yetangitu/lam
1
0
Fork 0
mirror of https://github.com/LDAPAccountManager/lam.git synced 2025-10-03 09:49:16 +02:00
Code Issues Releases Wiki Activity

Fetch passwords from a (Docker secrets) file

Browse source 
Signed-off-by: Shakespeare2000 <Shakespeare2000@users.noreply.github.com>
This commit is contained in:
Shakespeare2000 2025-01-17 16:06:41 +01:00
parent b0e5479894
commit 1b9dc93a69
1 changed files with 25 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

27
lam-packaging/docker/start.sh
View file

@ -42,8 +42,7 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
echo "Configuring LAM" echo "Configuring LAM"
LAM_LANG="${LAM_LANG:-en_US}" LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}" LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}" LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}" LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}" LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
@ -58,6 +57,30 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
LAM_CONFIGURATION_USER="${LAM_CONFIGURATION_USER:-}" LAM_CONFIGURATION_USER="${LAM_CONFIGURATION_USER:-}"
LAM_CONFIGURATION_PASSWORD="${LAM_CONFIGURATION_PASSWORD:-}" LAM_CONFIGURATION_PASSWORD="${LAM_CONFIGURATION_PASSWORD:-}"
# Set an environment variable with the _FILE suffix to override the non-suffixed environment variable with the contents of the specified file
fileVariables=(
LAM_PASSWORD
LAM_CONFIGURATION_PASSWORD
LDAP_ADMIN_PASSWORD
LDAP_READONLY_USER_PASSWORD
)
for envVar in "${fileVariables[@]}"; do
fileEnvVar="${envVar}_FILE"
if [[ -n "${!fileEnvVar:-}" ]]; then
if [[ -r "${!fileEnvVar:-}" ]]; then
export "${envVar}=$(< "${!fileEnvVar}")"
unset "${fileEnvVar}"
else
warn "Skipping export of '${envVar}'. '${!fileEnvVar:-}' is not readable."
fi
fi
done
unset fileVariables
export LAM_PASSWORD
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|"license": "[^"]*"|"license": "${LAM_LICENSE}"|; s|"license": "[^"]*"|"license": "${LAM_LICENSE}"|;
s|"configDatabaseType": "[^"]*"|"configDatabaseType": "${LAM_CONFIGURATION_DATABASE}"|; s|"configDatabaseType": "[^"]*"|"configDatabaseType": "${LAM_CONFIGURATION_DATABASE}"|;