From 3054f38d7cf300452956d7b2f02ee5bdcabdd1a9 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 7 Dec 2019 21:41:36 +0100 Subject: [PATCH] documented environment variables, cleanup --- lam-packaging/docker/.env | 20 ++++++++++++++------ lam-packaging/docker/docker-compose.yml | 1 - lam-packaging/docker/start.sh | 12 +++++------- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/lam-packaging/docker/.env b/lam-packaging/docker/.env index ab771746..fec3ea26 100644 --- a/lam-packaging/docker/.env +++ b/lam-packaging/docker/.env @@ -1,10 +1,18 @@ -LDAP_ORGANISATION="LDAP Account Manager Demo" -LDAP_DOMAIN=mydomain.com -LDAP_BASE_DN=dc=mydomain,dc=com +# domain of LDAP database root entry, will be converted to dc=...,dc=... +LDAP_DOMAIN=my-domain.com +# LDAP base DN to overwrite value generated by LDAP_DOMAIN +LDAP_BASE_DN=dc=my-domain,dc=com +# LDAP server URL LDAP_SERVER=ldap://ldap:389 +# LDAP admin user (set as login user for LAM) +LDAP_USER=cn=admin111,dc=my-domain,dc=com +# LDAP admin password LDAP_ADMIN_PASSWORD=adminpw -LDAP_READONLY_USER_PASSWORD=readonlypw -LDAP_BIND_DN=cn=readonly,dc=mydomain,dc=com -LDAP_SEARCH_BASE=dc=mydomain,dc=com +# LAM configuration master password and password for server profile "lam" LAM_PASSWORD=lam + +# docker-compose only, LDAP organisation name for OpenLDAP +LDAP_ORGANISATION="LDAP Account Manager Demo" +# docker-compose only, password for LDAP read-only user +LDAP_READONLY_USER_PASSWORD=readonlypw diff --git a/lam-packaging/docker/docker-compose.yml b/lam-packaging/docker/docker-compose.yml index cff0dc65..596d7dd5 100644 --- a/lam-packaging/docker/docker-compose.yml +++ b/lam-packaging/docker/docker-compose.yml @@ -16,7 +16,6 @@ services: environment: - LAM_PASSWORD=${LAM_PASSWORD} - LAM_LANG=en_US - - LAM_TIMEZONE=Europe/Berlin - LDAP_SERVER=${LDAP_SERVER} - LDAP_DOMAIN=${LDAP_DOMAIN} - LDAP_BASE_DN=${LDAP_BASE_DN} diff --git a/lam-packaging/docker/start.sh b/lam-packaging/docker/start.sh index 44f77ab3..70390b1d 100755 --- a/lam-packaging/docker/start.sh +++ b/lam-packaging/docker/start.sh @@ -26,13 +26,11 @@ set -eu # unset variables are errors & non-zero return values exit the whole scr LAM_LANG="${LAM_LANG:-en_US}" export LAM_PASSWORD="${LAM_PASSWORD:-lam}" LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";') -LAM_TIMEZONE="${LAM_TIMEZONE:-Europe/Berlin}" LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}" -LDAP_DOMAIN="${LDAP_DOMAIN:-mydomain.com}" +LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}" LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" -ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" +LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" -echo "Setting LAM password to: $LAM_PASSWORD" sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF s|^password:.*|password: ${LAM_PASSWORD_SSHA}|; EOF @@ -40,12 +38,12 @@ unset LAM_PASSWORD sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|; - s|^Admins:.*|Admins: ${ADMIN_USER}|; + s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|; s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|; s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|; s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|; - s|^types: suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|; - s|^types: suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|; + s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|; + s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|; EOF echo "Starting Apache"