diff --git a/CHANGELOG.md b/CHANGELOG.md index e6bfdc7..be92b6c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## 6.8.2 2020-04-16 + + ### Changed + - Fix for SLAPD_ARGS variable default + - Fix for TLS_RESET_PERMISSIONS + - Fix for generating dhparam.pem files on read only file systems + + ## 6.8.1 2020-04-16 ### Added diff --git a/README.md b/README.md index b9880c9..adcfc27 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ None. # Installation -Automated builds of the image are available on [Registry](https://hub.docker.com/r/tiredofit/openldap) and is the recommended method of installation. +Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/openldap) and is the recommended method of installation. ```bash docker pull tiredofit/openldap @@ -81,7 +81,7 @@ Start openldap using: ```bash docker-compose up ``` -__NOTE__: Please allow up to 2 minutes for the application to start for the first time if you are generating TLS certificates. +__NOTE__: Please allow up to 2 minutes for the application to start for the first time if you are generating self signed TLS certificates. ## Data-Volumes @@ -184,6 +184,8 @@ Replication options: |-----------|-------------| | `ENABLE_NGINX` | If you want to use automatic LetsEncrypt certificates for your server, set this to `true` | `REMOVE_CONFIG_AFTER_SETUP` | Delete config folder after setup. Default `true` | +| `SLAPD_ARGS` | If you want to override slapd runtime arguments place here . Default (null) +| `SLAPD_HOSTS` | Allow overriding the default listen parameters - Default `ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///` | `SSL_HELPER_PREFIX` | Ssl-helper environment variables prefix. Default `ldap`, ssl-helper first search config from `SSL_HELPER_*` variables, before `SSL_HELPER_*` variables. | diff --git a/install/assets/functions/10-openldap b/install/assets/functions/10-openldap index 144a001..3e708c3 100755 --- a/install/assets/functions/10-openldap +++ b/install/assets/functions/10-openldap @@ -19,7 +19,7 @@ READONLY_USER_PASS=${READONLY_USER_PASS:-"readonly"} READONLY_USER_USER=${READONLY_USER_USER:-"readonly"} REMOVE_CONFIG_AFTER_SETUP=${REMOVE_CONFIG_AFTER_SETUP:-"false"} SCHEMA_TYPE=${SCHEMA_TYPE:-"nis"} -SLAPD_ARGS="${SLAPD_ARGS:-""} +SLAPD_ARGS=${SLAPD_ARGS:-""} SLAPD_HOSTS=${SLAPD_HOSTS:-"ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///"} SSL_HELPER_PREFIX=${SSL_HELPER_PREFIX:-"ldap"} TLS_CA_CRT_FILENAME=${TLS_CA_CRT_FILENAME:-"ca.pem"} diff --git a/install/etc/cont-init.d/10-openldap b/install/etc/cont-init.d/10-openldap index 1206214..280760b 100755 --- a/install/etc/cont-init.d/10-openldap +++ b/install/etc/cont-init.d/10-openldap @@ -173,9 +173,9 @@ chown -R ldap:ldap /etc/openldap [[ -z "$PREVIOUS_TLS_DH_PARAM_PATH" ]] && PREVIOUS_TLS_DH_PARAM_PATH="${TLS_DHPARAM_PATH}/${TLS_DH_PARAM_FILENAME}" silent ssl-helper $SSL_HELPER_PREFIX $PREVIOUS_TLS_CRT_PATH $PREVIOUS_TLS_KEY_PATH $PREVIOUS_TLS_CA_CRT_PATH - [ -f ${PREVIOUS_TLS_DH_PARAM_PATH} ] || silent libressl dhparam -out ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME} ${TLS_DH_PARAM_KEYSIZE} + [ -f ${PREVIOUS_TLS_DH_PARAM_PATH} ] || silent libressl dhparam -out ${PREVIOUS_TLS_DH_PARAM_PATH} ${TLS_DH_PARAM_KEYSIZE} - if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] ; then + if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "true" ] ; then chmod 600 ${PREVIOUS_TLS_DH_PARAM_PATH} chown ldap:ldap $PREVIOUS_TLS_CRT_PATH $PREVIOUS_TLS_KEY_PATH $PREVIOUS_TLS_CA_CRT_PATH $PREVIOUS_TLS_DH_PARAM_PATH fi @@ -306,8 +306,9 @@ chown -R ldap:ldap /etc/openldap # Create DHParamFile if not found [ -f ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME} ] || silent libressl dhparam -out ${TLS_DH_PARAM_PATH}${TLS_DH_PARAM_FILENAME} ${TLS_DH_PARAM_KEYSIZE} - if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] ; then + if [ "${TLS_RESET_PERMISSIONS}" = "TRUE" ] || [ "${TLS_RESET_PERMISSIONS}" = "true" ] ; then chmod 600 ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME} + chown ldap:ldap ${TLS_DH_PARAM_PATH}/${TLS_DH_PARAM_FILENAME} fi # Fix file permissions