5 years ago · 2bd5d31704
--- a/README.md
+++ b/README.md
@@ -367,6 +367,8 @@ Other environment variables:
 
				 - **LDAP_SSL_HELPER_PREFIX**: ssl-helper environment variables prefix. Defaults to `ldap`, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
			
 
				 - **HOSTNAME**: set the hostname of the running openldap server. Defaults to whatever docker creates.
			
 
				 - **DISABLE_CHOWN**: do not perform any chown to fix file ownership. Defaults to `false`
			
 
				+- LDAP_OPENLDAP_UID: runtime docker user uid to run container as
			
 
				+- LDAP_OPENLDAP_GID: runtime docker user gid to run container as
			
 
				 
			
 
				 
			
 
				 ### Set your own environment variables
			
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -10,8 +10,8 @@ ARG PQCHECKER_MD5=c005ce596e97d13e39485e711dcbc7e1
 
				 
			
 
				 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
			
 
				 # If explicit uid or gid is given, use it.
			
 
				-RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
			
 
				-    && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi
			
 
				+RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -g 911 -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
			
 
				+    && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -u 911 -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi
			
 
				 
			
 
				 # Add buster-backports in preparation for downloading newer openldap components, especially sladp
			
 
				 RUN echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list
			
--- a/image/service/slapd/startup.sh
+++ b/image/service/slapd/startup.sh
@@ -56,8 +56,38 @@ fi
 
				 [ -d /var/lib/ldap ] || mkdir -p /var/lib/ldap
			
 
				 [ -d /etc/ldap/slapd.d ] || mkdir -p /etc/ldap/slapd.d
			
 
				 
			
 
				+log-helper info "openldap user and group adjustments"
			
 
				+LDAP_OPENLDAP_UID=${LDAP_OPENLDAP_UID:-911}
			
 
				+LDAP_OPENLDAP_GID=${LDAP_OPENLDAP_GID:-911}
			
 
				+
			
 
				+log-helper info "get current openldap uid/gid info inside container"
			
 
				+CUR_USER_GID=`id -g openldap || true`
			
 
				+CUR_USER_UID=`id -u openldap || true`
			
 
				+
			
 
				+LDAP_UIDGID_CHANGED=false
			
 
				+if [ "$LDAP_OPENLDAP_UID" != "$CUR_USER_UID" ]; then
			
 
				+    log-helper info "CUR_USER_UID (${CUR_USER_UID}) does't match LDAP_OPENLDAP_UID (${LDAP_OPENLDAP_UID}), adjusting..."
			
 
				+    usermod -o -u "$LDAP_OPENLDAP_UID" openldap
			
 
				+    LDAP_UIDGID_CHANGED=true
			
 
				+fi
			
 
				+if [ "$LDAP_OPENLDAP_GID" != "$CUR_USER_GID" ]; then
			
 
				+    log-helper info "CUR_USER_GID (${CUR_USER_GID}) does't match LDAP_OPENLDAP_GID (${LDAP_OPENLDAP_GID}), adjusting..."
			
 
				+    groupmod -o -g "$LDAP_OPENLDAP_GID" openldap
			
 
				+    LDAP_UIDGID_CHANGED=true
			
 
				+fi
			
 
				+
			
 
				+log-helper info '-------------------------------------'
			
 
				+log-helper info 'openldap GID/UID'
			
 
				+log-helper info '-------------------------------------'
			
 
				+log-helper info "User uid:    $(id -u openldap)"
			
 
				+log-helper info "User gid:    $(id -g openldap)"
			
 
				+log-helper info "uid/gid changed: ${LDAP_UIDGID_CHANGED}"
			
 
				+log-helper info "-------------------------------------"
			
 
				+
			
 
				 # fix file permissions
			
 
				 if [ "${DISABLE_CHOWN,,}" == "false" ]; then
			
 
				+  log-helper info "updating file uid/gid ownership"
			
 
				+  chown -R openldap:openldap /var/run/slapd
			
 
				   chown -R openldap:openldap /var/lib/ldap
			
 
				   chown -R openldap:openldap /etc/ldap
			
 
				   chown -R openldap:openldap ${CONTAINER_SERVICE_DIR}/slapd