The entrypoint script for the slapd images will use the ldapmodify command to execute LDIF files
with a .ldif extension found under the path /ldif/ inside the container.
More specifically:
-
Files found under
/ldif/admin/will be executed using simple authentication as the directory root user and the unhashed directory root user password injected using the environment variableOLC_ROOT_PASSWORDin order to affect the directory, such as bootstrapping a tree structure or adding system accounts. -
Files found under
/ldif/admin/first/will be executed as above but only during the first bootstrap or startup of the container and not on subsequent startup. -
Files found under
/ldif/config/will be executed using SASL authentication as the container root user in order to affect slapd configuration, such as adjusting access control and configuring modules. -
Files found under
/ldif/config/first/will be executed as above but only during the first bootstrap or startup of the container and not on subsequent startup.
Any variables of the form %%.+%% in the LDIF will be substituted with the
value from an injected environment variable without the %% characters. The
_FILE convention is respected. For example if the LDIF file contains
dn: uid=syncrepl,o=system,dc=my,dc=org
changetype: add
uid: syncrepl
ou: system
description: special account for SyncRepl
objectClass: account
objectClass: simpleSecurityObject
userPassword: %%SYNCREPL_USER_PASSWORD_HASH_FILE%%
and the environment variable SYNCREPL_USER_PASSWORD_HASH_FILE is defined
and points to the file /var/run/secrets/syncrepl_user_password_hash with
contents
{SSHA}emcy1JA+mxbHH0PMPcnasE9apBStAMks
then the LDIF executed will be
dn: uid=syncrepl,o=system,dc=my,dc=org
changetype: add
uid: syncrepl
ou: system
description: special account for SyncRepl
objectClass: account
objectClass: simpleSecurityObject
userPassword: {SSHA}emcy1JA+mxbHH0PMPcnasE9apBStAMks