Commit bbe2609f authored by nimrod's avatar nimrod
Browse files

Revamp the LDAP Account Manager configuration.

Instead of a persistent volume with the configuration, use environment
variables.
parent c3a356a9
Loading
Loading
Loading
Loading
+7 −5
Original line number Diff line number Diff line
@@ -21,6 +21,8 @@ services:
    build:
      context: nss-pam-ldapd/
    command: /usr/sbin/nslcd --debug --nofork
    depends_on:
      - ldap
    environment:
      LDAP_BASE_DN: "${LDAP_BASE_DN:-dc=nowhere,dc=com}"
    volumes:
@@ -29,21 +31,21 @@ services:
  ldap-account-manager:
    build:
      context: ldap-account-manager/
    links:
    depends_on:
      - ldap
    environment:
      LAM_PASSWORD: "${LAM_PASSWORD:-foo}"
      LDAP_ADMIN_DN: "cn=admin,${LDAP_BASE_DN:-dc=nowhere,dc=com}"
      LDAP_BASE_DN: "${LDAP_BASE_DN:-dc=nowhere,dc=com}"
    ports:
      - 80:80
    restart: always
    volumes:
      - _run_slapd:/run/slapd
      - ldap-account-manager:/var/lib/ldap-account-manager

volumes:
  _run_slapd:
  ldap:
  ldap-account-manager:
    labels:
      snapshot: 'true'
  backup_ldap:
    labels:
      snapshot: 'true'
+9 −9
Original line number Diff line number Diff line
FROM debian:sid-slim
# hadolint ignore=DL3008
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        ca-certificates=20190110 \
        ldap-account-manager=6.7-1 \
        patch=2.7.6-4 \
        wget=1.20.1-1.1 \
        ca-certificates \
        gettext-base \
        ldap-account-manager \
        patch \
        wget \
    && \
    chmod 755 /var/log/apache2 && \
    ln -sf /dev/stdout /var/log/apache2/access.log && \
    ln -sf /dev/stderr /var/log/apache2/error.log && \
    ln -sf /dev/stdout /var/log/apache2/lam.log && \
    ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log && \
    mv /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg && \
    ln -sf /var/lib/ldap-account-manager/config/config.cfg /etc/ldap-account-manager/config.cfg && \
    mv /var/lib/ldap-account-manager /var/lib/ldap-account-manager.orig && \
    mkdir -m 755 /var/lib/ldap-account-manager && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
ENV APACHE_RUN_DIR=/run/apache2 \
    APACHE_LOG_DIR=/var/log/apache2 \
@@ -23,10 +21,12 @@ ENV APACHE_RUN_DIR=/run/apache2 \
    APACHE_PID_FILE=/run/apache2/apache2.pid
COPY --chown=root:root patch.diff /root/
COPY --chown=root:root entrypoint /entrypoint
COPY --chown=root:root lam-setpass /usr/local/sbin/
RUN patch --strip 0 --verbose --directory / --input /root/patch.diff && \
    apache2 -t
ENV LDAP_URI=ldapi:/// \
    LAM_PASSWORD=lam
EXPOSE 80
VOLUME /var/lib/ldap-account-manager
ENTRYPOINT [ "/entrypoint" ]
CMD [ "apache2", "-DFOREGROUND" ]
HEALTHCHECK CMD wget --spider --quiet http://localhost/lam/ --user-agent 'Healthcheck' || exit 1
+7 −6
Original line number Diff line number Diff line
@@ -2,13 +2,14 @@

> Dockerized LDAP Account Manager.

## Usage
## Environment variables

The image isn't configured with environment variables, instead it uses a volume
for `/var/lib/ldap-account-manager` that contains the application's
configuration files. On first run the default files are copied to the volume and
the configuration is done through the application itself. The default master
password is `lam`.
Name | Description | Default value
--- | --- | ---
`LAM_PASSWORD` | Password for administrating LAM | `lam`
`LDAP_URI` | URI of the LDAP service | `ldapi:///`
`LDAP_ADMIN_DN` | DN of the admin account
`LDAP_BASE_DN` | Base DN

## License

+11 −2
Original line number Diff line number Diff line
#!/bin/sh
set -eux

install -d -m 755 -o root -g root /var/lib/ldap-account-manager
cp --archive --no-clobber --verbose --no-target-directory /var/lib/ldap-account-manager.orig /var/lib/ldap-account-manager
# Render environment variables in the config file.
tempfile="$(mktemp)"
envsubst < /var/lib/ldap-account-manager/config/lam.conf > "$tempfile"
cat "$tempfile" > /var/lib/ldap-account-manager/config/lam.conf
rm "$tempfile"

# Set the password and unset the variable from memory.
chroot --userspec=www-data / /usr/local/sbin/lam-setpass "$LAM_PASSWORD"
unset LAM_PASSWORD

# Start the process.
eval exec "$@"
+15 −0
Original line number Diff line number Diff line
#!/usr/bin/env php
<?php

include_once('/usr/share/ldap-account-manager/lib/config.inc');

// For the general settings.
$cfg = new LAMCfgMain();
$cfg->setPassword($argv[1]);
$cfg->save();

// For the server profiles.
$conf = new LAMConfig("lam");
$conf->set_Passwd($argv[1]);
$conf->save();
Loading