From 803db5a114a3fddb709e01788114798bd8187c91 Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Fri, 25 Mar 2022 20:59:45 +0100 Subject: [PATCH 1/5] split generation/addition of schemas and importing of LDIF files from generation of default LDAP tree when LDAP_SKIP_DEFAULT_TREE is set to yes Signed-off-by: Johannes Kastl --- .../rootfs/opt/bitnami/scripts/libopenldap.sh | 22 +++++++++---------- .../rootfs/opt/bitnami/scripts/libopenldap.sh | 22 +++++++++---------- 2 files changed, 20 insertions(+), 24 deletions(-) diff --git a/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh index 95650ca3239a..c40ba91345c0 100644 --- a/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -464,19 +464,17 @@ ldap_initialize() { if is_boolean_yes "$LDAP_ENABLE_TLS"; then ldap_configure_tls fi - if is_boolean_yes "$LDAP_SKIP_DEFAULT_TREE"; then - info "Skipping default schemas/tree structure" + # Initialize OpenLDAP with schemas/tree structure + ldap_add_schemas + if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then + ldap_add_custom_schema + fi + if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then + ldap_add_custom_ldifs + elif is_boolean_no "$LDAP_SKIP_DEFAULT_TREE"; then + ldap_create_tree else - # Initialize OpenLDAP with schemas/tree structure - ldap_add_schemas - if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then - ldap_add_custom_schema - fi - if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then - ldap_add_custom_ldifs - else - ldap_create_tree - fi + info "Skipping default schemas/tree structure" fi ldap_stop fi diff --git a/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh index 95650ca3239a..c40ba91345c0 100644 --- a/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -464,19 +464,17 @@ ldap_initialize() { if is_boolean_yes "$LDAP_ENABLE_TLS"; then ldap_configure_tls fi - if is_boolean_yes "$LDAP_SKIP_DEFAULT_TREE"; then - info "Skipping default schemas/tree structure" + # Initialize OpenLDAP with schemas/tree structure + ldap_add_schemas + if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then + ldap_add_custom_schema + fi + if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then + ldap_add_custom_ldifs + elif is_boolean_no "$LDAP_SKIP_DEFAULT_TREE"; then + ldap_create_tree else - # Initialize OpenLDAP with schemas/tree structure - ldap_add_schemas - if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then - ldap_add_custom_schema - fi - if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then - ldap_add_custom_ldifs - else - ldap_create_tree - fi + info "Skipping default schemas/tree structure" fi ldap_stop fi From ddc2f8884a2ad4f5631c6fc107e6ae701deffc90 Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Fri, 25 Mar 2022 21:15:02 +0100 Subject: [PATCH 2/5] README.md: hint on LDAP_SKIP_DEFAULT_TREE not skipping creation/addition of schemas or importing of LDIF files Signed-off-by: Johannes Kastl --- bitnami/openldap/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bitnami/openldap/README.md b/bitnami/openldap/README.md index 918e859dc926..02beccfbbbc4 100644 --- a/bitnami/openldap/README.md +++ b/bitnami/openldap/README.md @@ -186,8 +186,8 @@ The Bitnami Docker OpenLDAP can be easily setup with the following environment v - `LDAP_USER_DC`: DC for the users' organizational unit. Default: **users** - `LDAP_GROUP`: Group used to group created users. Default: **readers** - `LDAP_EXTRA_SCHEMAS`: Extra schemas to add, among OpenLDAP's distributed schemas. Default: **cosine, inetorgperson, nis** -- `LDAP_SKIP_DEFAULT_TREE`: Whether to skip creating the default LDAP tree based on `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. Default: **no** -- `LDAP_CUSTOM_LDIF_DIR`: Location of a directory that contains LDIF files that should be used to bootstrap the database. Only files ending in `.ldif` will be used. Default LDAP tree based on the `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP` will be skipped when `LDAP_CUSTOM_LDIF_DIR` is used. When using this it will override the usage of `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. You should set `LDAP_ROOT` to your base to make sure the `olcSuffix` configured on the database matches the contents imported from the LDIF files.Default: **/ldifs** +- `LDAP_SKIP_DEFAULT_TREE`: Whether to skip creating the default LDAP tree based on `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. Please note that this will **not** skip the addition of schemas or importing of LDIF files. Default: **no** +- `LDAP_CUSTOM_LDIF_DIR`: Location of a directory that contains LDIF files that should be used to bootstrap the database. Only files ending in `.ldif` will be used. Default LDAP tree based on the `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP` will be skipped when `LDAP_CUSTOM_LDIF_DIR` is used. When using this it will override the usage of `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. You should set `LDAP_ROOT` to your base to make sure the `olcSuffix` configured on the database matches the contents imported from the LDIF files. Default: **/ldifs** - `LDAP_CUSTOM_SCHEMA_FILE`: Location of a custom internal schema file that could not be added as custom ldif file (i.e. containing some `structuralObjectClass`). Default is **/schema/custom.ldif**" - `LDAP_ULIMIT_NOFILES`: Maximum number of open file descriptors. Default: **1024**. - `LDAP_ALLOW_ANON_BINDING`: Allow anonymous bindings to the LDAP server. Default: **yes**. From d3df878c99136b8a79dba14013cf7b4c6e07d880 Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Mon, 28 Mar 2022 13:42:57 +0200 Subject: [PATCH 3/5] only add schemas if LDAP_ADD_SCHEMAS is set to yes Signed-off-by: Johannes Kastl --- .../2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh | 4 +++- .../2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh index c40ba91345c0..8f701d7deddc 100644 --- a/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -465,7 +465,9 @@ ldap_initialize() { ldap_configure_tls fi # Initialize OpenLDAP with schemas/tree structure - ldap_add_schemas + if is_boolean_yes "$LDAP_ADD_SCHEMAS"; then + ldap_add_schemas + fi if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then ldap_add_custom_schema fi diff --git a/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh index c40ba91345c0..8f701d7deddc 100644 --- a/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -465,7 +465,9 @@ ldap_initialize() { ldap_configure_tls fi # Initialize OpenLDAP with schemas/tree structure - ldap_add_schemas + if is_boolean_yes "$LDAP_ADD_SCHEMAS"; then + ldap_add_schemas + fi if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then ldap_add_custom_schema fi From 38957a64fe85b28b803a3e3d899bf136b5acd1cc Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Mon, 28 Mar 2022 13:44:20 +0200 Subject: [PATCH 4/5] ADD new variable LDAP_EXTRA_SCHEMAS with default value 'true' Signed-off-by: Johannes Kastl --- .../2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh | 1 + .../2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh index 8f701d7deddc..570a97fb6e91 100644 --- a/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -56,6 +56,7 @@ export LDAP_CONFIG_ADMIN_USERNAME="${LDAP_CONFIG_ADMIN_USERNAME:-admin}" export LDAP_CONFIG_ADMIN_DN="${LDAP_CONFIG_ADMIN_USERNAME/#/cn=},cn=config" export LDAP_CONFIG_ADMIN_PASSWORD="${LDAP_CONFIG_ADMIN_PASSWORD:-configpassword}" export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -n -T /dev/stdin)" +export LDAP_ADD_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-yes}" export LDAP_EXTRA_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-cosine,inetorgperson,nis}" export LDAP_SKIP_DEFAULT_TREE="${LDAP_SKIP_DEFAULT_TREE:-no}" export LDAP_USERS="${LDAP_USERS:-user01,user02}" diff --git a/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh index 8f701d7deddc..570a97fb6e91 100644 --- a/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh +++ b/bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh @@ -56,6 +56,7 @@ export LDAP_CONFIG_ADMIN_USERNAME="${LDAP_CONFIG_ADMIN_USERNAME:-admin}" export LDAP_CONFIG_ADMIN_DN="${LDAP_CONFIG_ADMIN_USERNAME/#/cn=},cn=config" export LDAP_CONFIG_ADMIN_PASSWORD="${LDAP_CONFIG_ADMIN_PASSWORD:-configpassword}" export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -n -T /dev/stdin)" +export LDAP_ADD_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-yes}" export LDAP_EXTRA_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-cosine,inetorgperson,nis}" export LDAP_SKIP_DEFAULT_TREE="${LDAP_SKIP_DEFAULT_TREE:-no}" export LDAP_USERS="${LDAP_USERS:-user01,user02}" From b8cba16253cf7b742d7b32b1d649ba1c1afb9a7d Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Mon, 28 Mar 2022 13:45:28 +0200 Subject: [PATCH 5/5] README.md: variable LDAP_ADD_SCHEMAS explained Signed-off-by: Johannes Kastl --- bitnami/openldap/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/bitnami/openldap/README.md b/bitnami/openldap/README.md index 02beccfbbbc4..8ad41496a938 100644 --- a/bitnami/openldap/README.md +++ b/bitnami/openldap/README.md @@ -185,6 +185,7 @@ The Bitnami Docker OpenLDAP can be easily setup with the following environment v - `LDAP_PASSWORDS`: Comma separated list of passwords to use for LDAP users. Default: **bitnami1,bitnami2** - `LDAP_USER_DC`: DC for the users' organizational unit. Default: **users** - `LDAP_GROUP`: Group used to group created users. Default: **readers** +- `LDAP_ADD_SCHEMAS`: Whether to add the schemas specified in `LDAP_EXTRA_SCHEMAS`. Default: **yes** - `LDAP_EXTRA_SCHEMAS`: Extra schemas to add, among OpenLDAP's distributed schemas. Default: **cosine, inetorgperson, nis** - `LDAP_SKIP_DEFAULT_TREE`: Whether to skip creating the default LDAP tree based on `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. Please note that this will **not** skip the addition of schemas or importing of LDIF files. Default: **no** - `LDAP_CUSTOM_LDIF_DIR`: Location of a directory that contains LDIF files that should be used to bootstrap the database. Only files ending in `.ldif` will be used. Default LDAP tree based on the `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP` will be skipped when `LDAP_CUSTOM_LDIF_DIR` is used. When using this it will override the usage of `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. You should set `LDAP_ROOT` to your base to make sure the `olcSuffix` configured on the database matches the contents imported from the LDIF files. Default: **/ldifs**