SA-18152 Make OpenLDAP admin password changeable in upgrade scenario

- Update the version of `osixia/openldap` from 1.1.10 to 1.2.4 to use functionalites avaiable in the 1.2.4. - Delete `startup.sh.diff` which was a workaround for the issue 167 of `osixia/openldap`, since the issue is fixed in 1.2.4 of `osixia/openldap`, and the workaround is not needed anymore. osixia/docker-openldap#167 - Remove lines which setup multi-master replication from init.sh, since those setup is done in `osixia/openldap`. - Change the repository for fusiondirectory pakcages in order to fix build issue. Fusiondirectory pakcages of v1.2-1 is not available in http://repos.fusiondirectory.org/fusiondirectory-current/debian-jessie anymore. Instead of that, we need to use the following repository: http://repos.fusiondirectory.org/fusiondirectory-releases/fusiondirectory-1.2/debian-jessie
ramencloud · Jul 10, 2019 · c29b9b3 · c29b9b3
1 parent a85ac19
commit c29b9b3
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 103 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,11 @@
-FROM osixia/openldap:1.1.10
+FROM osixia/openldap:1.2.4
 LABEL maintainer="[email protected]" \
       version="1.1.10-1.2-1"
 
 ENV FUSIONDIRECTORY_VERSION=1.2-1
 
 RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys D744D55EACDA69FF \
- && (echo "deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-jessie jessie main"; \
+ && (echo "deb http://repos.fusiondirectory.org/fusiondirectory-releases/fusiondirectory-1.2/debian-jessie jessie main"; \
      echo "deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-jessie jessie main") \
     > /etc/apt/sources.list.d/fusiondirectory-jessie.list \
  && apt-get update \
@@ -22,10 +22,6 @@ RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys D744D55EACDA69FF \
 
 COPY init.sh /sbin/init.sh
 COPY init.dirs /sbin/init.dirs
-#this startup.sh.diff is a workaround, remove when https://github.com/osixia/docker-openldap/issues/167 fixed and incorporated
-COPY startup.sh.diff /tmp/startup.sh.diff
-RUN patch --no-backup-if-mismatch /container/service/slapd/startup.sh /tmp/startup.sh.diff
-RUN rm -f /tmp/startup.sh.diff
 RUN chmod 755 /sbin/init.sh /sbin/init.dirs /container/service/slapd/startup.sh
 RUN sed -i "/^FIRST_START_DONE=/aFIRST_START_DONE=/etc/ldap/slapd.d/slapd-first-start-done" /container/service/slapd/startup.sh
 RUN sed -i "/# create dir if they not already exists/i/sbin/init.dirs\n" /container/service/slapd/startup.sh

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.6.0
+0.7.0
diff --git a/init.dirs b/init.dirs
@@ -11,10 +11,15 @@ if [ -d ${SINGLEDIR} ]; then
  ln -s ${SINGLEDIR}/data /var/lib/ldap
 fi
 
-#if previous start was not complete (or never was) wipe so we can start fresh
+# If previous start was not complete (or never was), wipe all LDAP configuration so we can start fresh.
+# It can be judged by checking the existence of the file `FIRST_START_DONE` and `IS_IN_UPGRADE`.
+# Only when both files don't exist, we can start fresh.
+# In the upgrade scenario (when the file `IS_IN_UPGRADE` exists), don't wipe files
+# even if the file `FIRST_START_DONE` doesn't exist.
 FIRST_START_DONE=/etc/ldap/slapd.d/slapd-first-start-done
+IS_IN_UPGRADE=/etc/ldap/slapd.d/is-in-upgrade
 mkdir -p /etc/ldap/slapd.d /var/lib/ldap
-if [ ! -e "${FIRST_START_DONE}" ]; then
+if [ ! -e "${FIRST_START_DONE}" -a ! -e "${IS_IN_UPGRADE}" ]; then
  find /etc/ldap/slapd.d -mindepth 1 -delete
  find /var/lib/ldap -mindepth 1 -delete
 fi
diff --git a/init.sh b/init.sh
@@ -269,59 +269,6 @@ olcOverlay: auditlog
 olcAuditlogFile: ${LDAP_AUDIT_FILE}
 EOF
 
-#set up replication
-[ -n "${LDAP_SERVERID}" -a -n "${LDAP_REPLICATION_URI1}" -a -n "${LDAP_REPLICATION_URI2}" ] && ldapmodify -Q -Y EXTERNAL -H ldapi:/// << EOF
-dn: cn=config
-changetype: modify
-add: olcServerID
-olcServerID: ${LDAP_SERVERID}
-
-dn: cn=module{0},cn=config
-changetype: modify
-add: olcModuleLoad
-olcModuleLoad: syncprov.la
-
-dn: olcDatabase={1}hdb,cn=config
-changetype: modify
-add: olcSyncRepl
-olcSyncRepl: rid=001
-  provider=${LDAP_REPLICATION_URI1}
-  bindmethod=simple
-  binddn="cn=admin,${SUFFIX}"
-  credentials="${LDAP_ADMIN_PASSWORD}"
-  searchbase="${SUFFIX}"
-  scope=sub
-  schemachecking=on
-  type=refreshOnly
-  retry="2 5 3 10 5 +"
-  interval=00:00:00:05
-  timeout=3
-  keepalive=60:5:60
-olcSyncRepl: rid=002
-  provider=${LDAP_REPLICATION_URI2}
-  bindmethod=simple
-  binddn="cn=admin,${SUFFIX}"
-  credentials="${LDAP_ADMIN_PASSWORD}"
-  searchbase="${SUFFIX}"
-  scope=sub
-  schemachecking=on
-  type=refreshOnly
-  retry="2 5 3 10 5 +"
-  interval=00:00:00:05
-  timeout=3
-  keepalive=60:5:60
--
-add: olcMirrorMode
-olcMirrorMode: TRUE
-
-dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
-changetype: add
-objectClass: olcOverlayConfig
-objectClass: olcSyncProvConfig
-olcOverlay: syncprov
-olcSpSessionLog: 300
-EOF
-
 #is subject to replication, only one container should have LDAP_INI_GROUP_N configured
 lig_cnt=1
 lig_name="LDAP_INI_GROUP_${lig_cnt}"

diff --git a/startup.sh.diff b/startup.sh.diff