4 年之前 · 135f4ecb6f
--- a/README.md
+++ b/README.md
@@ -184,14 +184,14 @@ docker run \
 
				 
			
 
				 #### Seed from internal path
			
 
				 
			
 
				-This image can load ldif and schema files at startup from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.
			
 
				+This image can load ldif and schema files at startup from an internal path. Additionally, certificates can be copied from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.
			
 
				 
			
 
				 For example: Gitlab is not capable of mounting custom paths into docker services of a ci job, but Gitlab automatically mounts the working copy in every service container. So the working copy (sources) are accessible under `/builds` in every services
			
 
				 of a ci job. The path to the working copy can be obtained via `${CI_PROJECT_DIR}`. See also: https://docs.gitlab.com/runner/executors/docker.html#build-directory-in-service
			
 
				 
			
 
				 This may also work with other CI services, if they automatically mount the working directory to the services of a ci job like Gitlab ci does.
			
 
				 
			
 
				-In order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any *.ldif or *.schema file into the default seeding
			
 
				+In order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any files in the specified directory into the default seeding
			
 
				 directories of this image.
			
 
				 
			
 
				 Example variables defined in gitlab-ci.yml:
			
@@ -202,6 +202,14 @@ variables:
 
				   LDAP_SEED_INTERNAL_SCHEMA_PATH: "${CI_PROJECT_DIR}/docker/openldap/schema"
			
 
				 ```
			
 
				 
			
 
				+Also, certificates can be used by the internal path. The file, specified in a variable, will be copied in the default certificate directory of this image. If desired, you can use these with the LDAP_TLS_CRT_FILENAME, LDAP_TLS_KEY_FILENAME, LDAP_TLS_CA_CRT_FILENAME and LDAP_TLS_DH_PARAM_FILENAME to set a different filename in the default certificate directory of the image.
			
 
				+
			
 
				+	variables:
			
 
				+        LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/cert.pem"
			
 
				+        LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/key.pem"
			
 
				+        LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/ca/ca.pem"
			
 
				+        LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE: "${CI_PROJECT_DIR}/certificates/dhparam.pem"
			
 
				+
			
 
				 ### Use an existing ldap database
			
 
				 
			
 
				 This can be achieved by mounting host directories as volume.
			
--- a/image/environment/default.startup.yaml
+++ b/image/environment/default.startup.yaml
@@ -63,5 +63,9 @@ LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELP
 
				 SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd
			
 
				 
			
 
				 # Internal seeding. For example, for services in Gitlab CI.
			
 
				+LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE:
			
 
				+LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE:
			
 
				+LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE:
			
 
				+LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE:
			
 
				 LDAP_SEED_INTERNAL_LDIF_PATH:
			
 
				 LDAP_SEED_INTERNAL_SCHEMA_PATH:
			
--- a/image/service/slapd/startup.sh
+++ b/image/service/slapd/startup.sh
@@ -104,6 +104,28 @@ LDAP_TLS_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CRT_FIL
 
				 LDAP_TLS_KEY_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_KEY_FILENAME"
			
 
				 LDAP_TLS_DH_PARAM_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_DH_PARAM_FILENAME"
			
 
				 
			
 
				+copy_internal_seed_if_exists() {
			
 
				+  local src=$1
			
 
				+  local dest=$2
			
 
				+  if [ ! -z "${src}" ]; then
			
 
				+    echo  -e "Copy from internal path ${src} to ${dest}"
			
 
				+    cp -R ${src} ${dest}
			
 
				+  fi
			
 
				+}
			
 
				+
			
 
				+# Copy seed files from internal path if specified
			
 
				+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE'
			
 
				+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE}" "${LDAP_TLS_CRT_PATH}"
			
 
				+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE'
			
 
				+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE}" "${LDAP_TLS_KEY_PATH}"
			
 
				+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE'
			
 
				+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE}" "${LDAP_TLS_CA_CRT_PATH}"
			
 
				+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE'
			
 
				+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE}" "${LDAP_TLS_DH_PARAM_PATH}"
			
 
				+file_env 'LDAP_SEED_INTERNAL_SCHEMA_PATH'
			
 
				+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_SCHEMA_PATH}" "${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/schema/custom"
			
 
				+file_env 'LDAP_SEED_INTERNAL_LDIF_PATH'
			
 
				+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDIF_PATH}" "${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/ldif/custom"
			
 
				 
			
 
				 # CONTAINER_SERVICE_DIR and CONTAINER_STATE_DIR variables are set by
			
 
				 # the baseimage run tool more info : https://github.com/osixia/docker-light-baseimage