wbyc/docker-openldap
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: wbyc:0.1.4
Branches Tags
wbyc:main
wbyc:master
wbyc:0.1.5
wbyc:0.1.4
wbyc:0.1.3
wbyc:0.1.2
wbyc:0.1.1
wbyc:v0.1.0
...
compare: wbyc:main
Branches Tags
wbyc:main
wbyc:master
wbyc:0.1.5
wbyc:0.1.4
wbyc:0.1.3
wbyc:0.1.2
wbyc:0.1.1
wbyc:v0.1.0

1 Commits
0.1.4 ... main

Author SHA1 Message Date
Patrick de Ruiter
c66df72e8d
fix: include TLS config in initial cn=config entry
Some checks failed
CI Pipeline / lint (push) Successful in 20s
Details
CI Pipeline / build (push) Successful in 1m2s
Details
CI Pipeline / test (push) Successful in 1m2s
Details
CI Pipeline / security-scan (push) Successful in 1m32s
Details
CI Pipeline / autotag (push) Successful in 25s
Details
CI Pipeline / push (push) Successful in 22s
Details
CI Pipeline / update-cd (push) Failing after 17s
Details 
slapadd doesn't understand LDIF change records (changetype: modify).
Move TLS configuration attributes directly into the cn=config entry
instead of using a separate modify operation.
 2025-12-28 02:06:15 +01:00
1 changed files with 15 additions and 29 deletions
Show Stats Expand all files Collapse all files

44
scripts/init-config.sh
View File

@ -13,6 +13,20 @@ export LDAP_ADMIN_PASSWORD_HASH LDAP_CONFIG_PASSWORD_HASH
# Create initial slapd.d configuration # Create initial slapd.d configuration
rm -rf /etc/openldap/slapd.d/* rm -rf /etc/openldap/slapd.d/*
# Build TLS attributes if enabled
TLS_CONFIG=""
if [ "$LDAP_TLS_ENABLED" = "true" ] && [ -f "$LDAP_TLS_CERT_FILE" ] && [ -f "$LDAP_TLS_KEY_FILE" ]; then
log_info "Adding TLS configuration..."
TLS_CONFIG="olcTLSCertificateFile: ${LDAP_TLS_CERT_FILE}
olcTLSCertificateKeyFile: ${LDAP_TLS_KEY_FILE}"
if [ -f "$LDAP_TLS_CA_FILE" ]; then
TLS_CONFIG="${TLS_CONFIG}
olcTLSCACertificateFile: ${LDAP_TLS_CA_FILE}"
fi
TLS_CONFIG="${TLS_CONFIG}
olcTLSVerifyClient: ${LDAP_TLS_VERIFY_CLIENT}"
fi
# Create base cn=config LDIF # Create base cn=config LDIF
cat > /tmp/init-config.ldif << EOF cat > /tmp/init-config.ldif << EOF
dn: cn=config dn: cn=config
@ -21,6 +35,7 @@ cn: config
olcArgsFile: /run/openldap/slapd.args olcArgsFile: /run/openldap/slapd.args
olcPidFile: /run/openldap/slapd.pid olcPidFile: /run/openldap/slapd.pid
olcLogLevel: ${LDAP_LOG_LEVEL} olcLogLevel: ${LDAP_LOG_LEVEL}
${TLS_CONFIG}
dn: cn=module{0},cn=config dn: cn=module{0},cn=config
objectClass: olcModuleList objectClass: olcModuleList
@ -68,35 +83,6 @@ olcDbIndex: entryUUID eq
olcDbMaxSize: 1073741824 olcDbMaxSize: 1073741824
EOF EOF
# Add TLS configuration if enabled and certs exist
if [ "$LDAP_TLS_ENABLED" = "true" ] && [ -f "$LDAP_TLS_CERT_FILE" ] && [ -f "$LDAP_TLS_KEY_FILE" ]; then
log_info "Adding TLS configuration..."
cat >> /tmp/init-config.ldif << EOF
dn: cn=config
changetype: modify
add: olcTLSCertificateFile
olcTLSCertificateFile: ${LDAP_TLS_CERT_FILE}
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: ${LDAP_TLS_KEY_FILE}
EOF
if [ -f "$LDAP_TLS_CA_FILE" ]; then
cat >> /tmp/init-config.ldif << EOF
-
add: olcTLSCACertificateFile
olcTLSCACertificateFile: ${LDAP_TLS_CA_FILE}
EOF
fi
cat >> /tmp/init-config.ldif << EOF
-
add: olcTLSVerifyClient
olcTLSVerifyClient: ${LDAP_TLS_VERIFY_CLIENT}
EOF
fi
# Import the configuration # Import the configuration
log_info "Importing cn=config with slapadd..." log_info "Importing cn=config with slapadd..."
/usr/sbin/slapadd -n 0 -F /etc/openldap/slapd.d -l /tmp/init-config.ldif /usr/sbin/slapadd -n 0 -F /etc/openldap/slapd.d -l /tmp/init-config.ldif