Skip to content
Snippets Groups Projects
Select Git revision
  • f9637171e441052d514cd381b2742022b1efbc70
  • master default
  • host01
  • ns4
  • kodi
5 results

docker-compose.yml

Blame
    • entrypoint 2.10 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73 
    

    

    

    #!/bin/sh
set -eux

# Get the root password hash and unset the cleartext password.
PASSWORD_HASH="$(slappasswd -ns "$LDAP_ROOTPASS")"
unset LDAP_ROOTPASS
export PASSWORD_HASH

# See https://github.com/moby/moby/issues/8231
# shellcheck disable=SC3045
ulimit -n 1024 || true

# Base DN.
BASE_DN="dc=$(echo "$LDAP_DOMAIN" | sed 's/^\.//; s/\.$//; s/\./,dc=/g')"
export BASE_DN

# DC.
DC="$(echo "$LDAP_DOMAIN" | sed 's/^\.//; s/\..*$//')"
export DC

# Generate self-signed certificates if none are provided.
if [ "${SSL_CERT_FILE:-}" = "/etc/ssl/certs/ssl-cert-snakeoil.pem" ] || \
   [ "${SSL_KEY_FILE:-}" = "/etc/ssl/private/ssl-cert-snakeoil.key" ]
then
    echo Generating self-signed key and certificate. >&2
    DEBIAN_FRONTEND=noninteractive time fakeroot make-ssl-cert generate-default-snakeoil --force-overwrite
fi

# Generate random DH parameters.
if [ -z "${SSL_DHPARAMS_FILE:-}" ] || [ ! -f "${SSL_DHPARAMS_FILE:-}" ]
then
    echo Generating DH parameters, this will take a while. >&2
    export SSL_DHPARAMS_FILE='/usr/share/slapd/dh.pem'
    time openssl dhparam -out "$SSL_DHPARAMS_FILE" 2048
fi

# Run slapadd with the correct user and location of the config directory.
alias slapadd='slapadd -gv -F /var/lib/ldap/config'

# Create configuration is none is present.
if [ -z "$(find /var/lib/ldap/config -maxdepth 1 -mindepth  1)" ]
then
    echo No configuration found, generating a new one. >&2
    SLAPD_UID="$(id -u openldap)"
    export SLAPD_UID
    SLAPD_GID="$(id -g openldap)"
    export SLAPD_GID
    # shellcheck disable=SC2002
    cat /usr/share/slapd/config.ldif | envsubst | slapadd -b 'cn=config'
fi

# Create directory if none is present.
if [ -z "$(find /var/lib/ldap/data -maxdepth 1 -mindepth 1)" ]
then
    echo No directory found, generating a new one, >&2
    # shellcheck disable=SC2002
    cat /usr/share/slapd/skel.ldif | envsubst | slapadd -b "$BASE_DN"
fi

# Configure the client.
cat >> /etc/ldap/ldap.conf <<EOF
URI         ldapi:///
SASL_MECH   EXTERNAL
BASE        $BASE_DN
TLS_CACERT  /etc/ssl/certs/ca-certificates.crt
EOF

# Unset the root password hash.
unset PASSWORD_HASH

# Run CMD.
eval exec "$*"