Various improvements to slapd.

- Allow setting a debug level environment variable. - Expose port 636 (ldaps). - Install newer version of slapd from Debian backports. - Cleaned up the entrypoint script.

Various improvements to slapd.
44aa2406 · nimrod · 12278cf3 · 44aa2406 · 44aa2406
Commit 44aa2406 authored 6 years ago by nimrod
--- a/slapd/Dockerfile
+++ b/slapd/Dockerfile
 FROM debian:stretch-slim
-RUN apt-get update && \
+RUN echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list && \
+    apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        gnutls-bin \
        ldap-utils \
@@ -8,9 +9,10 @@ RUN apt-get update && \
    mkdir -p /run/slapd && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
 COPY entrypoint /
-EXPOSE 389
+EXPOSE 389 636
 VOLUME [ "/var/lib/ldap" ]
-ENV LDAP_URLS="ldap:/// ldapi:/// ldaps:///"
+ENV LDAP_URLS="ldap:/// ldapi:/// ldaps:///" \
+    SLAPD_DEBUG_LEVEL="NONE"
 ENTRYPOINT [ "/entrypoint" ]
-CMD [ "slapd", "-F", "/etc/ldap/slapd.d", "-u", "openldap", "-g", "openldap", "-h", "\"$LDAP_URLS\"", "-d", "NONE" ]
+CMD [ "slapd", "-F", "/etc/ldap/slapd.d", "-u", "openldap", "-g", "openldap", "-h", "\"$LDAP_URLS\"", "-d", "$SLAPD_DEBUG_LEVEL" ]
 HEALTHCHECK CMD ldapsearch -b cn=config -H ldapi:/// > /dev/null || exit 1
--- a/slapd/entrypoint
+++ b/slapd/entrypoint
@@ -4,33 +4,15 @@ set -eux
 chown -R openldap:openldap /run/slapd
 chown -R openldap:openldap /var/lib/ldap

-if [ -n "${LDAP_ROOTPASS:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS}
-slapd slapd/internal/adminpw password ${LDAP_ROOTPASS}
-slapd slapd/password2 password ${LDAP_ROOTPASS}
-slapd slapd/password1 password ${LDAP_ROOTPASS}
+cat << EOF | debconf-set-selections -v
+slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS:-}
+slapd slapd/internal/adminpw password ${LDAP_ROOTPASS:-}
+slapd slapd/password2 password ${LDAP_ROOTPASS:-}
+slapd slapd/password1 password ${LDAP_ROOTPASS:-}
+slapd slapd/domain string ${LDAP_DOMAIN:-}
+slapd shared/organization string ${LDAP_ORGANIZATION:-}
 EOF
-fi

-if [ -n "${LDAP_DOMAIN:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd slapd/domain string ${LDAP_DOMAIN}
-EOF
-fi
-
-if [ -n "${LDAP_ORGANIZATION:-}" ]
-then
-cat <<EOF | debconf-set-selections
-slapd shared/organization string ${LDAP_ORGANIZATION}
-EOF
-fi
-
-if [ -n "${LDAP_ROOTPASS:-}" ] || [ -n "${LDAP_DOMAIN:-}" ] || [ -n "${LDAP_ORGANIZATION:-}" ]
-then
 dpkg-reconfigure -f noninteractive slapd
-fi

 eval exec "$@"