updates

image/Dockerfile

@@ -42,12 +42,6 @@ RUN /container/tool/install-service
 # Add default env variables
 ADD environment /container/environment/99-default
 
-# add local files
-# entrypoint is used to update docker uid/gid to openldap user
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
-
 # Expose default ldap and ldaps ports
 EXPOSE 389 636
 

image/entrypoint.sh

@@ -1,28 +0,0 @@
-#!/bin/bash -e
-
-LDAP_OPENLDAP_UID=${LDAP_OPENLDAP_UID:-911}
-LDAP_OPENLDAP_GID=${LDAP_OPENLDAP_GID:-911}
-
-# get current group of openldap user inside container
-CUR_USER_GID=`id -g openldap || true`
-CUR_USER_UID=`id -u openldap || true`
-
-# if they don't match, adjust
-if [ "$LDAP_OPENLDAP_UID" != "$CUR_USER_UID" ]; then
-    usermod -o -u "$LDAP_OPENLDAP_UID" openldap
-fi
-if [ "$LDAP_OPENLDAP_GID" != "$CUR_USER_GID" ]; then
-    groupmod -o -g "$LDAP_OPENLDAP_GID" openldap
-fi
-
-echo '
--------------------------------------
-GID/UID
--------------------------------------'
-echo "
-User uid:    $(id -u openldap)
-User gid:    $(id -g openldap)
--------------------------------------
-"
-
-exec /container/tool/run "$@"

image/service/slapd/startup.sh

@@ -14,10 +14,41 @@ ulimit -n $LDAP_NOFILE
 [ -d /var/lib/ldap ] || mkdir -p /var/lib/ldap
 [ -d /etc/ldap/slapd.d ] || mkdir -p /etc/ldap/slapd.d
 
-# fix file permissions
-chown -R openldap:openldap /var/lib/ldap
-chown -R openldap:openldap /etc/ldap
-chown -R openldap:openldap ${CONTAINER_SERVICE_DIR}/slapd
+log-helper info "openldap user and group adjustments"
+LDAP_OPENLDAP_UID=${LDAP_OPENLDAP_UID:-911}
+LDAP_OPENLDAP_GID=${LDAP_OPENLDAP_GID:-911}
+
+log-helper info "get current openldap uid/gid info inside container"
+CUR_USER_GID=`id -g openldap || true`
+CUR_USER_UID=`id -u openldap || true`
+
+LDAP_UIDGID_CHANGED=false
+if [ "$LDAP_OPENLDAP_UID" != "$CUR_USER_UID" ]; then
+    log-helper info "CUR_USER_UID (${CUR_USER_UID}) does't match LDAP_OPENLDAP_UID (${LDAP_OPENLDAP_UID}), adjusting..."
+    usermod -o -u "$LDAP_OPENLDAP_UID" openldap
+    LDAP_UIDGID_CHANGED=true
+fi
+if [ "$LDAP_OPENLDAP_GID" != "$CUR_USER_GID" ]; then
+    log-helper info "CUR_USER_GID (${CUR_USER_GID}) does't match LDAP_OPENLDAP_GID (${LDAP_OPENLDAP_GID}), adjusting..."
+    groupmod -o -g "$LDAP_OPENLDAP_GID" openldap
+    LDAP_UIDGID_CHANGED=true
+fi
+
+log-helper info '-------------------------------------'
+log-helper info 'openldap GID/UID'
+log-helper info '-------------------------------------'
+log-helper info "User uid:    $(id -u openldap)"
+log-helper info "User gid:    $(id -g openldap)"
+log-helper info "LDAP_UIDGID_CHANGED: ${LDAP_UIDGID_CHANGED}"
+log-helper info "-------------------------------------"
+
+if $LDAP_UIDGID_CHANGED ; then
+  log-helper info "fixing file permissions since LDAP_UIDGID_CHANGED==($LDAP_UIDGID_CHANGED)"
+  chown -R openldap:openldap /var/run/slapd
+  chown -R openldap:openldap /var/lib/ldap
+  chown -R openldap:openldap /etc/ldap
+  chown -R openldap:openldap ${CONTAINER_SERVICE_DIR}/slapd
+fi
 
 FIRST_START_DONE="${CONTAINER_STATE_DIR}/slapd-first-start-done"
 WAS_STARTED_WITH_TLS="/etc/ldap/slapd.d/docker-openldap-was-started-with-tls"