} + done + + for f in /etc/openldap/schema/modify.d/*.ldif; do + [ -e "${f}" ] || continue + + echo "- Processing SCHEMA item [${f}]" + slapmodify -b cn=config -l ${f} + done + + # Add custom data definitions + for f in /etc/openldap/data/init.d/*.ldif; do + [ -e "${f}" ] || continue + + echo "- Processing DATA items [${f}]" + slapadd -b cn=config -l ${f} + done + + chown -R ldap:ldap ${SLAPD_CONFIG}* fi [ -x /usr/sbin/slapd ] && /usr/sbin/slapd -u ldap -h "${SLAPD_URLS}" $SLAPD_OPTIONS & diff --git a/acl-data.ldif b/schema/acl-data.ldif similarity index 100% rename from acl-data.ldif rename to schema/acl-data.ldif diff --git a/acl-schema.ldif b/schema/acl-schema.ldif similarity index 100% rename from acl-schema.ldif rename to schema/acl-schema.ldif diff --git a/schema/certinfo.ldif b/schema/certinfo.ldif new file mode 100644 index 0000000..1295d02 --- /dev/null +++ b/schema/certinfo.ldif @@ -0,0 +1,9 @@ +dn: cn=config +#add: olcTLSCACertificateFile +#olcTLSCACertificateFile: /etc/openldap/tls/ldap-ca.crts +#- +add: olcTLSCertificateFile +olcTLSCertificateFile: /etc/openldap/tls/default.crt +- +add: olcTLSCertificateKeyFile +olcTLSCertificateKeyFile: /etc/openldap/tls/default.key diff --git a/samba.ldif b/schema/samba.ldif similarity index 100% rename from samba.ldif rename to schema/samba.ldif diff --git a/syncprov-enable.ldif b/schema/syncprov-enable.ldif similarity index 100% rename from syncprov-enable.ldif rename to schema/syncprov-enable.ldif diff --git a/syncprov-index.ldif b/schema/syncprov-index.ldif similarity index 100% rename from syncprov-index.ldif rename to schema/syncprov-index.ldif diff --git a/syncprov-options.ldif b/schema/syncprov-options.ldif similarity index 100% rename from syncprov-options.ldif rename to schema/syncprov-options.ldif diff --git a/wurley.ldif b/schema/wurley.ldif similarity index 100% rename from wurley.ldif rename to schema/wurley.ldif diff --git a/tls/default.crt b/tls/default.crt new file mode 100644 index 0000000..824fb72 --- /dev/null +++ b/tls/default.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIJALsoV61BAIR7MA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV +BAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTENMAsGA1UE +ChMEQUNNRTEMMAoGA1UECxMDV2ViMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTgw +NjE5MjAxNTE5WhcNMjgwNjE2MjAxNTE5WjBgMQswCQYDVQQGEwJBVTEMMAoGA1UE +CBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxDTALBgNVBAoTBEFDTUUxDDAKBgNV +BAsTA1dlYjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAv0hEQONbM1iz6nwTWwFuByY0sBK8hXlgyOTJftnQr+ffhKXn +f30WovFmy1FBTUDa42T5Fsa6aihw+QAuLFtnMogZRIqp8Ow9ovGLv7Wo6KRoQ6Db +JJ0FofUBiMVQy79/alUlgEYwuPlgjWwl7+pPZobXjaytAfK7WcGxMKiy6cBpFHMD +LOGNsnjSyFDZtRSMyOd07SZDhS1J5IV25v76URsyYQU+kriqZK8AkC2emz/hkcVF +10nlli2R6JsidiwN4JAPG1zKA3p0Ki0R6uG//1dQ9MuCIiCZkJklmg3ZmhjpBCY0 +n+nB+F3XSDsyYR7MWZvfRHyx3w/WVpGdVymmrwIDAQABo4HmMIHjMBEGCWCGSAGG ++EIBAQQEAwIGQDAdBgNVHQ4EFgQUV31E9ULcEQkSmlgq1uQ0WiyR/DswgZIGA1Ud +IwSBijCBh4AUV31E9ULcEQkSmlgq1uQ0WiyR/DuhZKRiMGAxCzAJBgNVBAYTAkFV +MQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTENMAsGA1UEChMEQUNN +RTEMMAoGA1UECxMDV2ViMRIwEAYDVQQDEwlsb2NhbGhvc3SCCQC7KFetQQCEezAa +BgNVHREEEzARhwR/AAABgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAAZL +WWeY7sbVX6noNjiQWe9jzBKG994f5/Q5dpqT6ZHpLsSU2AQ85QfUXma3rAPwSj0+ +C4V7IRlrwlFXXqe8LxWxEJo0DlHOqDZTxQpHvmwATRxTBHDOS4kMjbj5oAwq0yXz +dNxxOI5Pv9j6VIMMIgW6dFnh/GRG5w5lndtWisCU8ydG/PkeMkvi3OTQDTq64qgp +lt0OTDkTyoWmpq46k3NDR2n6ar7DwEmamMWPkR9rNLjOde2AlKMuNZ4wUMVAYasr +xDMmMCe/matHd6Ry2kvBkBRFkFaJyR2+D2vpYSbT8fSFOKv6w+5qJI8pOQ1Yn+Di +3+EttBcVhrZfxoL8jYw= +-----END CERTIFICATE----- diff --git a/tls/default.key b/tls/default.key new file mode 100644 index 0000000..4cccc71 --- /dev/null +++ b/tls/default.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/SERA41szWLPq +fBNbAW4HJjSwEryFeWDI5Ml+2dCv59+Eped/fRai8WbLUUFNQNrjZPkWxrpqKHD5 +AC4sW2cyiBlEiqnw7D2i8Yu/tajopGhDoNsknQWh9QGIxVDLv39qVSWARjC4+WCN +bCXv6k9mhteNrK0B8rtZwbEwqLLpwGkUcwMs4Y2yeNLIUNm1FIzI53TtJkOFLUnk +hXbm/vpRGzJhBT6SuKpkrwCQLZ6bP+GRxUXXSeWWLZHomyJ2LA3gkA8bXMoDenQq +LRHq4b//V1D0y4IiIJmQmSWaDdmaGOkEJjSf6cH4XddIOzJhHsxZm99EfLHfD9ZW +kZ1XKaavAgMBAAECggEAaJje4dCxZVGDCJ0ShHgyr2wf8Yw9VIt79j7NRDVdXWNh +IYsLHPbM8wsoV9O17sWhLClh4CeJdlVo+XA0z4Kn2sT7dDSTGzBDwB9veMSgeZ61 +eQ2z58CJfPeaAC1NsiykQwQOfqdjKzMKrirOT/QDuR/RLSKYdHFEK5+0AdSuCQ2A +PV68FX6BnKfR/LDt6auN43ISdrnXRFna5Helyel2l3Jv/ooz9FeeTbXUa9cQcrXM +tMvd8GMr4oLnhKROcec0bTOy/3ZymbEvjjQvgxukivLLOUbQiwp2lfQWcFna4cOL +apGeameOHQceF4iIibnbDo073jS3m02WBH0ScRsj2QKBgQDxRWZWSGuJkFQOoW/b +uuwu26RAFdXLsxr2G9XMIZR+rpmhq5EoM4CL/YI5syChgYgxAj8UfwYg93wuGkN8 +5VPhuytH5MIDsXq9Ci2b+WQrF5sxDK3MA3FieFZByVX80JNXtVUudzqQ6wJ1OEsY +wB+h2Uu9zssNZVugPh3wb5BsLQKBgQDK9aN97C3JtLW+xOoEYW1iCputwoDWIIqk +i6fi0mTQiQ+YbliaXWS/F7tJrUHvFFgJLZcpDKaEaN5WFjFHU+1zUDtotEiJ7bTQ +fuoyWY/8VpWn6RKwukL+mfIm2n7ZT6FC8YBU6lRPEmuGwrvuUstmIcKaAJ2bPvRt +vhRRY3u7ywKBgDIjPOADTq2Ym48qxyb/UiNuq1RR9UrOXnT0VdqEw+oLeIubLqAP +C9CLjutUqRxG4bllgRxORUTGiTy/YnTq5yKKlbTr+dFwqVPtcIrwKXu2/R4VR2yU +7pQK88naAA94fJYGbbwpNLd2ztzzJM/w5OHqWQ4JkjKndIH5Rpl3ZajFAoGABWqa +y2CDNE/bTdUJfcZv2d74mqGHOK+zo4KKn3YH9LzDqsi/GpeFecgTWnsCOHQtiUkr +MJBC3WPDEz8SX5nwy1QH0dqF2RB789h/PYrAWfahldKVihveb9cB7GGGYxxJ7HRv +fVSnnVibgAQwacLR5M7f16ZOjncWpNsexbFG+xMCgYEAj1V64k9Lz554EDCNZMQS +mzgqYg6ck+GYL/W6hdE/N3zc+KJKF4ztM/c987BbFgpJQp+uYF43jRmOcv1Oab43 +mpuvZ2rDSPqrqM+fdHIx2oLPNBdBc9abTX7sQtK4WSTp16gs+MqfMWRklxWsMwWE +fO6SmAU27aAzfOccuvx3glQ= +-----END PRIVATE KEY-----