Added usage of certificates from internal path

Author: dbck

README.md

@@ -159,14 +159,14 @@ argument to entrypoint if you don't want to overwrite them.
 
 #### Seed from internal path
 
-This image can load ldif and schema files at startup from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.
+This image can load ldif and schema files at startup from an internal path. Additionally, certificates can be copied from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.
 
 For example: Gitlab is not capable of mounting custom paths into docker services of a ci job, but gitlab automatically mounts the working copy in every service container. So the working copy (sources) are accessible under `/builds` in every services
 of a ci job. The path to the working copy can be obtained via `${CI_PROJECT_DIR}`. See also: https://docs.gitlab.com/runner/executors/docker.html#build-directory-in-service
 
 This may also work with other CI services, if they automatically mount the working directory to the services of a ci job like gitlab ci does.
 
-In order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any *.ldif or *.schema file into the default seeding
+In order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any files in the specified directory into the default seeding
 directories of this image.
 
 Example variables defined in gitlab-ci.yml:
@@ -175,6 +175,14 @@ Example variables defined in gitlab-ci.yml:
 		LDAP_SEED_INTERNAL_LDIF_PATH: "${CI_PROJECT_DIR}/docker/openldap/ldif"
 		LDAP_SEED_INTERNAL_SCHEMA_PATH: "${CI_PROJECT_DIR}/docker/openldap/schema"
 
+Also, certificates can be used by the internal path. The file, specified in a variable, will be copied in the default certificate directory of this image. If desired, you can use these with the LDAP_TLS_CRT_FILENAME, LDAP_TLS_KEY_FILENAME, LDAP_TLS_CA_CRT_FILENAME and LDAP_TLS_DH_PARAM_FILENAME to set a different filename in the default certificate directory of the image.
+
+	variables:
+        LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/cert.pem"
+        LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/key.pem"
+        LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/ca/ca.pem"
+        LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE: "${CI_PROJECT_DIR}/certificates/dhparam.pem"
+
 ### Use an existing ldap database
 
 This can be achieved by mounting host directories as volume.

image/environment/default.startup.yaml

@@ -63,5 +63,9 @@ LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELP
 SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd
 
 # Internal seeding. For example, for services in Gitlab CI.
+LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE:
+LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE:
+LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE:
+LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE:
 LDAP_SEED_INTERNAL_LDIF_PATH:
 LDAP_SEED_INTERNAL_SCHEMA_PATH:

image/service/slapd/startup.sh

@@ -38,20 +38,6 @@ file_env 'LDAP_ADMIN_PASSWORD'
 file_env 'LDAP_CONFIG_PASSWORD'
 file_env 'LDAP_READONLY_USER_PASSWORD'
 
-# Seed ldif from internal path if specified
-file_env 'LDAP_SEED_INTERNAL_LDIF_PATH'
-if [ ! -z "${LDAP_SEED_INTERNAL_LDIF_PATH}" ]; then
-  mkdir -p /container/service/slapd/assets/config/bootstrap/ldif/custom/
-  cp -R ${LDAP_SEED_INTERNAL_LDIF_PATH}/*.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/
-fi
-
-# Seed schema from internal path if specified
-file_env 'LDAP_SEED_INTERNAL_SCHEMA_PATH'
-if [ ! -z "${LDAP_SEED_INTERNAL_SCHEMA_PATH}" ]; then
-  mkdir -p /container/service/slapd/assets/config/bootstrap/schema/custom/
-  cp -R ${LDAP_SEED_INTERNAL_SCHEMA_PATH}/*.schema /container/service/slapd/assets/config/bootstrap/schema/custom/
-fi
-
 # create dir if they not already exists
 [ -d /var/lib/ldap ] || mkdir -p /var/lib/ldap
 [ -d /etc/ldap/slapd.d ] || mkdir -p /etc/ldap/slapd.d
@@ -74,6 +60,29 @@ LDAP_TLS_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CRT_FIL
 LDAP_TLS_KEY_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_KEY_FILENAME"
 LDAP_TLS_DH_PARAM_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_DH_PARAM_FILENAME"
 
+copy_internal_seed_if_exists() {
+  local src=$1
+  local dest=$2
+  if [ ! -z "${src}" ]; then
+    echo  -e "Copy internal seed from ${src} to ${dest}"
+    mkdir -p ${dest}
+    cp -R ${src} ${dest}
+  fi
+}
+
+# Copy seed files from internal path if specified
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE}" "${LDAP_TLS_CRT_PATH}"
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE}" "${LDAP_TLS_KEY_PATH}"
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE}" "${LDAP_TLS_CA_CRT_PATH}"
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE}" "${LDAP_TLS_DH_PARAM_PATH}"
+file_env 'LDAP_SEED_INTERNAL_SCHEMA_PATH'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_SCHEMA_PATH}" "${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/schema/custom"
+file_env 'LDAP_SEED_INTERNAL_LDIF_PATH'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDIF_PATH}" "${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/ldif/custom"
 
 # CONTAINER_SERVICE_DIR and CONTAINER_STATE_DIR variables are set by
 # the baseimage run tool more info : https://github.com/osixia/docker-light-baseimage