Release 6.8.2 - See CHANGELOG.md

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 6.8.2 2020-04-16 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Fix for SLAPD_ARGS variable default
+      - Fix for TLS_RESET_PERMISSIONS
+      - Fix for generating dhparam.pem files on read only file systems
+
+
 ## 6.8.1 2020-04-16 <frebib@github>
 
    ### Added 

README.md

@@ -62,7 +62,7 @@ None.
 
 # Installation
 
-Automated builds of the image are available on [Registry](https://hub.docker.com/r/tiredofit/openldap) and is the recommended method of installation.
+Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/openldap) and is the recommended method of installation.
 
 ```bash
 docker pull tiredofit/openldap
@@ -81,7 +81,7 @@ Start openldap using:
 ```bash
 docker-compose up
 ```
-__NOTE__: Please allow up to 2 minutes for the application to start for the first time if you are generating TLS certificates.
+__NOTE__: Please allow up to 2 minutes for the application to start for the first time if you are generating self signed TLS certificates.
 
 ## Data-Volumes
 
@@ -184,6 +184,8 @@ Replication options:
 |-----------|-------------|
 | `ENABLE_NGINX` | If you want to use automatic LetsEncrypt certificates for your server, set this to `true`
 | `REMOVE_CONFIG_AFTER_SETUP` | Delete config folder after setup. Default  `true` |
+| `SLAPD_ARGS` | If you want to override slapd runtime arguments place here . Default (null)
+| `SLAPD_HOSTS` | Allow overriding the default listen parameters - Default `ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///`
 | `SSL_HELPER_PREFIX` | Ssl-helper environment variables prefix. Default  `ldap`, ssl-helper first search config from `SSL_HELPER_*` variables, before `SSL_HELPER_*` variables. |
 
 

install/assets/functions/10-openldap

@@ -19,7 +19,7 @@ READONLY_USER_PASS=${READONLY_USER_PASS:-"readonly"}
 READONLY_USER_USER=${READONLY_USER_USER:-"readonly"}
 REMOVE_CONFIG_AFTER_SETUP=${REMOVE_CONFIG_AFTER_SETUP:-"false"}
 SCHEMA_TYPE=${SCHEMA_TYPE:-"nis"}
-SLAPD_ARGS="${SLAPD_ARGS:-""}
+SLAPD_ARGS=${SLAPD_ARGS:-""}
 SLAPD_HOSTS=${SLAPD_HOSTS:-"ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///"}
 SSL_HELPER_PREFIX=${SSL_HELPER_PREFIX:-"ldap"}
 TLS_CA_CRT_FILENAME=${TLS_CA_CRT_FILENAME:-"ca.pem"}

install/etc/cont-init.d/10-openldap

@@ -173,9 +173,9 @@ chown -R ldap:ldap /etc/openldap
     [[ -z "$PREVIOUS_TLS_DH_PARAM_PATH" ]] && PREVIOUS_TLS_DH_PARAM_PATH="${TLS_DHPARAM_PATH}/${TLS_DH_PARAM_FILENAME}"
 
     silent ssl-helper $SSL_HELPER_PREFIX $PREVIOUS_TLS_CRT_PATH $PREVIOUS_TLS_KEY_PATH $PREVIOUS_TLS_CA_CRT_PATH
-    [ -f ${PREVIOUS_TLS_DH_PARAM_PATH} ] || silent libressl dhparam -out ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME} ${TLS_DH_PARAM_KEYSIZE}
+    [ -f ${PREVIOUS_TLS_DH_PARAM_PATH} ] || silent libressl dhparam -out ${PREVIOUS_TLS_DH_PARAM_PATH} ${TLS_DH_PARAM_KEYSIZE}
 
-    if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] ; then
+    if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "true" ] ; then
       chmod 600 ${PREVIOUS_TLS_DH_PARAM_PATH}
       chown ldap:ldap $PREVIOUS_TLS_CRT_PATH $PREVIOUS_TLS_KEY_PATH $PREVIOUS_TLS_CA_CRT_PATH $PREVIOUS_TLS_DH_PARAM_PATH
     fi
@@ -306,8 +306,9 @@ chown -R ldap:ldap /etc/openldap
 
     # Create DHParamFile if not found
     [ -f ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME} ] || silent libressl dhparam -out ${TLS_DH_PARAM_PATH}${TLS_DH_PARAM_FILENAME} ${TLS_DH_PARAM_KEYSIZE}
-    if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] ; then
+    if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "true" ] ; then
       chmod 600 ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME}
+      chown ldap:ldap ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME}
     fi
 
     # Fix file permissions