Imported sources.
This commit is contained in:
78
entrypoint.sh
Normal file
78
entrypoint.sh
Normal file
@@ -0,0 +1,78 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
CERTS_DIR="/etc/ldap/certs"
|
||||
DATA_DIR="/var/lib/ldap"
|
||||
SLAPD_D="/etc/ldap/slapd.d"
|
||||
INITIALIZED_FLAG="$DATA_DIR/.initialized"
|
||||
CA_CERT_NAME="ca_cert.pem"
|
||||
SERVER_CERT_NAME="server_cert.pem"
|
||||
SERVER_KEY_NAME="server_key.pem"
|
||||
|
||||
echo "Starting OpenLDAP entrypoint..."
|
||||
|
||||
base_dn="${LDAP_BASE_DN:-dc=example,dc=org}"
|
||||
domain="${LDAP_DOMAIN:-example.org}"
|
||||
org="${LDAP_ORG:-Example Org}"
|
||||
password="${LDAP_PASSWORD:-changeit}"
|
||||
admin_password="${LDAP_ADMIN_PASSWORD:-$password}"
|
||||
|
||||
echo "Base DN : $base_dn"
|
||||
echo "Domain : $domain"
|
||||
echo "Org : $org"
|
||||
|
||||
tls_enabled="0"
|
||||
if [ -f "$CERTS_DIR/$CA_CERT_NAME" ] && [ -f "$CERTS_DIR/$SERVER_CERT_NAME" ] && [ -f "$CERTS_DIR/$SERVER_KEY_NAME" ]; then
|
||||
tls_enabled="1"
|
||||
fi
|
||||
if [ "$tls_enabled" = "1" ]; then
|
||||
echo "TLS : enabled"
|
||||
else
|
||||
echo "TLS : disabled"
|
||||
fi
|
||||
|
||||
echo "Ensuring slapd runtime directory..."
|
||||
mkdir -p /var/run/slapd
|
||||
chown openldap:openldap /var/run/slapd
|
||||
|
||||
if [ ! -f "$INITIALIZED_FLAG" ]; then
|
||||
echo "First run - configuring slapd via debconf..."
|
||||
cat <<EOF | debconf-set-selections
|
||||
slapd slapd/no_configuration boolean false
|
||||
slapd slapd/dump_database select when needed
|
||||
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
|
||||
slapd slapd/move_old_database boolean false
|
||||
slapd slapd/domain string $domain
|
||||
slapd shared/organization string $org
|
||||
slapd slapd/password1 password $admin_password
|
||||
slapd slapd/password2 password $admin_password
|
||||
slapd slapd/purge_database boolean false
|
||||
slapd slapd/internal/adminpw1 password $admin_password
|
||||
slapd slapd/internal/generated_adminpw password $admin_password
|
||||
EOF
|
||||
|
||||
echo "Running dpkg-reconfigure slapd..."
|
||||
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -f noninteractive slapd
|
||||
echo "dpkg-reconfigure complete."
|
||||
|
||||
echo "Running bootstrap init..."
|
||||
LDAP_BASE_DN="$base_dn" \
|
||||
LDAP_PASSWORD="$password" \
|
||||
TLS_ENABLED="$tls_enabled" \
|
||||
python3 -u /bootstrap/init.py
|
||||
else
|
||||
echo "Already initialised - skipping bootstrap."
|
||||
fi
|
||||
|
||||
slapd_url="ldapi:/// ldap://:389/"
|
||||
if [ "$tls_enabled" = "1" ]; then
|
||||
slapd_url="$slapd_url ldaps://:636/"
|
||||
fi
|
||||
|
||||
echo "Launching slapd (URLs: $slapd_url)..."
|
||||
exec slapd \
|
||||
-F "$SLAPD_D" \
|
||||
-u openldap \
|
||||
-g openldap \
|
||||
-d 0 \
|
||||
-h "$slapd_url"
|
||||
Reference in New Issue
Block a user