Skip to content

Add a way to customize ACL rules in container if required #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
clems4ever wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add a way to customize ACL rules in container if required #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,12 +123,14 @@ Prepopulate with data
---------------------

There are some use cases where it is desired to prepopulate the database with
some data before launching the container. In order to do that, one can mount a
some data or configuration customizations before launching the container. In order to do that, one can mount a
host directory as a data volume in `/etc/ldap.dist/prepopulate`. Each LDIF file
is run through `slapadd` in alphabetical order. E.g.

docker run -d --volume /path/to/dir/with/ldif-files:/etc/ldap.dist/prepopulate [CONFIG] dinkel/openldap

One can also customize ACL rules of the database by providing `olcAccess` rules in the file named `access.rules` in `/etc/ldap.dist/prepopulate`. If the file does not exist, default rules are applied, otherwise they are replaced by the provided rules.

Please note that the prepopulation files are only processed on the containers
first run (a.k.a. as long as there is no data in the database).

Expand Down
10 changes: 10 additions & 0 deletions entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ ulimit -n 8192
set -e

SLAPD_FORCE_RECONFIGURE="${SLAPD_FORCE_RECONFIGURE:-false}"
ACCESS_LDIF="/etc/ldap/prepopulate/access.rules"
CONFIG_LDIF="/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif"

first_run=true

Expand Down Expand Up @@ -104,11 +106,19 @@ else
fi
fi


if [[ "$first_run" == "true" ]]; then
if [[ -d "/etc/ldap/prepopulate" ]]; then
for file in `ls /etc/ldap/prepopulate/*.ldif`; do
slapadd -F /etc/ldap/slapd.d -l "$file"
done

if [[ -f "${ACCESS_LDIF}" ]]; then
sed "9,12d" ${CONFIG_LDIF} > ${CONFIG_LDIF}.new
cat ${ACCESS_LDIF} >> ${CONFIG_LDIF}.new
cat ${CONFIG_LDIF}.new > ${CONFIG_LDIF}
echo "Access rules customized."
fi
fi
fi

Expand Down
4 changes: 4 additions & 0 deletions example/access.rules
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by * none
# olcAccess: {1}to dn.base="" by * read
# olcAccess: {2}to * by * read