Changes to get replication working
diff --git a/example/docker-compose.yml b/example/docker-compose.yml
index f580b37..14addc8 100644
--- a/example/docker-compose.yml
+++ b/example/docker-compose.yml
@@ -40,8 +40,11 @@
ports:
- "389:389"
- "636:636"
- domainname: "example.org" # important: same as hostname
- hostname: "example.org"
+ # For replication to work correctly, domainname and hostname must be
+ # set correctly so that "hostname"."domainname" equates to the
+ # fully-qualified domain name for the host.
+ domainname: "example.org"
+ hostname: "ldap-server"
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
diff --git a/image/service/slapd/process.sh b/image/service/slapd/process.sh
index 4fc5414..1f27745 100755
--- a/image/service/slapd/process.sh
+++ b/image/service/slapd/process.sh
@@ -9,4 +9,8 @@
# see https://github.com/docker/docker/issues/8231
ulimit -n $LDAP_NOFILE
-exec /usr/sbin/slapd -h "ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL
+# Call hostname to determine the fully qualified domain name. We want OpenLDAP to listen
+# to the named host for the ldap:// and ldaps:// protocols.
+FQDN="$(/bin/hostname --fqdn)"
+HOST_PARAM="ldap://$FQDN ldaps://$FQDN"
+exec /usr/sbin/slapd -h "$HOST_PARAM ldapi:///" -u openldap -g openldap -d "$LDAP_LOG_LEVEL"
diff --git a/image/service/slapd/startup.sh b/image/service/slapd/startup.sh
index fe605a6..fca7710 100755
--- a/image/service/slapd/startup.sh
+++ b/image/service/slapd/startup.sh
@@ -12,25 +12,25 @@
# usage: file_env VAR
-# ie: file_env 'XYZ_DB_PASSWORD'
+# ie: file_env 'XYZ_DB_PASSWORD'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
+ local var="$1"
+ local fileVar="${var}_FILE"
# The variables are already defined from the docker-light-baseimage
# So if the _FILE variable is available we ovewrite them
- if [ "${!fileVar:-}" ]; then
+ if [ "${!fileVar:-}" ]; then
log-helper trace "${fileVar} was defined"
- val="$(< "${!fileVar}")"
+ val="$(< "${!fileVar}")"
log-helper debug "${var} was repalced with the contents of ${fileVar} (the value was: ${val})"
export "$var"="$val"
- fi
-
- unset "$fileVar"
+ fi
+
+ unset "$fileVar"
}
@@ -254,11 +254,11 @@
# start OpenLDAP
log-helper info "Start OpenLDAP..."
-
+ # At this stage, we can just listen to ldap:// and ldap:// without naming any names
if log-helper level ge debug; then
- slapd -h "ldap://$HOSTNAME $PREVIOUS_HOSTNAME_PARAM ldap://localhost ldapi:///" -u openldap -g openldap -d $LDAP_LOG_LEVEL 2>&1 &
+ slapd -h "ldap:/// ldapi:///" -u openldap -g openldap -d "$LDAP_LOG_LEVEL" 2>&1 &
else
- slapd -h "ldap://$HOSTNAME $PREVIOUS_HOSTNAME_PARAM ldap://localhost ldapi:///" -u openldap -g openldap
+ slapd -h "ldap:/// ldapi:///" -u openldap -g openldap
fi
@@ -352,7 +352,7 @@
# create DHParamFile if not found
[ -f ${LDAP_TLS_DH_PARAM_PATH} ] || openssl dhparam -out ${LDAP_TLS_DH_PARAM_PATH} 2048
-
+
# fix file permissions
if [ "${DISABLE_CHOWN,,}" == "false" ]; then
chmod 600 ${LDAP_TLS_DH_PARAM_PATH}
@@ -507,8 +507,17 @@
ln -sf ${CONTAINER_SERVICE_DIR}/slapd/assets/ldap.conf /etc/ldap/ldap.conf
# force OpenLDAP to listen on all interfaces
+# We need to make sure that /etc/hosts continues to include the
+# fully-qualified domain name and not just the specified hostname.
+# Without the FQDN, /bin/hostname --fqdn stops working.
+FQDN="$(/bin/hostname --fqdn)"
+if [ "$FQDN" != "$HOSTNAME" ]; then
+ FQDN_PARAM="$FQDN"
+else
+ FQDN_PARAM=""
+fi
ETC_HOSTS=$(cat /etc/hosts | sed "/$HOSTNAME/d")
-echo "0.0.0.0 $HOSTNAME" > /etc/hosts
+echo "0.0.0.0 $FQDN_PARAM $HOSTNAME" > /etc/hosts
echo "$ETC_HOSTS" >> /etc/hosts
exit 0