making sure we can completely customize the users DN and email. pre-requsite for letsencrypt certs

AnalogJ · AnalogJ · commit 2f80ce69a043 · 2021-06-12T10:31:08.000-07:00
diff --git a/Dockerfile b/Dockerfile
@@ -37,4 +37,4 @@ EXPOSE 10389 10636
 
 CMD ["/init"]
 
-HEALTHCHECK CMD ldapsearch -H ldap://127.0.0.1:10389 -D cn=admin,dc=planetexpress,dc=com -w GoodNewsEveryone -b cn=admin,dc=planetexpress,dc=com
+HEALTHCHECK CMD ["ldapsearch", "-H", "ldap://127.0.0.1:10389", "-D", "${LDAP_BINDDN}", "-w", "${LDAP_SECRET}", "-b", "${LDAP_BINDDN}"]
diff --git a/README.md b/README.md
@@ -43,8 +43,6 @@ ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=co
 
 # Enforce StartTLS with self-signed cert
 LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
-
-
 ```
 
 ## Exposed ports
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,7 +7,10 @@ services:
         # image: rroemhild/test-openldap
         environment:
             LDAP_FORCE_STARTTLS: "true"
-
+            LDAP_DOMAIN: "customdomain.com"
+            LDAP_BASEDN: "dc=customdomain,dc=com"
+            LDAP_ORGANISATION: "Custom Domain, Inc."
+            LDAP_BINDDN: "cn=admin,dc=customdomain,dc=com"
         # use build tag to use the local repo
         build:
             context: ./
diff --git a/rootfs/etc/cont-init.d/050-openldap-populate b/rootfs/etc/cont-init.d/050-openldap-populate
@@ -40,6 +40,15 @@ load_initial_data() {
     local data=$(find ${DATA_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort)
     for ldif in ${data}; do
         echo "Processing file ${ldif}..."
+        if  [ ! -z "$LDAP_BASEDN" ]; then
+            echo "updating base dn dc=planetexpress,dc=com -> ${LDAP_BASEDN}"
+            sed -i "s/dc=planetexpress,dc=com/${LDAP_BASEDN}/g" "${ldif}"
+        fi
+        if  [  "$LDAP_DOMAIN" != "planetexpress.com" ]; then
+            echo "updating emails @planetexpress.com -> @${LDAP_DOMAIN}"
+            sed -i "s/@planetexpress.com/@${LDAP_DOMAIN}/g" "${ldif}"
+        fi
+
         ldapadd -x -H ldapi:/// \
           -D ${LDAP_BINDDN} \
           -w ${LDAP_SECRET} \
diff --git a/rootfs/opt/openldap/bootstrap/data/10_people_bender.ldif b/rootfs/opt/openldap/bootstrap/data/10_people_bender.ldif
@@ -1,11 +1,10 @@
-dn:: Y249QmVuZGVyIEJlbmRpbmcgUm9kcsOtZ3VleixvdT1wZW9wbGUsZGM9cGxhbmV0ZXhwcmV
- zcyxkYz1jb20=
+dn: cn=Bender Bending Rodriguez,ou=people,dc=planetexpress,dc=com
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top
-cn:: QmVuZGVyIEJlbmRpbmcgUm9kcsOtZ3Vleg==
-sn:: Um9kcsOtZ3Vleg==
+cn: cn=Bender Bending Rodriguez
+sn: Rodriguez
 description: Robot
 displayName: Bender
 employeeType: Ship's Robot

Original file line number	Diff line number	Diff line change
`@@ -37,4 +37,4 @@ EXPOSE 10389 10636`
`37`	`37`
`38`	`38`	`CMD ["/init"]`
`39`	`39`
`40`		`-HEALTHCHECK CMD ldapsearch -H ldap://127.0.0.1:10389 -D cn=admin,dc=planetexpress,dc=com -w GoodNewsEveryone -b cn=admin,dc=planetexpress,dc=com`
	`40`	`+HEALTHCHECK CMD ["ldapsearch", "-H", "ldap://127.0.0.1:10389", "-D", "${LDAP_BINDDN}", "-w", "${LDAP_SECRET}", "-b", "${LDAP_BINDDN}"]`