diff --git a/scripts/init-config.sh b/scripts/init-config.sh index ac5805a..031bc89 100644 --- a/scripts/init-config.sh +++ b/scripts/init-config.sh @@ -13,6 +13,20 @@ export LDAP_ADMIN_PASSWORD_HASH LDAP_CONFIG_PASSWORD_HASH # Create initial slapd.d configuration rm -rf /etc/openldap/slapd.d/* +# Build TLS attributes if enabled +TLS_CONFIG="" +if [ "$LDAP_TLS_ENABLED" = "true" ] && [ -f "$LDAP_TLS_CERT_FILE" ] && [ -f "$LDAP_TLS_KEY_FILE" ]; then + log_info "Adding TLS configuration..." + TLS_CONFIG="olcTLSCertificateFile: ${LDAP_TLS_CERT_FILE} +olcTLSCertificateKeyFile: ${LDAP_TLS_KEY_FILE}" + if [ -f "$LDAP_TLS_CA_FILE" ]; then + TLS_CONFIG="${TLS_CONFIG} +olcTLSCACertificateFile: ${LDAP_TLS_CA_FILE}" + fi + TLS_CONFIG="${TLS_CONFIG} +olcTLSVerifyClient: ${LDAP_TLS_VERIFY_CLIENT}" +fi + # Create base cn=config LDIF cat > /tmp/init-config.ldif << EOF dn: cn=config @@ -21,6 +35,7 @@ cn: config olcArgsFile: /run/openldap/slapd.args olcPidFile: /run/openldap/slapd.pid olcLogLevel: ${LDAP_LOG_LEVEL} +${TLS_CONFIG} dn: cn=module{0},cn=config objectClass: olcModuleList @@ -68,35 +83,6 @@ olcDbIndex: entryUUID eq olcDbMaxSize: 1073741824 EOF -# Add TLS configuration if enabled and certs exist -if [ "$LDAP_TLS_ENABLED" = "true" ] && [ -f "$LDAP_TLS_CERT_FILE" ] && [ -f "$LDAP_TLS_KEY_FILE" ]; then - log_info "Adding TLS configuration..." - cat >> /tmp/init-config.ldif << EOF - -dn: cn=config -changetype: modify -add: olcTLSCertificateFile -olcTLSCertificateFile: ${LDAP_TLS_CERT_FILE} -- -add: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: ${LDAP_TLS_KEY_FILE} -EOF - - if [ -f "$LDAP_TLS_CA_FILE" ]; then - cat >> /tmp/init-config.ldif << EOF -- -add: olcTLSCACertificateFile -olcTLSCACertificateFile: ${LDAP_TLS_CA_FILE} -EOF - fi - - cat >> /tmp/init-config.ldif << EOF -- -add: olcTLSVerifyClient -olcTLSVerifyClient: ${LDAP_TLS_VERIFY_CLIENT} -EOF -fi - # Import the configuration log_info "Importing cn=config with slapadd..." /usr/sbin/slapadd -n 0 -F /etc/openldap/slapd.d -l /tmp/init-config.ldif