From 8a71d8c20f0ed153803f3cdb9018aeb814e6e79b Mon Sep 17 00:00:00 2001 From: Dave Conroy Date: Mon, 15 Mar 2021 17:37:55 -0700 Subject: [PATCH] Release 7.1.11 - See CHANGELOG.md --- CHANGELOG.md | 6 +++ README.md | 51 +++++++++---------- install/assets/defaults/10-openldap | 0 install/assets/functions/10-openldap | 0 .../slapd/config/bootstrap/default/default.sh | 0 install/assets/slapd/schema-to-ldif.sh | 0 install/etc/cont-init.d/10-openldap | 0 .../etc/services.available/10-openldap/run | 0 .../services.available/20-openldap-backup/run | 8 +-- .../scripts/ldap-stats.sh | 0 install/usr/local/bin/backup-now | 0 install/usr/local/bin/change-password | 0 install/usr/local/bin/slapd-backup | 0 install/usr/local/bin/slapd-backup-config | 0 install/usr/local/bin/slapd-backup-data | 0 install/usr/local/bin/slapd-restore | 0 install/usr/local/bin/slapd-restore-config | 0 install/usr/local/bin/slapd-restore-data | 0 18 files changed, 35 insertions(+), 30 deletions(-) mode change 100755 => 100644 install/assets/defaults/10-openldap mode change 100755 => 100644 install/assets/functions/10-openldap mode change 100755 => 100644 install/assets/slapd/config/bootstrap/default/default.sh mode change 100755 => 100644 install/assets/slapd/schema-to-ldif.sh mode change 100755 => 100644 install/etc/cont-init.d/10-openldap mode change 100755 => 100644 install/etc/services.available/10-openldap/run mode change 100755 => 100644 install/etc/services.available/20-openldap-backup/run mode change 100755 => 100644 install/etc/zabbix/zabbix_agentd.conf.d/scripts/ldap-stats.sh mode change 100755 => 100644 install/usr/local/bin/backup-now mode change 100755 => 100644 install/usr/local/bin/change-password mode change 100755 => 100644 install/usr/local/bin/slapd-backup mode change 100755 => 100644 install/usr/local/bin/slapd-backup-config mode change 100755 => 100644 install/usr/local/bin/slapd-backup-data mode change 100755 => 100644 install/usr/local/bin/slapd-restore mode change 100755 => 100644 install/usr/local/bin/slapd-restore-config mode change 100755 => 100644 install/usr/local/bin/slapd-restore-data diff --git a/CHANGELOG.md b/CHANGELOG.md index 892c542..12260b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.1.11 2021-03-15 + + ### Changed + - Fix sloppy S3 backup configuration + + ## 7.1.10 2021-02-13 ### Changed diff --git a/README.md b/README.md index 1f9922a..a90ded2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # hub.docker.com/r/tiredofit/openldap -[![Build Status](https://img.shields.io/docker/build/tiredofit/openldap.svg)](https://hub.docker.com/r/tiredofit/openldap) [![Docker Pulls](https://img.shields.io/docker/pulls/tiredofit/openldap.svg)](https://hub.docker.com/r/tiredofit/openldap) [![Docker Stars](https://img.shields.io/docker/stars/tiredofit/openldap.svg)](https://hub.docker.com/r/tiredofit/openldap) [![Docker Layers](https://images.microbadger.com/badges/image/tiredofit/openldap.svg)](https://microbadger.com/images/tiredofit/openldap) @@ -152,13 +151,13 @@ available options that can be used to customize your installation. If `BACKUP_LOCATION` = `S3` then the following options are used. -| Parameter | Description | -| ---------------------- | --------------------------------------------------------------------------------------- | -| `BACKUP_S3_BUCKET` | S3 Bucket name e.g. 'mybucket' | -| `BACKUP_S3_HOSTNAME` | Hostname of S3 Server e.g "s3.amazonaws.com" - You can also include a port if necessary | -| `BACKUP_S3_KEY_ID` | S3 Key ID | -| `BACKUP_S3_KEY_SECRET` | S3 Key Secret | -| `BACKUP_S3_PATH` | S3 Pathname to save to e.g. '`backup`' | +| Variable | Description | Default | +| ---------------------- | --------------------------------------------------------------------------------------- | ------------- | +| `BACKUP_S3_BUCKET` | S3 Bucket name e.g. 'mybucket' | | +| `BACKUP_S3_HOST` | Hostname of S3 Server e.g "s3.amazonaws.com" - You can also include a port if necessary | | +| `BACKUP_S3_KEY_ID` | S3 Key ID | | +| `BACKUP_S3_KEY_SECRET` | S3 Key Secret | | +| `BACKUP_S3_PATH` | S3 Pathname to save to e.g. '`backup`' | | | `BACKUP_S3_PROTOCOL` | Use either `http` or `https` to access service | `https` | | `BACKUP_S3_URI_STYLE` | Choose either `VIRTUALHOST` or `PATH` style | `VIRTUALHOST` | @@ -207,33 +206,33 @@ If you already have a check_password.conf or ppm.conf in /etc/openldap/ the foll #### Replication options -| Variable | Description | Default | -| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `ENABLE_REPLICATION` | Add replication capabilities. Multimaster only at present. | `false` | -| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"` | -| `REPLICATION_DB_SYNCPROV` | olcSyncRepl options used for the database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$ADMIN_PASS searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1` | +| Variable | Description | Default | +| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `ENABLE_REPLICATION` | Add replication capabilities. Multimaster only at present. | `false` | +| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"` | +| `REPLICATION_DB_SYNCPROV` | olcSyncRepl options used for the database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$ADMIN_PASS searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1` | | `REPLICATION_HOSTS` | list of replication hosts seperated by a space, must contain the current container hostname set by --hostname on docker run command. If replicating all hosts must be set in the same order. Example - `ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com` | -| `WAIT_FOR_REPLICAS` | should we wait for configured replicas to come online (respond to ping) before startup? | `false` | +| `WAIT_FOR_REPLICAS` | should we wait for configured replicas to come online (respond to ping) before startup? | `false` | #### Other environment variables -| Variable | Description | Default | -| --------------------------- | ----------------------------------------------------------------------------------------- | ---------------------------------------------- | -| `CONFIG_PATH` | Configuration files path | `/etc/openldap` | -| `DB_PATH` | Data Files path | `/var/lib/openldap` | -| `REMOVE_CONFIG_AFTER_SETUP` | Delete config folder after setup. | `true` | -| `SLAPD_ARGS` | If you want to override slapd runtime arguments place here . Default (null) | | -| `SLAPD_HOSTS` | Allow overriding the default listen parameters | `ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///` | -| `ULIMIT_N` | Set Open File Descriptor Limit | `1024` | +| Variable | Description | Default | +| --------------------------- | --------------------------------------------------------------------------- | ---------------------------------------------- | +| `CONFIG_PATH` | Configuration files path | `/etc/openldap` | +| `DB_PATH` | Data Files path | `/var/lib/openldap` | +| `REMOVE_CONFIG_AFTER_SETUP` | Delete config folder after setup. | `true` | +| `SLAPD_ARGS` | If you want to override slapd runtime arguments place here . Default (null) | | +| `SLAPD_HOSTS` | Allow overriding the default listen parameters | `ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///` | +| `ULIMIT_N` | Set Open File Descriptor Limit | `1024` | ### Networking The following ports are exposed and available to public interfaces -| Port | Description | -| ----- | --------------------------------------------- | -| `389` | LDAP | -| `636` | TLS Encrypted LDAP | +| Port | Description | +| ----- | ------------------ | +| `389` | LDAP | +| `636` | TLS Encrypted LDAP | ## Maintenance diff --git a/install/assets/defaults/10-openldap b/install/assets/defaults/10-openldap old mode 100755 new mode 100644 diff --git a/install/assets/functions/10-openldap b/install/assets/functions/10-openldap old mode 100755 new mode 100644 diff --git a/install/assets/slapd/config/bootstrap/default/default.sh b/install/assets/slapd/config/bootstrap/default/default.sh old mode 100755 new mode 100644 diff --git a/install/assets/slapd/schema-to-ldif.sh b/install/assets/slapd/schema-to-ldif.sh old mode 100755 new mode 100644 diff --git a/install/etc/cont-init.d/10-openldap b/install/etc/cont-init.d/10-openldap old mode 100755 new mode 100644 diff --git a/install/etc/services.available/10-openldap/run b/install/etc/services.available/10-openldap/run old mode 100755 new mode 100644 diff --git a/install/etc/services.available/20-openldap-backup/run b/install/etc/services.available/20-openldap-backup/run old mode 100755 new mode 100644 index 524a5df..b5ec99d --- a/install/etc/services.available/20-openldap-backup/run +++ b/install/etc/services.available/20-openldap-backup/run @@ -135,8 +135,8 @@ move_backup() { if var_true "$BACKUP_MD5" ; then s3_date="$(LC_ALL=C date -u +"%a, %d %b %Y %X %z")" - s3_md5="$(libressl md5 -binary < "${tmpdir}/${target}.md5" | base64)" - sig="$(printf "PUT\n$s3_md5\n${s3_content_type}\n$s3_date\n/$S3_BUCKET/$S3_PATH/${target}.md5" | libressl sha1 -binary -hmac "${S3_KEY_SECRET}" | base64)" + s3_md5="$(openssl md5 -binary < "${tmpdir}/${target}.md5" | base64)" + sig="$(printf "PUT\n$s3_md5\n${s3_content_type}\n$s3_date\n/$S3_BUCKET/$S3_PATH/${target}.md5" | openssl sha1 -binary -hmac "${S3_KEY_SECRET}" | base64)" print_debug "Uploading ${target}.md5 to S3" curl -T "${tmpdir}/${target}.md5" "${S3_PROTOCOL}"://"${s3_url}"/"${S3_PATH}"/"${target}".md5 \ -H "Date: $date" \ @@ -146,8 +146,8 @@ move_backup() { fi s3_date="$(LC_ALL=C date -u +"%a, %d %b %Y %X %z")" - s3_md5="$(libressl md5 -binary < "${tmpdir}/${target}" | base64)" - sig="$(printf "PUT\n$s3_md5\n${s3_content_type}\n$s3_date\n/$S3_BUCKET/$S3_PATH/${target}" | libressl sha1 -binary -hmac "${S3_KEY_SECRET}" | base64)" + s3_md5="$(openssl md5 -binary < "${tmpdir}/${target}" | base64)" + sig="$(printf "PUT\n$s3_md5\n${s3_content_type}\n$s3_date\n/$S3_BUCKET/$S3_PATH/${target}" | openssl sha1 -binary -hmac "${S3_KEY_SECRET}" | base64)" print_debug "Uploading ${target} to S3" curl -T ${tmpdir}/"${target}" "${S3_PROTOCOL}"://"${s3_url}"/"${S3_PATH}"/"${target}" \ -H "Date: $s3_date" \ diff --git a/install/etc/zabbix/zabbix_agentd.conf.d/scripts/ldap-stats.sh b/install/etc/zabbix/zabbix_agentd.conf.d/scripts/ldap-stats.sh old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/backup-now b/install/usr/local/bin/backup-now old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/change-password b/install/usr/local/bin/change-password old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/slapd-backup b/install/usr/local/bin/slapd-backup old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/slapd-backup-config b/install/usr/local/bin/slapd-backup-config old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/slapd-backup-data b/install/usr/local/bin/slapd-backup-data old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/slapd-restore b/install/usr/local/bin/slapd-restore old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/slapd-restore-config b/install/usr/local/bin/slapd-restore-config old mode 100755 new mode 100644 diff --git a/install/usr/local/bin/slapd-restore-data b/install/usr/local/bin/slapd-restore-data old mode 100755 new mode 100644