Support to create database from entrypoint (#5)

* Moved creation of the initial database to the entrypoint that
checks the `DB_CONFIG` file existence as the condition to init the database
* Remove needs of `/usr/local/etc/openldap` volume
* Updated README.md

Author: joariasl

Dockerfile

@@ -2,12 +2,6 @@ FROM ubuntu:16.04
 
 LABEL maintainer="Jorge Arias <[email protected]>"
 
-ARG LDAP_DN_BASE=dc=my-domain,dc=com
-ARG LDAP_ORGANIZATION=Example
-ARG LDAP_ROOT_DN=cn=Manager,dc=my-domain,dc=com
-ARG LDAP_DATABASE=hdb
-ARG LDAP_ROOT_PW=secret
-
 ENV OPENLDAP_VERSION 2.4.47
 
 RUN apt-get update && apt-get install -y \
@@ -25,7 +19,7 @@ RUN sed -i 's/MECHANISMS="pam"/MECHANISMS="ldap"/' /etc/default/saslauthd \
   && echo "pwcheck_method: saslauthd" >> /usr/lib/sasl2/slapd.conf \
   && echo "saslauthd_path: /var/run/saslauthd/mux" >> /usr/lib/sasl2/slapd.conf
 
-COPY saslauthd.conf /etc/saslauthd.conf
+COPY assets/saslauthd.conf /etc/saslauthd.conf
 
 RUN curl -LJO http://mirror.eu.oneandone.net/software/openldap/openldap-release/openldap-${OPENLDAP_VERSION}.tgz \
   && gunzip -c openldap-${OPENLDAP_VERSION}.tgz | tar xf - \
@@ -39,27 +33,18 @@ RUN ./configure --enable-spasswd --with-cyrus-sasl --enable-memberof \
   && make install \
   && make clean
 
-RUN touch /usr/local/etc/openldap/create.ldif \
-  cp /usr/local/var/openldap-data/DB_CONFIG.example /usr/local/var/openldap-data/DB_CONFIG
-
-COPY slapd.conf /usr/local/etc/openldap/slapd.conf
-RUN sed -i -E 's/^(suffix[[:blank:]]*).*/\1"'"$LDAP_DN_BASE"'"/' /usr/local/etc/openldap/slapd.conf \
-  && sed -i -E 's/^(rootdn[[:blank:]]*).*/\1"'"$LDAP_ROOT_DN"'"/' /usr/local/etc/openldap/slapd.conf \
-  && sed -i -E 's/^(database[[:blank:]]*).*/\1'"$LDAP_DATABASE"'/' /usr/local/etc/openldap/slapd.conf \
-  && sed -i -E 's/^(rootpw[[:blank:]]*).*/\1'"$LDAP_ROOT_PW"'/' /usr/local/etc/openldap/slapd.conf
-
-COPY create.ldif /usr/local/etc/openldap/create.ldif
+RUN mkdir /opt/openldap-init \
+  && cp /usr/local/var/openldap-data/DB_CONFIG.example /opt/openldap-init/
 
-RUN sed -i -E 's/^(dn:[[:blank:]]*).*/\1'"$LDAP_DN_BASE"'/' /usr/local/etc/openldap/create.ldif \
-  && sed -i -E 's/^(o:[[:blank:]]*).*/\1'"$LDAP_ORGANIZATION"'/' /usr/local/etc/openldap/create.ldif
+COPY assets/slapd.conf /opt/openldap-init/slapd.conf
 
-RUN slapadd -l /usr/local/etc/openldap/create.ldif
+COPY assets/create.ldif /opt/openldap-init/create.ldif
 
 WORKDIR /
 
 EXPOSE 389
 
-VOLUME ["/usr/local/etc/openldap", "/usr/local/var/openldap-data"]
+VOLUME ["/usr/local/var/openldap-data"]
 
 COPY docker-entrypoint.sh /sbin/docker-entrypoint.sh
 

README.md

@@ -13,6 +13,11 @@ docker build -t openldap \
 ## Running with SASL configuration
 ```
 docker run -d --name openldap -p 389:389 \
+-e LDAP_DN_BASE=dc=my-domain,dc=com \
+-e LDAP_ORGANIZATION=Example \
+-e LDAP_ROOT_DN=cn=Manager,dc=my-domain,dc=com \
+-e LDAP_DATABASE=hdb \
+-e LDAP_ROOT_PW=secret \
 -e LDAP_SERVERS='ldap://ad.example.com:389/' \
 -e LDAP_SEARCH_BASE='CN=DomainUsers,DC=example,DC=com' \
 -e LDAP_TIMEOUT=10 \
@@ -25,6 +30,11 @@ openldap
 ## Using volumes
 ```
 docker run -d --name openldap -p 389:389 \
+-e LDAP_DN_BASE=dc=my-domain,dc=com \
+-e LDAP_ORGANIZATION=Example \
+-e LDAP_ROOT_DN=cn=Manager,dc=my-domain,dc=com \
+-e LDAP_DATABASE=hdb \
+-e LDAP_ROOT_PW=secret \
 -e LDAP_SERVERS='ldap://ad.example.com:389/' \
 -e LDAP_SEARCH_BASE='CN=DomainUsers,DC=example,DC=com' \
 -e LDAP_TIMEOUT=10 \

create.ldif renamed to assets/create.ldif

@@ -1,18 +1,44 @@
 #!/bin/bash
 
+LDAP_DN_BASE=${LDAP_DN_BASE:-'dc=my-domain,dc=com'}
+LDAP_ORGANIZATION=${LDAP_ORGANIZATION:-'Example'}
+LDAP_ROOT_DN=${LDAP_ROOT_DN:-'cn=Manager,dc=my-domain,dc=com'}
+LDAP_DATABASE=${LDAP_DATABASE:-'hdb'}
+LDAP_ROOT_PW=${LDAP_ROOT_PW:-'secret'}
+
 LDAP_SERVERS=${LDAP_SERVERS:-'ldap://ad.example.com:389/'}
 LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE:-'CN=DomainUsers,DC=example,DC=com'}
 LDAP_TIMEOUT=${LDAP_TIMEOUT:-'10'}
 LDAP_FILTER=${LDAP_FILTER:-'(sAMAccountName=%U)'}
 LDAP_BIND_DN=${LDAP_BIND_DN:-'CN=Administrator,CN=Users,DC=example,DC=com'}
 LDAP_PASSWORD=${LDAP_PASSWORD:-'ADpassword'}
 
+cp /opt/openldap-init/slapd.conf /usr/local/etc/openldap/slapd.conf
+
+sed -i -E 's/^(suffix[[:blank:]]*).*/\1"'"$LDAP_DN_BASE"'"/' /usr/local/etc/openldap/slapd.conf \
+  && sed -i -E 's/^(rootdn[[:blank:]]*).*/\1"'"$LDAP_ROOT_DN"'"/' /usr/local/etc/openldap/slapd.conf \
+  && sed -i -E 's/^(database[[:blank:]]*).*/\1'"$LDAP_DATABASE"'/' /usr/local/etc/openldap/slapd.conf \
+  && sed -i -E 's/^(rootpw[[:blank:]]*).*/\1'"$LDAP_ROOT_PW"'/' /usr/local/etc/openldap/slapd.conf
+
 sed -i -E 's|^(ldap_servers:[[:blank:]]*).*|\1'"$LDAP_SERVERS"'|' /etc/saslauthd.conf \
   && sed -i -E 's/^(ldap_search_base:[[:blank:]]*).*/\1'"$LDAP_SEARCH_BASE"'/' /etc/saslauthd.conf \
   && sed -i -E 's/^(ldap_timeout:[[:blank:]]*).*/\1'"$LDAP_TIMEOUT"'/' /etc/saslauthd.conf \
   && sed -i -E 's/^(ldap_filter:[[:blank:]]*).*/\1'"$LDAP_FILTER"'/' /etc/saslauthd.conf \
   && sed -i -E 's/^(ldap_bind_dn:[[:blank:]]*).*/\1'"$LDAP_BIND_DN"'/' /etc/saslauthd.conf \
   && sed -i -E 's/^(ldap_password:[[:blank:]]*).*/\1'"$LDAP_PASSWORD"'/' /etc/saslauthd.conf
 
+# If initial configuration and database does not exists in volumes
+slaptest -f /usr/local/var/openldap-data/DB_CONFIG
+if [ $? != 0 ]
+then
+  echo "Creating initial database..."
+  cp /opt/openldap-init/DB_CONFIG.example /usr/local/var/openldap-data/DB_CONFIG
+
+  sed -i -E 's/^(dn:[[:blank:]]*).*/\1'"$LDAP_DN_BASE"'/' /opt/openldap-init/create.ldif \
+    && sed -i -E 's/^(o:[[:blank:]]*).*/\1'"$LDAP_ORGANIZATION"'/' /opt/openldap-init/create.ldif
+
+  slapadd -l /opt/openldap-init/create.ldif
+fi
+
 service saslauthd start
 /usr/local/libexec/slapd -d 1024