files

Dockerfile

@@ -25,7 +25,7 @@ VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
 # RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
 
 # Enable dnsmasq
-RUN /sbin/enable-service dnsmasq
+RUN /sbin/enable-service dnsmasq ca-authority
 
 # Use baseimage-docker's init system.
 CMD ["/sbin/my_init"]

service/slapd/slapd.sh

@@ -77,16 +77,16 @@ if [ ! -e /etc/ldap/slapd.d/docker_bootstrapped ]; then
   else
 
     #generate default tls certificates / set domain name
-    DOMAIN_ESC=`echo $DOMAIN_NAME | sed 's/\./_/g'`
-    DOMAIN_ESC_UPPER=`echo $DOMAIN_ESC | tr '[a-z]' '[A-Z]'`
-    export SSL_${DOMAIN_ESC_UPPER}_COMMON_NAME=${DOMAIN_NAME}
-    export SSL_${DOMAIN_ESC_UPPER}_ORGANIZATION="${LDAP_ORGANISATION}"
+    export SSL_SLAPD_COMMON_NAME="$DOMAIN_NAME"
+    export SSL_SLAPD_ORGANIZATION="${LDAP_ORGANISATION}"
 
-    /sbin/create-ssl-cert $DOMAIN_NAME /etc/ldap/ssl/ldap.crt /etc/ldap/ssl/ldap.key
-    cp /etc/ldap/ssl/ldap.crt /etc/ldap/ssl/ca.crt
+    /sbin/ssl-create-cert slapd /etc/ldap/ssl/ldap.crt /etc/ldap/ssl/ldap.key
+    ln -s /etc/ssl/certs/docker_baseimage_cacert.pem /etc/ldap/ssl/ca.crt
 
   fi
 
+  sed -i 's,TLS_CACERT.*,TLS_CACERT ./etc/ldap/ssl/ca.crt,g' /etc/ldap/ldap.conf
+
   # Fix permission on certificates
   chown openldap:openldap -R /etc/ldap/ssl