#!/bin/bash set -euo pipefail # Fix permissions chown -R openldap:openldap /var/lib/ldap /etc/ldap/slapd.d /etc/ldap/certs 2>/dev/null || true chmod -R 777 /export-certs 2>/dev/null || true # Correct base DN from hostname export LDAP_HOST="${LDAP_HOST:-example.com}" export LDAP_BASE_DN=dc=$(echo "$LDAP_HOST" | sed 's/\./,dc=/g') echo "--> Using LDAP base DN: ${LDAP_BASE_DN}" echo "--> Starting ldapdock 0.10" # Temporarily relax strict security on restart if [ -d "/etc/ldap/slapd.d" ] && ls /etc/ldap/slapd.d/* >/dev/null 2>&1; then echo "--> Temporarily relaxing security for init" slapd -h "ldap:/// ldapi:///" -u openldap -g openldap & sleep 6 ldapmodify -Y EXTERNAL -H ldapi:/// >/dev/null 2>&1 < Starting temporary slapd" slapd -h "ldap:/// ldapi:///" -u openldap -g openldap & SLAPD_PID=$! sleep 8 # Full tree with root entry cat > /tmp/base.ldif < Adding base structure" ldapadd -c -x -D "cn=admin,dc=example,dc=com" -w admin -f /tmp/base.ldif || true echo "--> Setting Marisa password to 'MarisaNewPass2025'" slappasswd -h '{SSHA}' -s MarisaNewPass2025 | \ ldapmodify -Y EXTERNAL -H ldapi:/// >/dev/null 2>&1 || true # YOUR ORIGINAL TLS BLOCK — 100 % UNCHANGED if [ ! -f "/export-certs/mycacert.crt" ]; then echo "--> No CA found → generating certificates..." mkdir -p /etc/ldap/certs cd /etc/ldap/certs certtool --generate-privkey --bits 4096 --outfile ca-key.pem cat > ca.info < ldap01.info < ldap01_slapd_cert_full.pem chown root:openldap ldap01_slapd_cert_full.pem chmod 640 ldap01_slapd_cert_full.pem echo "--> Starting second temporary slapd to apply TLS config" slapd -h "ldap:/// ldapi:///" -u openldap -g openldap & sleep 4 cat > /tmp/certinfo.ldif < Exporting certificates to host volume..." cp /etc/ldap/certs/ca-cert.pem /export-certs/mycacert.crt cp /etc/ldap/certs/ldap01_slapd_cert_full.pem /export-certs/server-cert.pem else echo "--> Certificates already exist — skipping generation" fi # Kill temporary slapd kill $SLAPD_PID 2>/dev/null || true wait $SLAPD_PID 2>/dev/null || true # Start OpenLDAP in background echo "--> Starting final OpenLDAP (background)" slapd -h "ldap:/// ldaps:/// ldapi:///" -u openldap -g openldap -d 0 & SLAPD_PID=$! # Start Apache in background echo "--> Starting Apache + PHP (background)" apache2ctl -D FOREGROUND & APACHE_PID=$! # Victory message echo "--> ldapdock ready — OpenLDAP + Apache + PHP running" echo " → LDAP: 389/636" echo " → Web: http://localhost/info.php" echo " → Shell: you are here forever" echo " → Stop with Ctrl+C" # THIS IS THE MAGIC LINE — explained below trap 'echo "Stopping services..."; kill $SLAPD_PID $APACHE_PID 2>/dev/null; wait' SIGINT SIGTERM # Give you your interactive shell — forever exec "$@"