From 4c7c30b1500071629c984c44aa742bf248f610b1 Mon Sep 17 00:00:00 2001
From: Bitnami Bot <containers-bot@bitnami.com>
Date: Fri, 15 Jan 2021 23:00:39 +0000
Subject: [PATCH] 2.4.56-debian-10-r63 release

---
 bitnami/openldap/2/debian-10/Dockerfile       |  2 +-
 .../prebuildfs/opt/bitnami/scripts/libos.sh   | 68 +++++++++++++++++--
 .../opt/bitnami/scripts/openldap/setup.sh     |  2 +-
 bitnami/openldap/README.md                    |  2 +-
 4 files changed, 66 insertions(+), 8 deletions(-)

diff --git a/bitnami/openldap/2/debian-10/Dockerfile b/bitnami/openldap/2/debian-10/Dockerfile
index 72b9e312e452..cbe2600911f0 100644
--- a/bitnami/openldap/2/debian-10/Dockerfile
+++ b/bitnami/openldap/2/debian-10/Dockerfile
@@ -18,7 +18,7 @@ RUN chmod g+rwX /opt/bitnami
 COPY rootfs /
 RUN /opt/bitnami/scripts/openldap/postunpack.sh
 ENV BITNAMI_APP_NAME="openldap" \
-    BITNAMI_IMAGE_VERSION="2.4.56-debian-10-r62" \
+    BITNAMI_IMAGE_VERSION="2.4.56-debian-10-r63" \
     PATH="/opt/bitnami/openldap/bin:/opt/bitnami/openldap/sbin:/opt/bitnami/common/bin:$PATH"
 
 EXPOSE 1389 1636
diff --git a/bitnami/openldap/2/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/openldap/2/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh
index cc45a19ce099..f38437a1d407 100644
--- a/bitnami/openldap/2/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh
+++ b/bitnami/openldap/2/debian-10/prebuildfs/opt/bitnami/scripts/libos.sh
@@ -37,14 +37,34 @@ group_exists() {
 # Create a group in the system if it does not exist already
 # Arguments:
 #   $1 - group
+# Flags:
+#   -s|--system - Whether to create new user as system user (uid <= 999)
 # Returns:
 #   None
 #########################
 ensure_group_exists() {
     local group="${1:?group is missing}"
+    local is_system_user=false
+
+    # Validate arguments
+    shift 1
+    while [ "$#" -gt 0 ]; do
+        case "$1" in
+            -s|--system)
+                is_system_user=true
+                ;;
+            *)
+                echo "Invalid command line flag $1" >&2
+                return 1
+                ;;
+        esac
+        shift
+    done
 
     if ! group_exists "$group"; then
-        groupadd "$group" >/dev/null 2>&1
+        local -a args=("$group")
+        $is_system_user && args+=("--system")
+        groupadd "${args[@]}" >/dev/null 2>&1
     fi
 }
 
@@ -52,22 +72,60 @@ ensure_group_exists() {
 # Create an user in the system if it does not exist already
 # Arguments:
 #   $1 - user
-#   $2 - group
+# Flags:
+#   -g|--group - the group the new user should belong to
+#   -h|--home - the home directory for the new user
+#   -s|--system - whether to create new user as system user (uid <= 999)
 # Returns:
 #   None
 #########################
 ensure_user_exists() {
     local user="${1:?user is missing}"
-    local group="${2:-}"
+    local group=""
+    local home=""
+    local is_system_user=false
+
+    # Validate arguments
+    shift 1
+    while [ "$#" -gt 0 ]; do
+        case "$1" in
+            -g|--group)
+                shift
+                group="${1:?missing group}"
+                ;;
+            -h|--home)
+                shift
+                home="${1:?missing home directory}"
+                ;;
+            -s|--system)
+                is_system_user=true
+                ;;
+            *)
+                echo "Invalid command line flag $1" >&2
+                return 1
+                ;;
+        esac
+        shift
+    done
 
     if ! user_exists "$user"; then
-        useradd "$user" >/dev/null 2>&1
+        local -a user_args=("-N" "$user")
+        $is_system_user && user_args+=("--system")
+        useradd "${user_args[@]}" >/dev/null 2>&1
     fi
 
     if [[ -n "$group" ]]; then
-        ensure_group_exists "$group"
+        local -a group_args=("$group")
+        $is_system_user && group_args+=("--system")
+        ensure_group_exists "${group_args[@]}"
         usermod -a -G "$group" "$user" >/dev/null 2>&1
     fi
+
+    if [[ -n "$home" ]]; then
+        mkdir -p "$home"
+        usermod -d "$home" "$user" >/dev/null 2>&1
+        configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
+    fi
 }
 
 ########################
diff --git a/bitnami/openldap/2/debian-10/rootfs/opt/bitnami/scripts/openldap/setup.sh b/bitnami/openldap/2/debian-10/rootfs/opt/bitnami/scripts/openldap/setup.sh
index 0915a0ac7642..a6ffa6f376f4 100755
--- a/bitnami/openldap/2/debian-10/rootfs/opt/bitnami/scripts/openldap/setup.sh
+++ b/bitnami/openldap/2/debian-10/rootfs/opt/bitnami/scripts/openldap/setup.sh
@@ -16,6 +16,6 @@ eval "$(ldap_env)"
 # Ensure Open LDAP environment variables are valid
 ldap_validate
 # Ensure 'daemon' user exists when running as 'root'
-am_i_root && ensure_user_exists "$LDAP_DAEMON_USER" "$LDAP_DAEMON_GROUP"
+am_i_root && ensure_user_exists "$LDAP_DAEMON_USER" --group "$LDAP_DAEMON_GROUP"
 # Ensure Open LDAP server is initialize
 ldap_initialize
diff --git a/bitnami/openldap/README.md b/bitnami/openldap/README.md
index 6556d814cefc..f8ffe646fab3 100644
--- a/bitnami/openldap/README.md
+++ b/bitnami/openldap/README.md
@@ -35,7 +35,7 @@ Non-root container images add an extra layer of security and are generally recom
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
 
 
-* [`2`, `2-debian-10`, `2.4.56`, `2.4.56-debian-10-r62`, `latest` (2/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-openldap/blob/2.4.56-debian-10-r62/2/debian-10/Dockerfile)
+* [`2`, `2-debian-10`, `2.4.56`, `2.4.56-debian-10-r63`, `latest` (2/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-openldap/blob/2.4.56-debian-10-r63/2/debian-10/Dockerfile)
 
 Subscribe to project updates by watching the [bitnami/openldap GitHub repo](https://github.com/bitnami/bitnami-docker-openldap).