Small improvments to the nss-pam-ldapd image.

- Set the client configuration (/etc/ldap/ldap.conf) according to the
environment variables.
- Add LDAP_REQCERT environment variable to set the certificate
validation.

nss-pam-ldapd/Dockerfile

@@ -9,13 +9,15 @@ RUN apt-get update && \
     mkdir -p /run/nslcd && \
     chown -R nslcd:nslcd /run/nslcd/ && \
     sed -i 's/compat/compat ldap/g' /etc/nsswitch.conf && \
-    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/* /etc/nslcd.conf
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /etc/nslcd.conf
 COPY --chown=root:root entrypoint /
 ENV LDAP_URIS=ldapi:/// \
     LDAP_AUTH_TYPE=none \
     LDAP_STARTTLS=false \
     LDAP_BASE_DN="dc=trusted" \
-    LDAP_CACERTFILE=/etc/ssl/certs/ca-certificates.crt
+    LDAP_CACERTFILE=/etc/ssl/certs/ca-certificates.crt \
+    LDAP_REQCERT=never
 ENTRYPOINT [ "/entrypoint" ]
 CMD [ "/usr/sbin/nslcd", "--nofork" ]
 HEALTHCHECK CMD pgrep nslcd || exit 1

nss-pam-ldapd/README.md

@@ -18,6 +18,7 @@ Name | Default value
 `LDAP_STARTTLS` | `false`
 `LDAP_BASE_DN` | `dc=trusted`
 `LDAP_CACERTFILE` | `/etc/ssl/certs/ca-certificates.crt`
+`LDAP_REQCERT` | `never`
 
 ## License
 

nss-pam-ldapd/entrypoint

@@ -19,6 +19,19 @@ nslcd	nslcd/ldap-cacertfile	string	${LDAP_CACERTFILE:-}
 nslcd	nslcd/ldap-sasl-secprops	string	${LDAP_SASL_SECPROPS:-}
 EOF
 
-dpkg-reconfigure -f noninteractive nslcd
+DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -f noninteractive nslcd
+
+cat << EOF | tee /etc/ldap/ldap.conf
+URI ${LDAP_URIS:-}
+BASE ${LDAP_BASE_DN:-}
+BINDDN ${LDAP_BINDDN:-}
+SASL_MECH ${LDAP_SASL_MECH:-}
+SASL_REALMa ${LDAP_SASL_REALM:-}
+SASL_AUTHCID ${LDAP_SASL_AUTHCID:-}
+SASL_AUTHZID ${LDAP_SASL_AUTHZID:-}
+SASL_SECPROPS ${LDAP_SASL_SECPROPS:-}
+TLS_CACERT  ${LDAP_SASL_SECPROPS:-}
+TLS_REQCERT ${LDAP_REQCERT:-}
+EOF
 
 eval exec gosu "nslcd:nslcd" "$@"