Skip to content

Commit

Permalink
Update to debian jessie
Browse files Browse the repository at this point in the history 
* Move most envvars into scripts
* Generate snake oil certificate on container build
  • Loading branch information
@rroemhild
rroemhild committed Feb 4, 2016
1 parent 9279b87 commit 2b0cd76
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 56 deletions.
25 changes: 11 additions & 14 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,18 @@
FROM debian:7
FROM debian:jessie
MAINTAINER Rafael Römhild <[email protected]>

ENV DEBUG_LEVEL 256
ENV LDAP_DOMAIN planetexpress.com
ENV LDAP_ADMIN_SECRET GoodNewsEveryone
ENV LDAP_ORGANISATION Planet Express, Inc.
ENV DEBIAN_FRONTEND noninteractive

# Install slapd and requirements
RUN apt-get update \
&& apt-get -y --no-install-recommends install \
slapd \
ldap-utils \
openssl \
ca-certificates \
&& DEBIAN_FRONTEND=noninteractive apt-get \
install -y --no-install-recommends \
slapd \
ldap-utils \
openssl \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*

ENV LDAP_DEBUG_LEVEL=256

# Create TLS certificate and bootstrap directory
RUN mkdir /etc/ldap/ssl /bootstrap

Expand All @@ -33,5 +30,5 @@ VOLUME ["/etc/ldap/slapd.d", "/etc/ldap/ssl", "/var/lib/ldap", "/run/slapd"]
EXPOSE 389
EXPOSE 636

CMD []
ENTRYPOINT ["/bin/bash", "/run.sh"]
CMD ["/bin/bash", "/run.sh"]
ENTRYPOINT []
6 changes: 2 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test

## Features

* Support for TLS
* Autogenerated snake oil cert
* Support for TLS (snake oil cert on build)
* Initialized with data from Futurama
* ~180MB Images size

Expand All @@ -30,7 +29,7 @@ docker run --privileged -d -p 389:389 rroemhild/test-openldap
## Exposed ports

* 389

* 636

## Exposed volumes

Expand Down Expand Up @@ -155,4 +154,3 @@ docker run --privileged -d -p 389:389 rroemhild/test-openldap
| ou | Delivering Crew |
| uid | bender |
| userPassword | bender |

1 change: 0 additions & 1 deletion bootstrap/config/tls.ldif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,3 @@ olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
-
replace: olcTLSVerifyClient
olcTLSVerifyClient: never

41 changes: 27 additions & 14 deletions bootstrap/slapd-init.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,22 @@ set -eu
readonly DATA_DIR="/bootstrap/data"
readonly CONFIG_DIR="/bootstrap/config"

readonly LDAP_DOMAIN=planetexpress.com
readonly LDAP_ORGANISATION="Planet Express, Inc."
readonly LDAP_BINDDN="cn=admin,dc=planetexpress,dc=com"
readonly LDAP_SECRET=GoodNewsEveryone


file_exist() {
local file=$1

[[ -e $file ]]
}
readonly LDAP_SSL_KEY="/etc/ldap/ssl/ldap.key"
readonly LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"


reconfigure_slapd() {
echo "Reconfigure slapd..."
cat <<EOL | debconf-set-selections
slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_SECRET}
slapd slapd/internal/adminpw password ${LDAP_ADMIN_SECRET}
slapd slapd/password2 password ${LDAP_ADMIN_SECRET}
slapd slapd/password1 password ${LDAP_ADMIN_SECRET}
slapd slapd/internal/generated_adminpw password ${LDAP_SECRET}
slapd slapd/internal/adminpw password ${LDAP_SECRET}
slapd slapd/password2 password ${LDAP_SECRET}
slapd slapd/password1 password ${LDAP_SECRET}
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/domain string ${LDAP_DOMAIN}
slapd shared/organization string ${LDAP_ORGANISATION}
Expand All @@ -32,7 +31,22 @@ slapd slapd/no_configuration boolean false
slapd slapd/dump_database select when needed
EOL

dpkg-reconfigure slapd
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure slapd
}


make_snakeoil_certificate() {
echo "Make snakeoil certificate for ${LDAP_DOMAIN}..."
openssl req -subj "/CN=${LDAP_DOMAIN}" \
-new \
-newkey rsa:2048 \
-days 365 \
-nodes \
-x509 \
-keyout ${LDAP_SSL_KEY} \
-out ${LDAP_SSL_CERT}

chmod 600 ${LDAP_SSL_KEY}
}


Expand All @@ -55,7 +69,7 @@ load_initial_data() {
echo "Processing file ${ldif}..."
ldapadd -x -H ldapi:/// \
-D ${LDAP_BINDDN} \
-w ${LDAP_ADMIN_SECRET} \
-w ${LDAP_SECRET} \
-f ${ldif}
done
}
Expand All @@ -64,7 +78,7 @@ load_initial_data() {
## Init

reconfigure_slapd

make_snakeoil_certificate
chown -R openldap:openldap /etc/ldap
slapd -h "ldapi:///" -u openldap -g openldap

Expand All @@ -75,4 +89,3 @@ load_initial_data
kill -INT `cat /run/slapd/slapd.pid`

exit 0

24 changes: 1 addition & 23 deletions run.sh
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,9 @@
#!/bin/sh
set -e

readonly LDAP_SSL_KEY="/etc/ldap/ssl/ldap.key"
readonly LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"


make_snakeoil_certificate() {
echo "Make snakeoil certificate for ${LDAP_DOMAIN}..."
openssl req -subj "/CN=${LDAP_DOMAIN}" \
-new \
-newkey rsa:2048 \
-days 365 \
-nodes \
-x509 \
-keyout ${LDAP_SSL_KEY} \
-out ${LDAP_SSL_CERT}

chmod 600 ${LDAP_SSL_KEY}
}


file_exist ${LDAP_SSL_CERT} \
|| make_snakeoil_certificate

echo "starting slapd on port 389 and 636..."
chown -R openldap:openldap /etc/ldap
exec /usr/sbin/slapd -h "ldap:/// ldapi:/// ldaps:///" \
-u openldap \
-g openldap \
-d ${DEBUG_LEVEL}
-d ${LDAP_DEBUG_LEVEL}

0 comments on commit 2b0cd76

Please sign in to comment.