6 years ago · 86b83760c8
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
				 ## [1.2.5] - Unreleased
			
 
				 ## Added
			
 
				   - Support for docker secrets #325. Thanks to @anagno !
			
 
				+  - Add DISABLE_CHOWN environment variable #240
			
 
				 
			
 
				 ### Fixed
			
 
				   - Fix of incorrectly positioned 'log-helper debug' command #327. Thanks to @turcan !
			
--- a/README.md
+++ b/README.md
@@ -12,40 +12,40 @@ Latest release: 1.2.5-dev - OpenLDAP 2.4.47 -  [Changelog](CHANGELOG.md) | [Dock
 
				 
			
 
				 
			
 
				 - [osixia/openldap](#osixiaopenldap)
			
 
				-	- [Contributing](#contributing)
			
 
				-	- [Quick Start](#quick-start)
			
 
				-	- [Beginner Guide](#beginner-guide)
			
 
				-		- [Create new ldap server](#create-new-ldap-server)
			
 
				-			- [Data persistence](#data-persistence)
			
 
				-			- [Edit your server configuration](#edit-your-server-configuration)
			
 
				-			- [Seed ldap database with ldif](#seed-ldap-database-with-ldif)
			
 
				-		- [Use an existing ldap database](#use-an-existing-ldap-database)
			
 
				-		- [Backup](#backup)
			
 
				-		- [Administrate your ldap server](#administrate-your-ldap-server)
			
 
				-		- [TLS](#tls)
			
 
				-			- [Use auto-generated certificate](#use-auto-generated-certificate)
			
 
				-			- [Use your own certificate](#use-your-own-certificate)
			
 
				-			- [Disable TLS](#disable-tls)
			
 
				-		- [Multi master replication](#multi-master-replication)
			
 
				-		- [Fix docker mounted file problems](#fix-docker-mounted-file-problems)
			
 
				-		- [Debug](#debug)
			
 
				-	- [Environment Variables](#environment-variables)
			
 
				-		- [Default.yaml](#defaultyaml)
			
 
				-		- [Default.startup.yaml](#defaultstartupyaml)
			
 
				-		- [Set your own environment variables](#set-your-own-environment-variables)
			
 
				-			- [Use command line argument](#use-command-line-argument)
			
 
				-			- [Link environment file](#link-environment-file)
			
 
				-			- [Docker Secrets](#docker-secrets)
			
 
				-			- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
			
 
				-	- [Advanced User Guide](#advanced-user-guide)
			
 
				-		- [Extend osixia/openldap:1.2.5-dev image](#extend-osixiaopenldap125-dev-image)
			
 
				-		- [Make your own openldap image](#make-your-own-openldap-image)
			
 
				-		- [Tests](#tests)
			
 
				-		- [Kubernetes](#kubernetes)
			
 
				-		- [Under the hood: osixia/light-baseimage](#under-the-hood-osixialight-baseimage)
			
 
				-	- [Security](#security)
			
 
				-		- [Known security issues](#known-security-issues)
			
 
				-	- [Changelog](#changelog)
			
 
				+	- [Contributing](#Contributing)
			
 
				+	- [Quick Start](#Quick-Start)
			
 
				+	- [Beginner Guide](#Beginner-Guide)
			
 
				+		- [Create new ldap server](#Create-new-ldap-server)
			
 
				+			- [Data persistence](#Data-persistence)
			
 
				+			- [Edit your server configuration](#Edit-your-server-configuration)
			
 
				+			- [Seed ldap database with ldif](#Seed-ldap-database-with-ldif)
			
 
				+		- [Use an existing ldap database](#Use-an-existing-ldap-database)
			
 
				+		- [Backup](#Backup)
			
 
				+		- [Administrate your ldap server](#Administrate-your-ldap-server)
			
 
				+		- [TLS](#TLS)
			
 
				+			- [Use auto-generated certificate](#Use-auto-generated-certificate)
			
 
				+			- [Use your own certificate](#Use-your-own-certificate)
			
 
				+			- [Disable TLS](#Disable-TLS)
			
 
				+		- [Multi master replication](#Multi-master-replication)
			
 
				+		- [Fix docker mounted file problems](#Fix-docker-mounted-file-problems)
			
 
				+		- [Debug](#Debug)
			
 
				+	- [Environment Variables](#Environment-Variables)
			
 
				+		- [Default.yaml](#Defaultyaml)
			
 
				+		- [Default.startup.yaml](#Defaultstartupyaml)
			
 
				+		- [Set your own environment variables](#Set-your-own-environment-variables)
			
 
				+			- [Use command line argument](#Use-command-line-argument)
			
 
				+			- [Link environment file](#Link-environment-file)
			
 
				+			- [Docker Secrets](#Docker-Secrets)
			
 
				+			- [Make your own image or extend this image](#Make-your-own-image-or-extend-this-image)
			
 
				+	- [Advanced User Guide](#Advanced-User-Guide)
			
 
				+		- [Extend osixia/openldap:1.2.5-dev image](#Extend-osixiaopenldap125-dev-image)
			
 
				+		- [Make your own openldap image](#Make-your-own-openldap-image)
			
 
				+		- [Tests](#Tests)
			
 
				+		- [Kubernetes](#Kubernetes)
			
 
				+		- [Under the hood: osixia/light-baseimage](#Under-the-hood-osixialight-baseimage)
			
 
				+	- [Security](#Security)
			
 
				+		- [Known security issues](#Known-security-issues)
			
 
				+	- [Changelog](#Changelog)
			
 
				 
			
 
				 ## Contributing
			
 
				 
			
@@ -339,6 +339,7 @@ Other environment variables:
 
				 - **LDAP_REMOVE_CONFIG_AFTER_SETUP**: delete config folder after setup. Defaults to `true`
			
 
				 - **LDAP_SSL_HELPER_PREFIX**: ssl-helper environment variables prefix. Defaults to `ldap`, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
			
 
				 - **HOSTNAME**: set the hostname of the running openldap server. Defaults to whatever docker creates.
			
 
				+- **DISABLE_CHOWN**: do not perform any chown to fix file ownership. Defaults to `false`
			
 
				 
			
 
				 
			
 
				 ### Set your own environment variables
			
--- a/image/environment/default.yaml
+++ b/image/environment/default.yaml
@@ -10,4 +10,7 @@
 
				 LDAP_LOG_LEVEL: 256
			
 
				 
			
 
				 # Ulimit
			
 
				-LDAP_NOFILE: 1024
			
 
				+LDAP_NOFILE: 1024
			
 
				+
			
 
				+# Do not perform any chown to fix file ownership
			
 
				+DISABLE_CHOWN: false
			
--- a/image/service/slapd/startup.sh
+++ b/image/service/slapd/startup.sh
@@ -43,7 +43,7 @@ file_env 'LDAP_READONLY_USER_PASSWORD'
 
				 [ -d /etc/ldap/slapd.d ] || mkdir -p /etc/ldap/slapd.d
			
 
				 
			
 
				 # fix file permissions
			
 
				-if [ -z "$DISABLE_CHOWN" ]; then
			
 
				+if [ "${DISABLE_CHOWN,,}" == "true" ]; then
			
 
				   chown -R openldap:openldap /var/lib/ldap
			
 
				   chown -R openldap:openldap /etc/ldap
			
 
				   chown -R openldap:openldap ${CONTAINER_SERVICE_DIR}/slapd
			
@@ -158,7 +158,7 @@ EOF
 
				       mv /tmp/schema/cn=config/cn=schema/* /etc/ldap/slapd.d/cn=config/cn=schema
			
 
				       rm -r /tmp/schema
			
 
				 
			
 
				-      if [ -z "$DISABLE_CHOWN" ]; then
			
 
				+      if [ "${DISABLE_CHOWN,,}" == "true" ]; then
			
 
				         chown -R openldap:openldap /etc/ldap/slapd.d/cn=config/cn=schema
			
 
				       fi
			
 
				     fi
			
@@ -237,7 +237,7 @@ EOF
 
				       ssl-helper $LDAP_SSL_HELPER_PREFIX $PREVIOUS_LDAP_TLS_CRT_PATH $PREVIOUS_LDAP_TLS_KEY_PATH $PREVIOUS_LDAP_TLS_CA_CRT_PATH
			
 
				       [ -f ${PREVIOUS_LDAP_TLS_DH_PARAM_PATH} ] || openssl dhparam -out ${LDAP_TLS_DH_PARAM_PATH} 2048
			
 
				 
			
 
				-      if [ -z "$DISABLE_CHOWN" ]; then
			
 
				+      if [ "${DISABLE_CHOWN,,}" == "true" ]; then
			
 
				         chmod 600 ${PREVIOUS_LDAP_TLS_DH_PARAM_PATH}
			
 
				         chown openldap:openldap $PREVIOUS_LDAP_TLS_CRT_PATH $PREVIOUS_LDAP_TLS_KEY_PATH $PREVIOUS_LDAP_TLS_CA_CRT_PATH $PREVIOUS_LDAP_TLS_DH_PARAM_PATH
			
 
				       fi
			
@@ -345,7 +345,7 @@ EOF
 
				       [ -f ${LDAP_TLS_DH_PARAM_PATH} ] || openssl dhparam -out ${LDAP_TLS_DH_PARAM_PATH} 2048
			
 
				       
			
 
				       # fix file permissions
			
 
				-      if [ -z "$DISABLE_CHOWN" ]; then
			
 
				+      if [ "${DISABLE_CHOWN,,}" == "true" ]; then
			
 
				         chmod 600 ${LDAP_TLS_DH_PARAM_PATH}
			
 
				         chown -R openldap:openldap ${CONTAINER_SERVICE_DIR}/slapd
			
 
				       fi