Google Git
Sign in
apache / airflow-openldap / 3263900d781f835a4c2cb56f6858200c73a55cf1^2..3263900d781f835a4c2cb56f6858200c73a55cf1 / .
commit3263900d781f835a4c2cb56f6858200c73a55cf1[log] [tgz]
authorlj020326 <lj020326@users.noreply.github.com>Wed Dec 11 14:45:09 2019 -0500
committerGitHub <noreply@github.com>Wed Dec 11 14:45:09 2019 -0500
treee7e96dd14a877ecc9c5324486de473d1efa937ea
parent1bd0a8eaf6cca4c63f429a64c07ae19bf363afc3 [diff]
parent2a03b392b019adbf810f11bd64a2fed753d77b9d [diff]
Merge branch 'stable' into feature-enable-runtime-uidgid
diff --git a/image/Dockerfile b/image/Dockerfile
index 927fc9f..925c3c9 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile

@@ -10,8 +10,8 @@
 
 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 # If explicit uid or gid is given, use it.
-RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
-    && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi
+RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -g 911 -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
+    && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -u 911 -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi
 
 # Add buster-backports in preparation for downloading newer openldap components, especially sladp
 RUN echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

diff --git a/image/service/slapd/startup.sh b/image/service/slapd/startup.sh
index fe605a6..1d7b8c9 100755
--- a/image/service/slapd/startup.sh
+++ b/image/service/slapd/startup.sh

@@ -42,8 +42,38 @@
 [ -d /var/lib/ldap ] || mkdir -p /var/lib/ldap
 [ -d /etc/ldap/slapd.d ] || mkdir -p /etc/ldap/slapd.d
 
+log-helper info "openldap user and group adjustments"
+LDAP_OPENLDAP_UID=${LDAP_OPENLDAP_UID:-911}
+LDAP_OPENLDAP_GID=${LDAP_OPENLDAP_GID:-911}
+
+log-helper info "get current openldap uid/gid info inside container"
+CUR_USER_GID=`id -g openldap || true`
+CUR_USER_UID=`id -u openldap || true`
+
+LDAP_UIDGID_CHANGED=false
+if [ "$LDAP_OPENLDAP_UID" != "$CUR_USER_UID" ]; then
+    log-helper info "CUR_USER_UID (${CUR_USER_UID}) does't match LDAP_OPENLDAP_UID (${LDAP_OPENLDAP_UID}), adjusting..."
+    usermod -o -u "$LDAP_OPENLDAP_UID" openldap
+    LDAP_UIDGID_CHANGED=true
+fi
+if [ "$LDAP_OPENLDAP_GID" != "$CUR_USER_GID" ]; then
+    log-helper info "CUR_USER_GID (${CUR_USER_GID}) does't match LDAP_OPENLDAP_GID (${LDAP_OPENLDAP_GID}), adjusting..."
+    groupmod -o -g "$LDAP_OPENLDAP_GID" openldap
+    LDAP_UIDGID_CHANGED=true
+fi
+
+log-helper info '-------------------------------------'
+log-helper info 'openldap GID/UID'
+log-helper info '-------------------------------------'
+log-helper info "User uid:    $(id -u openldap)"
+log-helper info "User gid:    $(id -g openldap)"
+log-helper info "uid/gid changed: ${LDAP_UIDGID_CHANGED}"
+log-helper info "-------------------------------------"
+
 # fix file permissions
 if [ "${DISABLE_CHOWN,,}" == "false" ]; then
+  log-helper info "updating file uid/gid ownership"
+  chown -R openldap:openldap /var/run/slapd
   chown -R openldap:openldap /var/lib/ldap
   chown -R openldap:openldap /etc/ldap
   chown -R openldap:openldap ${CONTAINER_SERVICE_DIR}/slapd