Merge branch 'dreamteam-gg-fix-replication-admin' into release-1.2.3
diff --git a/image/service/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif b/image/service/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
new file mode 100644
index 0000000..266bc06
--- /dev/null
+++ b/image/service/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
@@ -0,0 +1,14 @@
+# Change config password
+dn: cn=config
+changeType: modify
+
+dn: olcDatabase={0}config,cn=config
+replace: olcRootPW
+olcRootPW: {{ LDAP_CONFIG_PASSWORD_ENCRYPTED }}
+
+# Change schema password
+
+dn: olcDatabase={1}{{ LDAP_BACKEND }},cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: {{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}
\ No newline at end of file
diff --git a/image/service/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif b/image/service/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
new file mode 100644
index 0000000..25ba4b7
--- /dev/null
+++ b/image/service/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
@@ -0,0 +1,5 @@
+# Admin schema password
+dn: cn=admin,{{ LDAP_BASE_DN }}
+changetype: modify
+replace: userPassword
+userPassword: {{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}
\ No newline at end of file
diff --git a/image/service/slapd/assets/config/replication/replication-disable.ldif b/image/service/slapd/assets/config/replication/replication-disable.ldif
index 2c2e498..b138bcf 100644
--- a/image/service/slapd/assets/config/replication/replication-disable.ldif
+++ b/image/service/slapd/assets/config/replication/replication-disable.ldif
@@ -4,6 +4,8 @@
delete: olcSyncRepl
-
delete: olcMirrorMode
+-
+delete: olcLimits
# Delete syncprov on backend
dn: olcOverlay=syncprov,olcDatabase={1}{{ LDAP_BACKEND }},cn=config
@@ -24,3 +26,4 @@
dn: cn=config
changeType: modify
delete: olcServerID
+
diff --git a/image/service/slapd/startup.sh b/image/service/slapd/startup.sh
index dd291b3..762b425 100755
--- a/image/service/slapd/startup.sh
+++ b/image/service/slapd/startup.sh
@@ -23,6 +23,7 @@
WAS_STARTED_WITH_TLS="/etc/ldap/slapd.d/docker-openldap-was-started-with-tls"
WAS_STARTED_WITH_TLS_ENFORCE="/etc/ldap/slapd.d/docker-openldap-was-started-with-tls-enforce"
WAS_STARTED_WITH_REPLICATION="/etc/ldap/slapd.d/docker-openldap-was-started-with-replication"
+WAS_ADMIN_PASSWORD_SET="/etc/ldap/slapd.d/docker-openldap-was-admin-password-set"
LDAP_TLS_CA_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CA_CRT_FILENAME"
LDAP_TLS_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CRT_FILENAME"
@@ -398,6 +399,22 @@
fi
+ if [[ -f "$WAS_ADMIN_PASSWORD_SET" ]]; then
+ LDAP_CONFIG_PASSWORD_ENCRYPTED=$(slappasswd -s "$LDAP_CONFIG_PASSWORD")
+ LDAP_ADMIN_PASSWORD_ENCRYPTED=$(slappasswd -s "$LDAP_ADMIN_PASSWORD")
+ sed -i "s|{{ LDAP_CONFIG_PASSWORD_ENCRYPTED }}|${LDAP_CONFIG_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
+ sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
+ sed -i "s|{{ LDAP_BACKEND }}|${LDAP_BACKEND}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
+ sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
+ sed -i "s|{{ LDAP_BASE_DN }}|${LDAP_BASE_DN}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
+
+ for f in $(find ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif -type f -name \*.ldif | sort); do
+ ldap_add_or_modify "$f"
+ done
+ else
+ touch "$WAS_ADMIN_PASSWORD_SET"
+ fi
+
#
# stop OpenLDAP
#
