Compare commits

..

6 Commits

Author SHA1 Message Date
Asif Bacchus
edba57caaf update params template and move mailserver stuff 2020-09-14 16:21:58 -06:00
Asif Bacchus
b23afe500d add mailserver option handling 2020-09-14 16:07:42 -06:00
Asif Bacchus
f74879e834 update help with mailserver options 2020-09-14 16:04:19 -06:00
Asif Bacchus
8772fc0a44 update ignored files 2020-09-14 15:57:15 -06:00
Asif Bacchus
05775ea3c7 dynamically change params filename to match script 2020-09-14 15:55:29 -06:00
Asif Bacchus
3c4b743ee3 update version to match new features in container 2020-09-14 14:29:33 -06:00
5 changed files with 53 additions and 19 deletions

1
.gitattributes vendored
View File

@ -74,3 +74,4 @@
.gitattributes export-ignore
.gitignore export-ignore
.vscode export-ignore

4
.gitignore vendored
View File

@ -3,4 +3,8 @@
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
!.vscode/numbered-bookmarks.json
*.code-workspace
# ignore params files
*.params

3
.vscode/numbered-bookmarks.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"bookmarks": []
}

View File

@ -9,15 +9,20 @@
# incorrect: ORG_NAME="MyOrganization"
# correct: ORG_NAME=MyOrganization
#
# Instead of typing a myriad of "-e ...", you can fill them all out in this
# Instead of typing a myriad of "-e ...", you can fill them all out in this
# file and then use "--env-file ab-openldap.params" to tell docker to source
# it's variables from here. You can also combine both methods if you like.
# its variables from here. You can also combine both methods if you like.
# Most important, if you're using the convenience script, it draws all info from
# this file!
#
# You should probably protect this file via file permissions since it likely
# You should probably protect this file via file permissions since it likely
# will contain things like passwords! Suggest restricting it to root only
# ex: chown root:root ab-openldap.parms && chmod 600 ab-openldap.parms
#
# N.B. If you change the convenience script name, you must also change this
# file's name to match.
# ex: script name is 'runldap.sh' --> this file must be 'runldap.params'
#
###
### Your timezone (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
@ -43,17 +48,17 @@ BROWSER_PASS=ldapbind
ANONYMOUS_BINDING=yes
### Location of your TLS files
# Note: This section is only automated if using the script file to start the
# container. If you are starting it manually and using '--env-file', you still
# Note: This section is only automated if using the script file to start the
# container. If you are starting it manually and using '--env-file', you still
# have to manually bind-mount these files using '-v source:/certs/dest.file:ro'.
#
# If you're bind-mounting symlinks, remember that you have to fully expand them
# or Docker will try to bind the link instead of the target! This is most
# If you're bind-mounting symlinks, remember that you have to fully expand them
# or Docker will try to bind the link instead of the target! This is most
# common with Let's Encrypt.
#
# Example that does not work (binding directory instead of files):
# /etc/letsencrypt/live/mydomain.net:/certs:ro
# This will end up copying the symlinks themselves and, since the targets are
# This will end up copying the symlinks themselves and, since the targets are
# not available to the container, it doesn't work!
# Example of the right way (bind actual files):
# /etc/letsencrypt/live/mydomain.net/privkey.pem:/certs/privkey.pem:ro
@ -62,7 +67,7 @@ ANONYMOUS_BINDING=yes
#TLS_KEY=/etc/letsencrypt/live/mydomain.net/privkey.pem
#TLS_CHAIN=/etc/letsencrypt/live/mydomain.net/chain.pem
# The container will generate Diffie-Hellman parameters automatically the first
# The container will generate Diffie-Hellman parameters automatically the first
# time it's launched with TLS certificates defined.
### Custom LDIFs
@ -70,5 +75,24 @@ ANONYMOUS_BINDING=yes
# variable commented-out if you don't have any LDIFs to apply.
# MY_LDIF=/path/to/my/LDIFs
### Enable checking passwords against IMAP/S server
#
# Setting the DOMAILAUTH variable to '1' tells openLDAP to verify SASL passwords
# in the directory against an IMAP/S remote host. In other words, any user with
# a password '{SASL}user@server.tld' will have their password checked by the
# IMAP/S server using the provided email address and a 'NO/OK' reponse is fed
# back to openLDAP. Please note, the remote mailserver *must* support IMAP/S
# (i.e. secured IMAP).
#
# Specify the remote mailserver hostname using the MAILSERVER variable.
#
# If the remote mailserver implements IMAP/S (secure IMAP) on a non-standard
# port (not port 993) then supply that using the MAILAUTHPORT variable.
#
# More details can be found in the wiki.
###
#DOMAILAUTH=0
#MAILSERVER=mail.myserver.tld
#MAILAUTHPORT=imaps
#EOF

View File

@ -1,8 +1,8 @@
#!/bin/sh
#
### start openldap container using params file variables
# version 3.2
# start openldap container using params file variables
# version 4.0
#
@ -66,9 +66,11 @@ scriptHelp () {
printf "\n"
textblock "${bold}Usage: $scriptName [parameters]${norm}"
printf "\n"
textblock "This is a simple helper script so you can avoid lengthy typing when working with the openLDAP container. The script reads the contents of 'ab-openldap.params' and constructs various 'docker run' commands based on that file. The biggest timesaver is working with certificates. If they are specified in the '.params' file, the script will automatically bind-mount them so openLDAP starts in 'TLS required' mode."
textblock "This is a simple helper script so you can avoid lengthy typing when working with the openLDAP container. The script reads the contents of '${scriptName%.*}.params' and constructs various 'docker run' commands based on that file. The biggest timesaver is working with certificates. If they are specified in the '.params' file, the script will automatically bind-mount them so openLDAP starts in 'TLS required' mode."
printf "\n"
textblock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets also."
textblock "If you run the script with no parameters, it will execute the container 'normally'. That is: Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets as root with *unrestricted* access to all DITs and objects."
printf "\n"
textblock "If you want to verify SASL passwords against an IMAP/S server, please refer to the '.params' template file and the wiki for more information."
printf "\n"
textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'"
printf "\n"
@ -117,13 +119,13 @@ if [ ! "$( id -u )" -eq 0 ]; then
fi
# does the params file exist?
if [ ! -f "./ab-openldap.params" ]; then
consoleError '3' "Cannot find 'ab-openldap.params' file in the same directory as this script."
if [ ! -f "${scriptName%.*}.params" ]; then
consoleError '3' "Cannot find '${scriptName%.*}.params' file in the same directory as this script."
exit 3
fi
# read .params file
. ./ab-openldap.params
. ./${scriptName%.*}.params
# process startup parameters
while [ $# -gt 0 ]; do
@ -208,7 +210,7 @@ if [ $clean = true ]; then
printf "%sThis action CANNOT be undone!%s\n\n" \
"$red" "$norm"
prompt_yn
# get all ab-openldap containers
containers=$(docker ps -a --no-trunc --filter "label=org.label-schema.name=ab-openldap" --format "{{ .Names }}")
# check for null value -- no containers to remove
@ -247,11 +249,11 @@ elif [ $restore = true ]; then
printf "To avoid errors due to existing files, this script will delete any volumes that have the following names (based on --data and --ldif):\n"
printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
prompt_yn
# delete any conflicting volumes
docker volume rm -f ${volume_data} > /dev/null 2>&1
docker volume rm -f ${volume_ldif} > /dev/null 2>&1
# run temporary container to merge backup data into volumes
docker run --rm \
-v "$volume_data":/var/openldap/data \