From 44aa2406f42cdef8f37e15011c184ea5c3d13c01 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 12 Aug 2018 07:28:01 +0300
Subject: [PATCH] Various improvements to slapd.

- Allow setting a debug level environment variable.
- Expose port 636 (ldaps).
- Install newer version of slapd from Debian backports.
- Cleaned up the entrypoint script.
---
 slapd/Dockerfile | 10 ++++++----
 slapd/entrypoint | 34 ++++++++--------------------------
 2 files changed, 14 insertions(+), 30 deletions(-)

diff --git a/slapd/Dockerfile b/slapd/Dockerfile
index 8b173d6..6a254ad 100644
--- a/slapd/Dockerfile
+++ b/slapd/Dockerfile
@@ -1,5 +1,6 @@
 FROM debian:stretch-slim
-RUN apt-get update && \
+RUN echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list && \
+    apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         gnutls-bin \
         ldap-utils \
@@ -8,9 +9,10 @@ RUN apt-get update && \
     mkdir -p /run/slapd && \
     rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
 COPY entrypoint /
-EXPOSE 389
+EXPOSE 389 636
 VOLUME [ "/var/lib/ldap" ]
-ENV LDAP_URLS="ldap:/// ldapi:/// ldaps:///"
+ENV LDAP_URLS="ldap:/// ldapi:/// ldaps:///" \
+    SLAPD_DEBUG_LEVEL="NONE"
 ENTRYPOINT [ "/entrypoint" ]
-CMD [ "slapd", "-F", "/etc/ldap/slapd.d", "-u", "openldap", "-g", "openldap", "-h", "\"$LDAP_URLS\"", "-d", "NONE" ]
+CMD [ "slapd", "-F", "/etc/ldap/slapd.d", "-u", "openldap", "-g", "openldap", "-h", "\"$LDAP_URLS\"", "-d", "$SLAPD_DEBUG_LEVEL" ]
 HEALTHCHECK CMD ldapsearch -b cn=config -H ldapi:/// > /dev/null || exit 1
diff --git a/slapd/entrypoint b/slapd/entrypoint
index 00205a9..b92073b 100755
--- a/slapd/entrypoint
+++ b/slapd/entrypoint
@@ -4,33 +4,15 @@ set -eux
 chown -R openldap:openldap /run/slapd
 chown -R openldap:openldap /var/lib/ldap
 
-if [ -n "${LDAP_ROOTPASS:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS}
-slapd slapd/internal/adminpw password ${LDAP_ROOTPASS}
-slapd slapd/password2 password ${LDAP_ROOTPASS}
-slapd slapd/password1 password ${LDAP_ROOTPASS}
+cat << EOF | debconf-set-selections -v
+slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS:-}
+slapd slapd/internal/adminpw password ${LDAP_ROOTPASS:-}
+slapd slapd/password2 password ${LDAP_ROOTPASS:-}
+slapd slapd/password1 password ${LDAP_ROOTPASS:-}
+slapd slapd/domain string ${LDAP_DOMAIN:-}
+slapd shared/organization string ${LDAP_ORGANIZATION:-}
 EOF
-fi
 
-if [ -n "${LDAP_DOMAIN:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd slapd/domain string ${LDAP_DOMAIN}
-EOF
-fi
-
-if [ -n "${LDAP_ORGANIZATION:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd shared/organization string ${LDAP_ORGANIZATION}
-EOF
-fi
-
-if [ -n "${LDAP_ROOTPASS:-}" ] || [ -n "${LDAP_DOMAIN:-}" ] || [ -n "${LDAP_ORGANIZATION:-}" ]
-then
-    dpkg-reconfigure -f noninteractive slapd
-fi
+dpkg-reconfigure -f noninteractive slapd
 
 eval exec "$@"
-- 
GitLab