documented environment variables, cleanup

This commit is contained in:
Roland Gruber 2019-12-07 21:41:36 +01:00
parent 3d7e2e9c47
commit 3054f38d7c
3 changed files with 19 additions and 14 deletions

View File

@ -1,10 +1,18 @@
LDAP_ORGANISATION="LDAP Account Manager Demo" # domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_DOMAIN=mydomain.com LDAP_DOMAIN=my-domain.com
LDAP_BASE_DN=dc=mydomain,dc=com # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_BASE_DN=dc=my-domain,dc=com
# LDAP server URL
LDAP_SERVER=ldap://ldap:389 LDAP_SERVER=ldap://ldap:389
# LDAP admin user (set as login user for LAM)
LDAP_USER=cn=admin111,dc=my-domain,dc=com
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw LDAP_ADMIN_PASSWORD=adminpw
LDAP_READONLY_USER_PASSWORD=readonlypw
LDAP_BIND_DN=cn=readonly,dc=mydomain,dc=com
LDAP_SEARCH_BASE=dc=mydomain,dc=com
# LAM configuration master password and password for server profile "lam"
LAM_PASSWORD=lam LAM_PASSWORD=lam
# docker-compose only, LDAP organisation name for OpenLDAP
LDAP_ORGANISATION="LDAP Account Manager Demo"
# docker-compose only, password for LDAP read-only user
LDAP_READONLY_USER_PASSWORD=readonlypw

View File

@ -16,7 +16,6 @@ services:
environment: environment:
- LAM_PASSWORD=${LAM_PASSWORD} - LAM_PASSWORD=${LAM_PASSWORD}
- LAM_LANG=en_US - LAM_LANG=en_US
- LAM_TIMEZONE=Europe/Berlin
- LDAP_SERVER=${LDAP_SERVER} - LDAP_SERVER=${LDAP_SERVER}
- LDAP_DOMAIN=${LDAP_DOMAIN} - LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN} - LDAP_BASE_DN=${LDAP_BASE_DN}

View File

@ -26,13 +26,11 @@ set -eu # unset variables are errors & non-zero return values exit the whole scr
LAM_LANG="${LAM_LANG:-en_US}" LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}" export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";') LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LAM_TIMEZONE="${LAM_TIMEZONE:-Europe/Berlin}"
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}" LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-mydomain.com}" LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
echo "Setting LAM password to: $LAM_PASSWORD"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|; s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF EOF
@ -40,12 +38,12 @@ unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|; s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
s|^Admins:.*|Admins: ${ADMIN_USER}|; s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|; s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|; s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|; s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
s|^types: suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|; s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
s|^types: suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|; s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
EOF EOF
echo "Starting Apache" echo "Starting Apache"