11.5.0-ol-7-r108 release

2019-11-12 04:35:49 +00:00 · 2019-11-12 04:35:49 +00:00 · 9c9b8dc2e2
parent ef2304bc12
commit 9c9b8dc2e2
3 changed files with 85 additions and 7 deletions
--- a/bitnami/postgresql/11/ol-7/Dockerfile
+++ b/bitnami/postgresql/11/ol-7/Dockerfile
@ -11,13 +11,12 @@ COPY prebuildfs /
 # Install required system packages and dependencies
 RUN install_packages ca-certificates curl glibc gzip hostname keyutils-libs krb5-libs libaio-devel libcom_err libedit libgcc libicu libselinux libstdc++ libuuid libxml2 libxslt ncurses-libs openssl-libs pcre procps-ng sqlite sudo tar which xz-libs zlib
 RUN . ./libcomponent.sh && component_unpack "postgresql" "11.5.0-6" --checksum 07123abfa9d50c3cffc6dc953fb3b15565dc153d72d676e97c49832499f86db9
-RUN curl --silent -L https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64 > /usr/local/bin/gosu && echo 0b843df6d86e270c5b0f5cbd3c326a04e18f4b7f9b8457fa497b0454c4b138d7 /usr/local/bin/gosu | sha256sum --check && chmod u+x /usr/local/bin/gosu && mkdir -p /opt/bitnami/licenses && curl --silent -L https://raw.githubusercontent.com/tianon/gosu/master/LICENSE > /opt/bitnami/licenses/gosu-1.11.txt

 COPY rootfs /
 RUN rpm -Uvh --nodeps $(repoquery --location nss_wrapper)
 RUN /postunpack.sh
 ENV BITNAMI_APP_NAME="postgresql" \
-    BITNAMI_IMAGE_VERSION="11.5.0-ol-7-r107" \
+    BITNAMI_IMAGE_VERSION="11.5.0-ol-7-r108" \
    LANG="en_US.UTF-8" \
    LANGUAGE="en_US:en" \
    NAMI_PREFIX="/.nami" \
--- a/bitnami/postgresql/11/ol-7/rootfs/libpostgresql.sh
+++ b/bitnami/postgresql/11/ol-7/rootfs/libpostgresql.sh
@ -142,6 +142,19 @@ export POSTGRESQL_REPLICATION_USER="${POSTGRESQL_REPLICATION_USER:-}"
 export POSTGRESQL_SYNCHRONOUS_COMMIT_MODE="${POSTGRESQL_SYNCHRONOUS_COMMIT_MODE:-on}"
 export POSTGRESQL_FSYNC="${POSTGRESQL_FSYNC:-on}"
 export POSTGRESQL_USERNAME="${POSTGRESQL_USERNAME:-postgres}"
+export POSTGRESQL_ENABLE_LDAP="${POSTGRESQL_ENABLE_LDAP:-no}"
+export POSTGRESQL_LDAP_URL="${POSTGRESQL_LDAP_URL:-}"
+export POSTGRESQL_LDAP_PREFIX="${POSTGRESQL_LDAP_PREFIX:-}"
+export POSTGRESQL_LDAP_SUFFIX="${POSTGRESQL_LDAP_SUFFIX:-}"
+export POSTGRESQL_LDAP_SERVER="${POSTGRESQL_LDAP_SERVER:-}"
+export POSTGRESQL_LDAP_PORT="${POSTGRESQL_LDAP_PORT:-}"
+export POSTGRESQL_LDAP_SCHEME="${POSTGRESQL_LDAP_SCHEME:-}"
+export POSTGRESQL_LDAP_TLS="${POSTGRESQL_LDAP_TLS:-}"
+export POSTGRESQL_LDAP_BASE_DN="${POSTGRESQL_LDAP_BASE_DN:-}"
+export POSTGRESQL_LDAP_BIND_DN="${POSTGRESQL_LDAP_BIND_DN:-}"
+export POSTGRESQL_LDAP_BIND_PASSWORD="${POSTGRESQL_LDAP_BIND_PASSWORD:-}"
+export POSTGRESQL_LDAP_SEARCH_ATTR="${POSTGRESQL_LDAP_SEARCH_ATTR:-}"
+export POSTGRESQL_LDAP_SEARCH_FILTER="${POSTGRESQL_LDAP_SEARCH_FILTER:-}"

 # Internal
 export POSTGRESQL_FIRST_BOOT="yes"
@ -266,6 +279,14 @@ postgresql_validate() {
        fi
    fi

+    if ! is_yes_no_value "$POSTGRESQL_ENABLE_LDAP"; then
+        empty_password_error "The values allowed for POSTGRESQL_ENABLE_LDAP are: yes or no"
+    fi
+
+    if is_boolean_yes "$POSTGRESQL_ENABLE_LDAP" && [[ -n "$POSTGRESQL_LDAP_URL" ]] && [[ -n "$POSTGRESQL_LDAP_SERVER" ]]; then
+        empty_password_error "You can not set POSTGRESQL_LDAP_URL and POSTGRESQL_LDAP_SERVER at the same time. Check your LDAP configuration."
+    fi
+
    [[ "$error_code" -eq 0 ]] || exit "$error_code"
 }

@ -290,6 +311,62 @@ postgresql_create_config() {
    sed -i -E "/#include_dir/i include_dir = 'conf.d'" "$POSTGRESQL_CONF_FILE"
 }

+########################
+# Create ldap auth configuration in pg_hba,
+# but keeps postgres user to authenticate locally
+# Globals:
+#   POSTGRESQL_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+postgresql_ldap_auth_configuration() {
+    postgresql_info "Generating LDAP authentication configuration"
+    local ldap_configuration=""
+
+    if [[ -n "$POSTGRESQL_LDAP_URL" ]]; then
+        ldap_configuration="ldapurl=\"$POSTGRESQL_LDAP_URL\""
+    else
+        ldap_configuration="ldapserver=${POSTGRESQL_LDAP_SERVER}"
+
+        [[ -n "$POSTGRESQL_LDAP_PREFIX" ]] && ldap_configuration+=" ldapprefix=\"${POSTGRESQL_LDAP_PREFIX}\""
+        [[ -n "$POSTGRESQL_LDAP_SUFFIX" ]] && ldap_configuration+=" ldapsuffix=\"${POSTGRESQL_LDAP_SUFFIX}\""
+        [[ -n "$POSTGRESQL_LDAP_PORT" ]] && ldap_configuration+=" ldapport=${POSTGRESQL_LDAP_PORT}"
+        [[ -n "$POSTGRESQL_LDAP_BASE_DN" ]] && ldap_configuration+=" ldapbasedn=\"${POSTGRESQL_LDAP_BASE_DN}\""
+        [[ -n "$POSTGRESQL_LDAP_BIND_DN" ]] && ldap_configuration+=" ldapbinddn=\"${POSTGRESQL_LDAP_BIND_DN}\""
+        [[ -n "$POSTGRESQL_LDAP_BIND_PASSWORD" ]] && ldap_configuration+=" ldapbindpasswd=${POSTGRESQL_LDAP_BIND_PASSWORD}"
+        [[ -n "$POSTGRESQL_LDAP_SEARCH_ATTR" ]] && ldap_configuration+=" ldapsearchattribute=${POSTGRESQL_LDAP_SEARCH_ATTR}"
+        [[ -n "$POSTGRESQL_LDAP_SEARCH_FILTER" ]] && ldap_configuration+=" ldapsearchfilter=\"${POSTGRESQL_LDAP_SEARCH_FILTER}\""
+        [[ -n "$POSTGRESQL_LDAP_TLS" ]] && ldap_configuration+=" ldaptls=${POSTGRESQL_LDAP_TLS}"
+        [[ -n "$POSTGRESQL_LDAP_SCHEME" ]] && ldap_configuration+=" ldapscheme=${POSTGRESQL_LDAP_SCHEME}"
+    fi
+
+    cat << EOF > "$POSTGRESQL_PGHBA_FILE"
+host     all             postgres        0.0.0.0/0               trust
+host     all             postgres        ::1/128                 trust
+host     all             all             0.0.0.0/0               ldap $ldap_configuration
+host     all             all             ::1/128                 ldap $ldap_configuration
+EOF
+}
+
+########################
+# Create local auth configuration in pg_hba
+# Globals:
+#   POSTGRESQL_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+postgresql_password_auth_configuration() {
+    postgresql_info "Generating local authentication configuration"
+    cat << EOF > "$POSTGRESQL_PGHBA_FILE"
+host     all             all             0.0.0.0/0               trust
+host     all             all             ::1/128                 trust
+EOF
+}
+
 ########################
 # Create basic pg_hba.conf file
 # Globals:
@ -301,10 +378,12 @@ postgresql_create_config() {
 #########################
 postgresql_create_pghba() {
    postgresql_info "pg_hba.conf file not detected. Generating it..."
-    cat << EOF > "$POSTGRESQL_PGHBA_FILE"
-host     all             all             0.0.0.0/0               trust
-host     all             all             ::1/128                 trust
-EOF
+
+    if is_boolean_yes "$POSTGRESQL_ENABLE_LDAP"; then
+        postgresql_ldap_auth_configuration
+    else
+        postgresql_password_auth_configuration
+    fi
 }

 ########################
--- a/bitnami/postgresql/README.md
+++ b/bitnami/postgresql/README.md
@ -47,7 +47,7 @@ Learn more about the Bitnami tagging policy and the difference between rolling t
 * [`12-ol-7`, `12.0.0-ol-7-r33` (12/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/12.0.0-ol-7-r33/12/ol-7/Dockerfile)
 * [`12-debian-9`, `12.0.0-debian-9-r20`, `12`, `12.0.0`, `12.0.0-r20` (12/debian-9/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/12.0.0-debian-9-r20/12/debian-9/Dockerfile)
 * [`12-centos-7`, `12.0.0-centos-7-r34` (12/centos-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/12.0.0-centos-7-r34/12/centos-7/Dockerfile)
-* [`11-ol-7`, `11.5.0-ol-7-r107` (11/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/11.5.0-ol-7-r107/11/ol-7/Dockerfile)
+* [`11-ol-7`, `11.5.0-ol-7-r108` (11/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/11.5.0-ol-7-r108/11/ol-7/Dockerfile)
 * [`11-debian-9`, `11.5.0-debian-9-r88`, `11`, `11.5.0`, `11.5.0-r88`, `latest` (11/debian-9/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/11.5.0-debian-9-r88/11/debian-9/Dockerfile)
 * [`11-centos-7`, `11.5.0-centos-7-r102` (11/centos-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/11.5.0-centos-7-r102/11/centos-7/Dockerfile)
 * [`10-ol-7`, `10.10.0-ol-7-r106` (10/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-postgresql/blob/10.10.0-ol-7-r106/10/ol-7/Dockerfile)