diff --git a/lam-packaging/docker/.env b/lam-packaging/docker/.env index ffac751d..38897874 100644 --- a/lam-packaging/docker/.env +++ b/lam-packaging/docker/.env @@ -1,3 +1,9 @@ +# +# LAM setup +# +# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false) +# If set to false the other variables below have no effect. +LAM_SKIP_PRECONFIGURE=false # domain of LDAP database root entry, will be converted to dc=...,dc=... LDAP_DOMAIN=my-domain.com # LDAP base DN to overwrite value generated by LDAP_DOMAIN @@ -8,13 +14,15 @@ LDAP_SERVER=ldap://ldap:389 LDAP_USER=cn=admin,dc=my-domain,dc=com # default language, e.g. en_US, de_DE, fr_FR, ... LAM_LANG=en_US - # LAM configuration master password and password for server profile "lam" LAM_PASSWORD=lam -# docker-compose only, LDAP organisation name for OpenLDAP +# +# docker-compose only, LDAP server setup +# +# LDAP organisation name for OpenLDAP LDAP_ORGANISATION="LDAP Account Manager Demo" -# docker-compose only, LDAP admin password +# LDAP admin password LDAP_ADMIN_PASSWORD=adminpw -# docker-compose only, password for LDAP read-only user +# password for LDAP read-only user LDAP_READONLY_USER_PASSWORD=readonlypw diff --git a/lam-packaging/docker/start.sh b/lam-packaging/docker/start.sh index 15e15b69..8c4cf85d 100755 --- a/lam-packaging/docker/start.sh +++ b/lam-packaging/docker/start.sh @@ -23,28 +23,33 @@ set -eu # unset variables are errors & non-zero return values exit the whole script [ "$DEBUG" ] && set -x -LAM_LANG="${LAM_LANG:-en_US}" -export LAM_PASSWORD="${LAM_PASSWORD:-lam}" -LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";') -LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}" -LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}" -LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" -LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" +LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}" +if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then -sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF - s|^password:.*|password: ${LAM_PASSWORD_SSHA}|; -EOF -unset LAM_PASSWORD + LAM_LANG="${LAM_LANG:-en_US}" + export LAM_PASSWORD="${LAM_PASSWORD:-lam}" + LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";') + LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}" + LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}" + LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" + LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}" -sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF - s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|; - s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|; - s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|; - s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|; - s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|; - s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|; - s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|; + sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF + s|^password:.*|password: ${LAM_PASSWORD_SSHA}|; EOF + unset LAM_PASSWORD + + sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF + s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|; + s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|; + s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|; + s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|; + s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|; + s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|; + s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|; +EOF + +fi echo "Starting Apache" rm -f /run/apache2/apache2.pid