From 5d09927ec1306990df66e397af25ea34b441c110 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20Schl=C3=BCter?= <10252511+oschlueter@users.noreply.github.com> Date: Thu, 26 Aug 2021 16:48:06 +0200 Subject: [PATCH 1/2] pass FQDN to slapd -h if olcServerID was set before --- image/service/slapd/startup.sh | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/image/service/slapd/startup.sh b/image/service/slapd/startup.sh index dae1bd2..a0e40ec 100755 --- a/image/service/slapd/startup.sh +++ b/image/service/slapd/startup.sh @@ -42,6 +42,13 @@ file_env 'LDAP_READONLY_USER_PASSWORD' [ -d /var/lib/ldap ] || mkdir -p /var/lib/ldap [ -d /etc/ldap/slapd.d ] || mkdir -p /etc/ldap/slapd.d +if [ -z "$FQDN" ]; then + log-helper info "get FQDN from `hostname`" + # Only call hostname if the fully qualified domain name wasn't provided as environment variable. + + FQDN="$(/bin/hostname --fqdn)" +fi + log-helper info "openldap user and group adjustments" LDAP_OPENLDAP_UID=${LDAP_OPENLDAP_UID:-911} LDAP_OPENLDAP_GID=${LDAP_OPENLDAP_GID:-911} @@ -305,11 +312,20 @@ EOF # start OpenLDAP log-helper info "Start OpenLDAP..." - # At this stage, we can just listen to ldap:// and ldap:// without naming any names + + # check if olcServerID has been configured before + if [ $(grep olcServerID /etc/ldap/slapd.d/'cn=config.ldif' | wc -l) -ne 0 ]; then + # yes, so we have to pass the FQDN to -h + SLAPD_H_ARG="ldap://$FQDN ldapi:///" + else + # no, so we just listen to local connections + SLAPD_H_ARG="ldap:/// ldapi:///" + fi + if log-helper level ge debug; then - slapd -h "ldap:/// ldapi:///" -u openldap -g openldap -d "$LDAP_LOG_LEVEL" 2>&1 & + slapd -h "$SLAPD_H_ARG" -u openldap -g openldap -d "$LDAP_LOG_LEVEL" 2>&1 & else - slapd -h "ldap:/// ldapi:///" -u openldap -g openldap + slapd -h "$SLAPD_H_ARG" -u openldap -g openldap fi @@ -567,8 +583,6 @@ ln -sf ${CONTAINER_SERVICE_DIR}/slapd/assets/ldap.conf /etc/ldap/ldap.conf # force OpenLDAP to listen on all interfaces # We need to make sure that /etc/hosts continues to include the # fully-qualified domain name and not just the specified hostname. -# Without the FQDN, /bin/hostname --fqdn stops working. -FQDN="$(/bin/hostname --fqdn)" if [ "$FQDN" != "$HOSTNAME" ]; then FQDN_PARAM="$FQDN" else From 42031f591c560b3fcd42a3a54f2c037cea346108 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20Schl=C3=BCter?= <10252511+oschlueter@users.noreply.github.com> Date: Thu, 26 Aug 2021 18:01:43 +0200 Subject: [PATCH 2/2] update /etc/hosts before launching slapd --- image/service/slapd/startup.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/image/service/slapd/startup.sh b/image/service/slapd/startup.sh index a0e40ec..c08c192 100755 --- a/image/service/slapd/startup.sh +++ b/image/service/slapd/startup.sh @@ -49,6 +49,18 @@ if [ -z "$FQDN" ]; then FQDN="$(/bin/hostname --fqdn)" fi +# force OpenLDAP to listen on all interfaces +# We need to make sure that /etc/hosts continues to include the +# fully-qualified domain name and not just the specified hostname. +if [ "$FQDN" != "$HOSTNAME" ]; then + FQDN_PARAM="$FQDN" +else + FQDN_PARAM="" +fi +ETC_HOSTS=$(cat /etc/hosts | sed "/$HOSTNAME/d") +echo "0.0.0.0 $FQDN_PARAM $HOSTNAME" > /etc/hosts +echo "$ETC_HOSTS" >> /etc/hosts + log-helper info "openldap user and group adjustments" LDAP_OPENLDAP_UID=${LDAP_OPENLDAP_UID:-911} LDAP_OPENLDAP_GID=${LDAP_OPENLDAP_GID:-911} @@ -580,16 +592,5 @@ fi ln -sf ${CONTAINER_SERVICE_DIR}/slapd/assets/.ldaprc $HOME/.ldaprc ln -sf ${CONTAINER_SERVICE_DIR}/slapd/assets/ldap.conf /etc/ldap/ldap.conf -# force OpenLDAP to listen on all interfaces -# We need to make sure that /etc/hosts continues to include the -# fully-qualified domain name and not just the specified hostname. -if [ "$FQDN" != "$HOSTNAME" ]; then - FQDN_PARAM="$FQDN" -else - FQDN_PARAM="" -fi -ETC_HOSTS=$(cat /etc/hosts | sed "/$HOSTNAME/d") -echo "0.0.0.0 $FQDN_PARAM $HOSTNAME" > /etc/hosts -echo "$ETC_HOSTS" >> /etc/hosts exit 0