From b91333ff122dc9a78bfb1e650a55535d3e3a2bc4 Mon Sep 17 00:00:00 2001 From: Patrick Baumgartner Date: Sat, 23 May 2020 14:00:02 +0200 Subject: [PATCH 1/3] Allowing to have a DN for users and groups Users and groups are usually not in the same DN/OU, therefore we need the possibility to adjust them as well via environment variables and still keeping backward compatibility. --- lam-packaging/docker/start.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lam-packaging/docker/start.sh b/lam-packaging/docker/start.sh index 8c4cf85d..3fd63b7a 100755 --- a/lam-packaging/docker/start.sh +++ b/lam-packaging/docker/start.sh @@ -32,8 +32,10 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}" LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}" LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" + LDAP_USER_DN="${LDAP_USER_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" + LDAP_GROUP_DN="${LDAP_GROUP_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" - + sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF s|^password:.*|password: ${LAM_PASSWORD_SSHA}|; EOF @@ -45,8 +47,8 @@ EOF s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|; s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|; s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|; - s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|; - s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|; + s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USER_DN}|; + s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUP_DN}|; EOF fi From 1081b51fe9742d96e538dfd8f5372eaaa3f51d5d Mon Sep 17 00:00:00 2001 From: Patrick Baumgartner Date: Sat, 23 May 2020 14:05:27 +0200 Subject: [PATCH 2/3] Adding LDAP_GROUPS_DN und LDAP_USERS_DN --- lam-packaging/docker/.env | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lam-packaging/docker/.env b/lam-packaging/docker/.env index 38897874..690f5a65 100644 --- a/lam-packaging/docker/.env +++ b/lam-packaging/docker/.env @@ -8,6 +8,11 @@ LAM_SKIP_PRECONFIGURE=false LDAP_DOMAIN=my-domain.com # LDAP base DN to overwrite value generated by LDAP_DOMAIN LDAP_BASE_DN=dc=my-domain,dc=com +# LDAP users DN to overwrite value provided by LDAP_BASE_DN +LDAP_USERS_DN=ou=people,dc=my-domain,dc=com +# LDAP groups DN to overwrite value provided by LDAP_BASE_DN +LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com + # LDAP server URL LDAP_SERVER=ldap://ldap:389 # LDAP admin user (set as login user for LAM) From ecdd23e843f079fff010c26bba2d4260df34ec34 Mon Sep 17 00:00:00 2001 From: Patrick Baumgartner Date: Sat, 23 May 2020 14:07:47 +0200 Subject: [PATCH 3/3] Renaming env variables and providing better defaults --- lam-packaging/docker/start.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lam-packaging/docker/start.sh b/lam-packaging/docker/start.sh index 3fd63b7a..82aafb97 100755 --- a/lam-packaging/docker/start.sh +++ b/lam-packaging/docker/start.sh @@ -32,8 +32,8 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}" LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}" LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" - LDAP_USER_DN="${LDAP_USER_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" - LDAP_GROUP_DN="${LDAP_GROUP_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" + LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}" + LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}" LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF @@ -47,8 +47,8 @@ EOF s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|; s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|; s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|; - s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USER_DN}|; - s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUP_DN}|; + s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USERS_DN}|; + s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUPS_DN}|; EOF fi