[bitnami/openldap] Accept ACL changes after first start

[pschichtel]

Name and Version

bitnami/openldap:2.6.3

What is the problem this feature will solve?

Requirements for ACLs change and would be great to change them through the same mechanism they have been initialized by.

What is the feature you are proposing to solve the problem?

This feature request is in response to: jp-gouin/helm-openldap#115

What I'd like to have: A functionality to import ldif files on every start and not just the first one.

What alternatives have you considered?

No response

[carrodher]

Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

[zerowebcorp]

@pschichtel Since you're using k8s/helm chart, would adding a InitContainer that can pull the custom config on every start and apply work as as workaround?

[pschichtel]

I just had a look into how the container works. an init container would be doable, but since an init container might be the first thing that's executed on an empty volume I'd have to replicate the entire initialization logic their. not a huge deal, just running the setup.sh in the initContainer and then repeating select parts of it. I might give that a shot.

[pschichtel]

Ok I had time to test around a bit:

• using docker-entrypoint.initdb.d doesn't work, because these scripts are also only executed once (how unfortunate!)
• I discarded the idea of using an initContainer (@zerowebcorp) because that requires a massive amount of duplication from the helm chart, since the configuration of this container in the chart isn't exactly simple.

I'm considering sending in a PR for either:

1. introducing a second kind of docker-entrypoint-initdb.d (mabye docker-entrypoint-applydb.d?) that is applied everytime and can be used for any idempotent operations (e.g. replace of olcAccess)
2. introducing a boolean option to make docker-entrypoint-initdb.d scripts "re-runnable"

I'm in favor of 2 as it is the simpler change, leads to less duplication and individual scripts could still create some marker file to only run just once, if it so desires.

@zerowebcorp @carrodher @javsalgar any input? Also how can I reopen this?

[pschichtel]

The script that I would add would look something like this:

#!/usr/bin/env sh

ldap_start_bg
# create admin user
ldapadd -f "${LDAP_CUSTOM_LDIF_DIR}/10-readonly-user.ldif" -H 'ldapi:///' -D "$LDAP_ADMIN_DN" -w "$LDAP_ADMIN_PASSWORD"
slapadd -F "$LDAP_ONLINE_CONF_DIR" -n 0 -l "/opt/bitnami/openldap/etc/schema/acls.ldif"
ldap_stop
while is_ldap_running; do sleep 1; done

which is based on what the setup.sh script does.