#!/bin/sh set -eux # Get the root password hash and unset the cleartext password. PASSWORD_HASH="$(slappasswd -ns "$LDAP_ROOTPASS")" unset LDAP_ROOTPASS export PASSWORD_HASH # See https://github.com/moby/moby/issues/8231 # shellcheck disable=SC2039 ulimit -n 1024 || true # Base DN. BASE_DN="dc=$(echo "$LDAP_DOMAIN" | sed 's/^\.//; s/\.$//; s/\./,dc=/g')" export BASE_DN # DC. DC="$(echo "$LDAP_DOMAIN" | sed 's/^\.//; s/\..*$//')" export DC # Generate self-signed certificates if none are provided. if [ "${SSL_CERT_FILE:-}" = "/etc/ssl/certs/ssl-cert-snakeoil.pem" ] || \ [ "${SSL_KEY_FILE:-}" = "/etc/ssl/private/ssl-cert-snakeoil.key" ] then echo Generating self-signed key and certificate. >&2 DEBIAN_FRONTEND=noninteractive time fakeroot make-ssl-cert generate-default-snakeoil --force-overwrite fi # Generate random DH parameters. if [ -z "${SSL_DHPARAMS_FILE:-}" ] || [ ! -f "${SSL_DHPARAMS_FILE:-}" ] then echo Generating DH parameters, this will take a while. >&2 export SSL_DHPARAMS_FILE='/usr/share/slapd/dh.pem' time openssl dhparam -out "$SSL_DHPARAMS_FILE" 2048 fi # Run slapadd with the correct user and location of the config directory. alias slapadd='slapadd -gv -F /var/lib/ldap/config' # Create configuration is none is present. if [ -z "$(find /var/lib/ldap/config -maxdepth 1 -mindepth 1)" ] then echo No configuration found, generating a new one. >&2 SLAPD_UID="$(id -u openldap)" export SLAPD_UID SLAPD_GID="$(id -g openldap)" export SLAPD_GID # shellcheck disable=SC2002 cat /usr/share/slapd/config.ldif | envsubst | slapadd -b 'cn=config' fi # Create directory if none is present. if [ -z "$(find /var/lib/ldap/data -maxdepth 1 -mindepth 1)" ] then echo No directory found, generating a new one, >&2 # shellcheck disable=SC2002 cat /usr/share/slapd/skel.ldif | envsubst | slapadd -b "$BASE_DN" fi # Configure the client. cat >> /etc/ldap/ldap.conf <