Merge pull request #88 from johanneskastl/20220325_fix_logic_LDAP_SKIP_DEFAULT_TREE_alternativeapproach

(alternative approach) make LDAP_SKIP_DEFAULT_TREE only skip generation of default tree, not schema or LDIF import

bitnami/openldap/2.5/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh

@@ -56,6 +56,7 @@ export LDAP_CONFIG_ADMIN_USERNAME="${LDAP_CONFIG_ADMIN_USERNAME:-admin}"
 export LDAP_CONFIG_ADMIN_DN="${LDAP_CONFIG_ADMIN_USERNAME/#/cn=},cn=config"
 export LDAP_CONFIG_ADMIN_PASSWORD="${LDAP_CONFIG_ADMIN_PASSWORD:-configpassword}"
 export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -n -T /dev/stdin)"
+export LDAP_ADD_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-yes}"
 export LDAP_EXTRA_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-cosine,inetorgperson,nis}"
 export LDAP_SKIP_DEFAULT_TREE="${LDAP_SKIP_DEFAULT_TREE:-no}"
 export LDAP_USERS="${LDAP_USERS:-user01,user02}"
@@ -464,19 +465,19 @@ ldap_initialize() {
         if is_boolean_yes "$LDAP_ENABLE_TLS"; then
             ldap_configure_tls
         fi
-        if is_boolean_yes "$LDAP_SKIP_DEFAULT_TREE"; then
-            info "Skipping default schemas/tree structure"
-        else
-            # Initialize OpenLDAP with schemas/tree structure
+        # Initialize OpenLDAP with schemas/tree structure
+        if is_boolean_yes "$LDAP_ADD_SCHEMAS"; then
             ldap_add_schemas
-            if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then
-                ldap_add_custom_schema
-            fi
-            if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then
-                ldap_add_custom_ldifs
-            else
-                ldap_create_tree
-            fi
+        fi
+        if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then
+            ldap_add_custom_schema
+        fi
+        if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then
+            ldap_add_custom_ldifs
+        elif is_boolean_no "$LDAP_SKIP_DEFAULT_TREE"; then
+            ldap_create_tree
+        else
+            info "Skipping default schemas/tree structure"
         fi
         ldap_stop
     fi

bitnami/openldap/2.6/debian-10/rootfs/opt/bitnami/scripts/libopenldap.sh

@@ -56,6 +56,7 @@ export LDAP_CONFIG_ADMIN_USERNAME="${LDAP_CONFIG_ADMIN_USERNAME:-admin}"
 export LDAP_CONFIG_ADMIN_DN="${LDAP_CONFIG_ADMIN_USERNAME/#/cn=},cn=config"
 export LDAP_CONFIG_ADMIN_PASSWORD="${LDAP_CONFIG_ADMIN_PASSWORD:-configpassword}"
 export LDAP_ENCRYPTED_CONFIG_ADMIN_PASSWORD="$(echo -n $LDAP_CONFIG_ADMIN_PASSWORD | slappasswd -n -T /dev/stdin)"
+export LDAP_ADD_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-yes}"
 export LDAP_EXTRA_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-cosine,inetorgperson,nis}"
 export LDAP_SKIP_DEFAULT_TREE="${LDAP_SKIP_DEFAULT_TREE:-no}"
 export LDAP_USERS="${LDAP_USERS:-user01,user02}"
@@ -464,19 +465,19 @@ ldap_initialize() {
         if is_boolean_yes "$LDAP_ENABLE_TLS"; then
             ldap_configure_tls
         fi
-        if is_boolean_yes "$LDAP_SKIP_DEFAULT_TREE"; then
-            info "Skipping default schemas/tree structure"
-        else
-            # Initialize OpenLDAP with schemas/tree structure
+        # Initialize OpenLDAP with schemas/tree structure
+        if is_boolean_yes "$LDAP_ADD_SCHEMAS"; then
             ldap_add_schemas
-            if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then
-                ldap_add_custom_schema
-            fi
-            if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then
-                ldap_add_custom_ldifs
-            else
-                ldap_create_tree
-            fi
+        fi
+        if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then
+            ldap_add_custom_schema
+        fi
+        if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then
+            ldap_add_custom_ldifs
+        elif is_boolean_no "$LDAP_SKIP_DEFAULT_TREE"; then
+            ldap_create_tree
+        else
+            info "Skipping default schemas/tree structure"
         fi
         ldap_stop
     fi

bitnami/openldap/README.md

@@ -185,9 +185,10 @@ The Bitnami Docker OpenLDAP can be easily setup with the following environment v
 - `LDAP_PASSWORDS`: Comma separated list of passwords to use for LDAP users. Default: **bitnami1,bitnami2**
 - `LDAP_USER_DC`: DC for the users' organizational unit. Default: **users**
 - `LDAP_GROUP`: Group used to group created users. Default: **readers**
+- `LDAP_ADD_SCHEMAS`:  Whether to add the schemas specified in `LDAP_EXTRA_SCHEMAS`. Default: **yes**
 - `LDAP_EXTRA_SCHEMAS`: Extra schemas to add, among OpenLDAP's distributed schemas. Default: **cosine, inetorgperson, nis**
-- `LDAP_SKIP_DEFAULT_TREE`: Whether to skip creating the default LDAP tree based on `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. Default: **no**
-- `LDAP_CUSTOM_LDIF_DIR`: Location of a directory that contains LDIF files that should be used to bootstrap the database. Only files ending in `.ldif` will be used. Default LDAP tree based on the `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP` will be skipped when `LDAP_CUSTOM_LDIF_DIR` is used. When using this it will override the usage of `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. You should set `LDAP_ROOT` to your base to make sure the `olcSuffix` configured on the database matches the contents imported from the LDIF files.Default: **/ldifs**
+- `LDAP_SKIP_DEFAULT_TREE`: Whether to skip creating the default LDAP tree based on `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. Please note that this will **not** skip the addition of schemas or importing of LDIF files. Default: **no**
+- `LDAP_CUSTOM_LDIF_DIR`: Location of a directory that contains LDIF files that should be used to bootstrap the database. Only files ending in `.ldif` will be used. Default LDAP tree based on the `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP` will be skipped when `LDAP_CUSTOM_LDIF_DIR` is used. When using this it will override the usage of `LDAP_USERS`, `LDAP_PASSWORDS`, `LDAP_USER_DC` and `LDAP_GROUP`. You should set `LDAP_ROOT` to your base to make sure the `olcSuffix` configured on the database matches the contents imported from the LDIF files. Default: **/ldifs**
 - `LDAP_CUSTOM_SCHEMA_FILE`: Location of a custom internal schema file that could not be added as custom ldif file (i.e. containing some `structuralObjectClass`). Default is **/schema/custom.ldif**"
 - `LDAP_ULIMIT_NOFILES`: Maximum number of open file descriptors. Default: **1024**.
 - `LDAP_ALLOW_ANON_BINDING`: Allow anonymous bindings to the LDAP server. Default: **yes**.