fix: fix #104 - LDAP userPassword attribute can be read without auth

2026-06-08 20:20:04 +08:00 · 2025-10-16 15:58:43 +02:00
parent 219899adfc
commit f253158ae7
3 changed files with 40 additions and 0 deletions
--- a/config/ldap/init-ldap-acls.sh
+++ b/config/ldap/init-ldap-acls.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -eu
+
+# load OpenLDAP environment and functions
+. /opt/bitnami/scripts/libopenldap.sh
+
+trap ldap_stop EXIT
+
+# start LDAP in background
+ldap_start_bg
+
+# wait until LDAP is started
+while ! ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=admin,dc=opencloud,dc=eu" >/dev/null 2>&1; do
+    echo "Waiting for LDAP to start..."
+    sleep 1
+done
+
+# apply acls
+echo -n "Applying acls... "
+ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/etc/schema/50_acls.ldif
+if [ $? -eq 0 ]; then
+    echo "done."
+else
+    echo "failed."
+fi
+