#!/bin/bash #set -euo pipefail # Fix permissions chown -R openldap:openldap /var/lib/ldap /etc/ldap/slapd.d /etc/ldap/certs 2>/dev/null || true chmod -R 777 /export-certs 2>/dev/null || true #────────────────────────────────────────────────────────────── # Correct base DN and hostname export LDAP_HOST="${LDAP_HOST:-$(hostname)}" export LDAP_BASE_DN=dc=$(echo "$LDAP_HOST" | sed 's/\./,dc=/g') echo "--> Using LDAP base DN: ${LDAP_BASE_DN}" #────────────────────────────────────────────────────────────── echo "--> Starting ldapdock 0.10" # Temporarily "relax" strict security on start to configure stuff if [ -d "/etc/ldap/slapd.d" ] && ls /etc/ldap/slapd.d/* >/dev/null 2>&1; then echo "--> Temporarily relaxing security for init" slapd -h "ldap:/// ldapi:///" -u openldap -g openldap & sleep 6 ldapmodify -Y EXTERNAL -H ldapi:/// >/dev/null 2>&1 < Starting temporary slapd" slapd -h "ldap:/// ldapi:///" -u openldap -g openldap & SLAPD_PID=$! sleep 8 # Full tree with root entry cat > /tmp/base.ldif < Adding base structure" ldapadd -c -x -D "cn=admin,dc=example,dc=com" -w admin -f /tmp/base.ldif || true #────────────────────────────────────────────────────────────── # TLS BLOCK #────────────────────────────────────────────────────────────── if [ ! -f "/export-certs/mycacert.crt" ]; then echo "--> No CA found → generating certificates..." mkdir -p /etc/ldap/certs cd /etc/ldap/certs certtool --generate-privkey --bits 4096 --outfile ca-key.pem cat > ca.info < ldap01.info < ldap01_slapd_cert_full.pem chown root:openldap ldap01_slapd_cert_full.pem chmod 640 ldap01_slapd_cert_full.pem echo "--> Starting second temporary slapd to apply TLS config" slapd -h "ldap:/// ldapi:///" -u openldap -g openldap & sleep 4 cat > /tmp/certinfo.ldif < Exporting certificates to host volume..." cp /etc/ldap/certs/ca-cert.pem /export-certs/mycacert.crt cp /etc/ldap/certs/ldap01_slapd_cert_full.pem /export-certs/server-cert.pem else echo "--> Certificates already exist — skipping generation and using existing ones" export LDAPTLS_CACERT=/etc/ldap/certs/ca-cert.pem fi # Set a hardcoded password for Marisa to enable tests on the user echo "--> Setting Marisa password to 'MarisaNewPass2025' using Admin Bind" # Define your Admin DN and Password from the Dockerfile ADMIN_DN="cn=admin,${LDAP_BASE_DN}" ADMIN_PW="admin" slappasswd -h '{SSHA}' -s MarisaNewPass2025 | \ ldapmodify -x -D "$ADMIN_DN" -w "$ADMIN_PW" >/dev/null 2>&1 # Kill temporary slapd kill $SLAPD_PID 2>/dev/null || true wait $SLAPD_PID 2>/dev/null || true # Start OpenLDAP in background echo "--> Starting final OpenLDAP (background)" slapd -h "ldap:/// ldaps:/// ldapi:///" -u openldap -g openldap -d 0 & SLAPD_PID=$! # Start Apache in background echo "--> Starting Apache + PHP (background)" /usr/sbin/apache2ctl -D FOREGROUND & APACHE_PID=$! # Victory message echo "--> ldapdock ready — OpenLDAP + Apache + PHP running" echo " → LDAP: 389/636" echo " → PHPinfo: http://localhost/info.php" echo " → Shell: /bin/bash" echo " → Exit with CTRL+D or 'exit' command" # THIS IS THE MAGIC LINE THAT KILLS CHILD PROCESSES ON EXIT trap 'echo "Stopping services..."; kill $SLAPD_PID $APACHE_PID 2>/dev/null; wait' SIGINT SIGTERM # Give you your interactive shell — forever exec "$@"