From 01c80ddfc00f3ff27cfa1e58efed9b541c9b636d Mon Sep 17 00:00:00 2001
From: Marisa <leandromatias.martinez@gmail.com>
Date: Wed, 19 Nov 2025 15:41:47 -0500
Subject: [PATCH] Upload files to "/"

---
 entrypoint.sh | 95 ++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 67 insertions(+), 28 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 54823c6..836bed6 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,34 +1,32 @@
 #!/bin/bash
 # this script runs INSIDE the container
+# set -e  # exit on any error?
 
-#!/bin/bash
-#set -e  # Exit on any error
-
-echo "--> Starting ldapdock 0.9"
+echo "--> Starting ldapdock 0.10"
 echo "--> Launching slapd (temp)..."
 
-# Start slapd temporarily for setup
+# start slapd temporarily for setup
 /usr/sbin/slapd -h "ldap:/// ldapi:///" -g openldap -u openldap &
 sleep 3
 
-# Populate with user & group
-echo "--> Populating directory with marisa..."
-cat > /tmp/add_content.ldif << 'EOF'
-dn: ou=People,dc=example,dc=com
+# populate with user & group
+echo "--> Populating directory with users and groups..."
+cat > /tmp/add_content.ldif << EOF
+dn: ou=People,dc=${LDAP_HOST}
 objectClass: organizationalUnit
 ou: People
 
-dn: ou=Groups,dc=example,dc=com
+dn: ou=Groups,dc=${LDAP_HOST}
 objectClass: organizationalUnit
 ou: Groups
 
-dn: cn=mages,ou=Groups,dc=example,dc=com
+dn: cn=mages,ou=Groups,dc=${LDAP_HOST}
 objectClass: posixGroup
 cn: mages
 gidNumber: 5000
 memberUid: marisa
 
-dn: uid=marisa,ou=People,dc=example,dc=com
+dn: uid=marisa,ou=People,dc=${LDAP_HOST}
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: shadowAccount
@@ -44,14 +42,52 @@ gecos: Marisa Kirisame
 loginShell: /bin/bash
 homeDirectory: /home/marisa
 EOF
-
-ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -f /tmp/add_content.ldif
-ldappasswd -x -D "cn=admin,dc=example,dc=com" -w admin -s qwerty "uid=marisa,ou=People,dc=example,dc=com"
-
-# Kill temp slapd
-pkill slapd
 sleep 2
 
+# add the structure — ignore "already exists" errors only here
+echo "--> Adding base structure..."
+ldapadd -x -D "cn=admin,dc=${LDAP_HOST}" -w admin -f /tmp/add_content.ldif || \
+    echo "--> Some entries already exist — continuing (this is normal)"
+# setting up user marisa of group People password
+ldappasswd -x -D "cn=admin,dc=${LDAP_HOST}" -w admin -s qwerty "uid=marisa,ou=People,dc=${LDAP_HOST}"
+sleep 2
+
+# load and enable policies module
+
+echo "--> Loading policies module..."
+cat > modify_ppolicy_module.ldif << EOF
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: ppolicy.so
+EOF
+
+ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif
+
+# restarting slapd to load ppolicy.so
+
+slapd -h "ldap:/// ldapi:/// ldaps:///" -u openldap -g openldap &
+sleep 3
+
+cat > enable_ppolicy.ldif << EOF
+dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: ppolicy
+EOF
+#olcPPolicyDefault: cn=default,ou=policies,dc=${LDAP_HOST}
+
+ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
+
+# display schemas loaded by default
+echo "--> Schemas loaded by default..."
+ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
+
+# kill temp slapd
+pkill slapd
+sleep 3
+
 # === CERTIFICATES: ONLY IF NOT ALREADY EXPORTED ===
 if [ ! -f "/export-certs/mycacert.crt" ]; then
     echo "--> No CA found in /export-certs → generating certificates..."
@@ -69,11 +105,11 @@ expiration_days = 3650
 EOF
     certtool --generate-self-signed --load-privkey ca-key.pem --template ca.info --outfile ca-cert.pem
 
-    # Server
+    # server
     certtool --generate-privkey --bits 2048 --outfile ldap01_slapd_key.pem
     cat > ldap01.info <<EOF
 organization = Example Company
-cn = example.com
+cn = ${LDAP_HOST}
 tls_www_server
 encryption_key
 signing_key
@@ -86,20 +122,20 @@ EOF
       --template ldap01.info \
       --outfile ldap01_slapd_cert.pem
 
-    # Permissions
+    # permissions
     chgrp openldap ldap01_slapd_key.pem
     chmod 640 ldap01_slapd_key.pem
 
-    # Bundle
+    # bundle
     cat ldap01_slapd_cert.pem ca-cert.pem > ldap01_slapd_cert_full.pem
     chown root:openldap ldap01_slapd_cert_full.pem
     chmod 640 ldap01_slapd_cert_full.pem
 
-    # Start temp slapd to apply config
+    # start temp slapd to apply config
     slapd -h "ldap:/// ldapi:///" -u openldap -g openldap &
     sleep 3
 
-    # Apply TLS config
+    # apply TLS config
     cat > /tmp/certinfo.ldif <<EOF
 dn: cn=config
 changetype: modify
@@ -114,11 +150,11 @@ olcTLSCertificateKeyFile: /etc/ldap/certs/ldap01_slapd_key.pem
 EOF
     ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/certinfo.ldif
 
-    # Trust locally
+    # trust locally
     cp /etc/ldap/certs/ca-cert.pem /usr/local/share/ca-certificates/mycacert.crt
     update-ca-certificates
 
-    # Kill temp
+    # kill temp
     pkill slapd
     sleep 2
 
@@ -126,7 +162,7 @@ EOF
     echo "--> Exporting CA to /export-certs..."
     cp /etc/ldap/certs/ca-cert.pem /export-certs/mycacert.crt
     cp /etc/ldap/certs/ldap01_slapd_cert_full.pem /export-certs/server-cert.pem
-    echo "--> CA ready at ./hosts-certs/mycacert.crt on host"
+    echo "--> Certificate READY at ./hosts-certs/mycacert.crt on host"
 else
     echo "--> CA already exists at /export-certs/mycacert.crt → skipping generation"
 fi
@@ -139,12 +175,15 @@ sleep 3
 # === ENABLE TLS FOR ALL CLIENT TOOLS INSIDE CONTAINER ===
 export LDAPTLS_CACERT=/etc/ldap/certs/ca-cert.pem
 echo "LDAPTLS_CACERT=$LDAPTLS_CACERT (all ldap* commands now work with TLS)"
+echo 'export LDAPTLS_CACERT=/etc/ldap/certs/ca-cert.pem' >> ~/.bashrc
+source ~/.bashrc
 
 echo "--> ldapdock framework ready."
 
-# === KEEP CONTAINER ALIVE ===
+# === KEEP CONTAINER ALIVE AND CONTINUE ===
 
 # 'exec' replaces the script process with the command (e.g., /bin/bash),
 # ensuring the container stays alive as long as that command runs interactively.
 echo "Executing: $@"
 exec "$@"
+