9 年之前 · 159cde44d8
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -26,7 +26,7 @@ RUN /container/tool/install-service \
 
				     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
			
 
				 
			
 
				 # Add default env variables
			
 
				-ADD env.yaml /container/environment/99-default/env.yaml
			
 
				+ADD env.* /container/environment/99-default/
			
 
				 
			
 
				 # Set OpenLDAP data and config directories in a data volume
			
 
				 VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
			
--- a/image/env.yaml
+++ b/image/env.yaml
@@ -1,37 +1,9 @@
 
				+# This is the default image configuration file
			
 
				+# These values will persists in container environment.
			
 
				+
			
 
				+# All environment variables used after the container first start
			
 
				+# must be defined here.
			
 
				+
			
 
				 # General container configuration
			
 
				 # see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
			
 
				 LDAP_LOG_LEVEL: 256
			
 
				-
			
 
				-# Required and used for new ldap server only
			
 
				-LDAP_ORGANISATION: Example Inc.
			
 
				-LDAP_DOMAIN: example.org
			
 
				-LDAP_ADMIN_PASSWORD: admin
			
 
				-LDAP_CONFIG_PASSWORD: config
			
 
				-
			
 
				-LDAP_READONLY_USER: false
			
 
				-LDAP_READONLY_USER_USERNAME: readonly
			
 
				-LDAP_READONLY_USER_PASSWORD: readonly
			
 
				-
			
 
				-# Tls
			
 
				-LDAP_TLS: true
			
 
				-LDAP_TLS_CRT_FILENAME: ldap.crt
			
 
				-LDAP_TLS_KEY_FILENAME: ldap.key
			
 
				-LDAP_TLS_CA_CRT_FILENAME: ca.crt
			
 
				-
			
 
				-LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
			
 
				-LDAP_TLS_PROTOCOL_MIN: 3.1
			
 
				-LDAP_TLS_VERIFY_CLIENT: demand
			
 
				-
			
 
				-# Replication
			
 
				-LDAP_REPLICATION: false
			
 
				-# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
			
 
				-# are automaticaly replaced at run time
			
 
				-
			
 
				-# if you want to add replication to an existing ldap
			
 
				-# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_HDB_SYNCPROV to your configuration
			
 
				-# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
			
 
				-LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
			
 
				-LDAP_REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
			
 
				-LDAP_REPLICATION_HOSTS:
			
 
				-  - ldap://ldap.example.org # The order must be the same on all ldap servers
			
 
				-  - ldap://ldap2.example.org
			
--- a/image/env.yaml.secret
+++ b/image/env.yaml.secret
@@ -0,0 +1,43 @@
 
				+# This is the default image secret configuration file
			
 
				+# this file define environment variables used during the container first start in startup scripts.
			
 
				+
			
 
				+# This file is deleted right after startup scripts are processed for the first time,
			
 
				+# all theses values will not be available after that in the container environment variable.
			
 
				+# So if the container is started, stop and restarted this values are not available for restart startup scripts.
			
 
				+
			
 
				+# It helps to keep your configuration secret :)
			
 
				+# more information : https://github.com/osixia/docker-light-baseimage
			
 
				+
			
 
				+# Required and used for new ldap server only
			
 
				+LDAP_ORGANISATION: Example Inc.
			
 
				+LDAP_DOMAIN: example.org
			
 
				+LDAP_ADMIN_PASSWORD: admin
			
 
				+LDAP_CONFIG_PASSWORD: config
			
 
				+
			
 
				+LDAP_READONLY_USER: false
			
 
				+LDAP_READONLY_USER_USERNAME: readonly
			
 
				+LDAP_READONLY_USER_PASSWORD: readonly
			
 
				+
			
 
				+# Tls
			
 
				+LDAP_TLS: true
			
 
				+LDAP_TLS_CRT_FILENAME: ldap.crt
			
 
				+LDAP_TLS_KEY_FILENAME: ldap.key
			
 
				+LDAP_TLS_CA_CRT_FILENAME: ca.crt
			
 
				+
			
 
				+LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
			
 
				+LDAP_TLS_PROTOCOL_MIN: 3.1
			
 
				+LDAP_TLS_VERIFY_CLIENT: demand
			
 
				+
			
 
				+# Replication
			
 
				+LDAP_REPLICATION: false
			
 
				+# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
			
 
				+# are automaticaly replaced at run time
			
 
				+
			
 
				+# if you want to add replication to an existing ldap
			
 
				+# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_HDB_SYNCPROV to your configuration
			
 
				+# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
			
 
				+LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
			
 
				+LDAP_REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
			
 
				+LDAP_REPLICATION_HOSTS:
			
 
				+  - ldap://ldap.example.org # The order must be the same on all ldap servers
			
 
				+  - ldap://ldap2.example.org
			
--- a/image/service/slapd/container-start.sh
+++ b/image/service/slapd/container-start.sh
@@ -1,6 +1,6 @@
 
				 #!/bin/bash -e
			
 
				 
			
 
				-FIRST_START_DONE="/etc/docker-openldap-first-start-done"
			
 
				+FIRST_START_DONE="/container/run/state/slapd-first-start-done"
			
 
				 WAS_STARTED_WITH_TLS="/etc/ldap/slapd.d/docker-openldap-was-started-with-tls"
			
 
				 WAS_STARTED_WITH_REPLICATION="/etc/ldap/slapd.d/docker-openldap-was-started-with-replication"