openssl & comments

image/Dockerfile

@@ -13,7 +13,7 @@ RUN groupadd -r openldap && useradd -r -g openldap openldap
 RUN apt-get -y update \
     && /container/tool/install-service-available cfssl \
 	  && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
-	     slapd ldap-utils \
+       slapd ldap-utils openssl\
 	  && rm -rf /var/lib/ldap /etc/ldap/slapd.d
 
 # Add service directory to /container/service
@@ -26,7 +26,7 @@ RUN /container/tool/install-service \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add default env variables
-ADD env.* /container/environment/99-default/
+ADD environment /container/environment/99-default
 
 # Set OpenLDAP data and config directories in a data volume
 VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]

image/env.yaml → image/environment/env.yaml

@@ -3,6 +3,7 @@
 
 # All environment variables used after the container first start
 # must be defined here.
+# more information : https://github.com/osixia/docker-light-baseimage
 
 # General container configuration
 # see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.

image/env.yaml.secret → image/environment/env.yaml.startup

@@ -1,11 +1,9 @@
-# This is the default image secret configuration file
-# this file define environment variables used during the container first start in startup scripts.
+# This is the default image startup configuration file
+# this file define environment variables used during the container FIRST start in startup scripts.
 
 # This file is deleted right after startup scripts are processed for the first time,
-# all theses values will not be available after that in the container environment variable.
-# So if the container is started, stop and restarted this values are not available for restart startup scripts.
-
-# It helps to keep your configuration secret :)
+# after that all theses values will not be available in the container environment.
+# That helps to keep your container configuration secret.
 # more information : https://github.com/osixia/docker-light-baseimage
 
 # Required and used for new ldap server only

image/service/slapd/container-start.sh

@@ -46,7 +46,7 @@ if [ ! -e "$FIRST_START_DONE" ]; then
     cfssl-helper ldap "/container/service/slapd/assets/certs/$LDAP_CRT" "/container/service/slapd/assets/certs/$LDAP_KEY" "/container/service/slapd/assets/certs/$CA_CRT"
 
     # create DHParamFile if not found
-    [ -f /container/service/slapd/assets/certs/dhparam.pem ] || certtool --generate-dh-param --sec-param=high --outfile=/container/service/slapd/assets/certs/dhparam.pem
+    [ -f /container/service/slapd/assets/certs/dhparam.pem ] || openssl dhparam -out /container/service/slapd/assets/certs/dhparam.pem 2048
     chmod 600 /container/service/slapd/assets/certs/dhparam.pem
 
     # fix file permissions