allow to skip preconfiguration

This commit is contained in:
Roland Gruber 2019-12-16 20:39:58 +01:00
parent 10f6897e7e
commit 9136d79751
2 changed files with 36 additions and 23 deletions

View File

@ -1,3 +1,9 @@
#
# LAM setup
#
# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
# If set to false the other variables below have no effect.
LAM_SKIP_PRECONFIGURE=false
# domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_DOMAIN=my-domain.com
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
@ -8,13 +14,15 @@ LDAP_SERVER=ldap://ldap:389
LDAP_USER=cn=admin,dc=my-domain,dc=com
# default language, e.g. en_US, de_DE, fr_FR, ...
LAM_LANG=en_US
# LAM configuration master password and password for server profile "lam"
LAM_PASSWORD=lam
# docker-compose only, LDAP organisation name for OpenLDAP
#
# docker-compose only, LDAP server setup
#
# LDAP organisation name for OpenLDAP
LDAP_ORGANISATION="LDAP Account Manager Demo"
# docker-compose only, LDAP admin password
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# docker-compose only, password for LDAP read-only user
# password for LDAP read-only user
LDAP_READONLY_USER_PASSWORD=readonlypw

View File

@ -23,20 +23,23 @@
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF
unset LAM_PASSWORD
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
@ -46,6 +49,8 @@ sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
EOF
fi
echo "Starting Apache"
rm -f /run/apache2/apache2.pid
set +u