New version of fusiondirectory

[fruisoft]

New version of fusiondirectory has been released.

Impossible to generate a new image for fusiondirectory-openldap.

Dockerfile needs to be updated.

[fruisoft]

Hi Katsutoshi, can you put an updated example? Thanks

[pierregeekme]

Hello,

I propose this update :

FROM nginx:1.16.0
LABEL maintainer="mps299792458@gmail.com" \
      version="0.2.0"

ENV FUSIONDIRECTORY_VERSION=1.3-1

RUN rm -f /etc/apt/sources.list.d/* \
 && apt-get update \
 && apt-get install -y gnupg ca-certificates apt-transport-https locales wget\
 && gpg --keyserver keys.gnupg.net --recv-key 0xD744D55EACDA69FF \
 && gpg --export -a "FusionDirectory Project Signing Key <contact@fusiondirectory.org>" > FD-archive-key \
 && apt-key add FD-archive-key \
 && (echo "deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-stretch stretch main"; \
     echo "deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main") \
    > /etc/apt/sources.list.d/fusiondirectory.list \
 && apt-get update \
 && DEBIAN_FRONTEND=noninteractive apt install -y \
    argonaut-server \
    fusiondirectory=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-argonaut=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-autofs=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-certificates=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-dns=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-gpg=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-ldapdump=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-ldapmanager=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-mail=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-postfix=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-ssh=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-sudo=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-systems=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-weblink=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-plugin-webservice=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-smarty3-acl-render=${FUSIONDIRECTORY_VERSION} \
    fusiondirectory-webservice-shell=${FUSIONDIRECTORY_VERSION} \
    php-mdb2 \
    php-mbstring \
    php-fpm \
 && rm -rf /var/lib/apt/lists/*

RUN sed -i -e 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen && \
   echo 'LANG="fr_FR.UTF-8"'>/etc/default/locale&& \
   set -eux && dpkg-reconfigure --frontend=noninteractive locales && \
   update-locale LANG=fr_FR.UTF-8 && \
   echo "Europe/Paris" > /etc/timezone &&\
   set -eux && dpkg-reconfigure -f noninteractive tzdata

RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
ADD fusiondirectory.conf /var/cache/fusiondirectory/template/fusiondirectory.conf



RUN export TARGET=/etc/php/7.0/fpm/php.ini \
 && sed -i -e "s:^;\(opcache.enable\) *=.*$:\1=1:" ${TARGET} \
 && sed -i -e "s:^;\(opcache.enable_cli\) *=.*$:\1=0:" ${TARGET} \
 && sed -i -e "s:^;\(opcache.memory_consumption\) *=.*$:\1=1024:" ${TARGET} \
 && sed -i -e "s:^;\(opcache.max_accelerated_files\) *=.*$:\1=65407:" ${TARGET} \
 && sed -i -e "s:^;\(opcache.validate_timestamps\) *=.*$:\1=0:" ${TARGET} \
 && sed -i -e "s:^;\(opcache.revalidate_path\) *=.*$:\1=1:" ${TARGET} \
 && sed -i -e "s:^;\(opcache.error_log\) *=.*$:\1=/dev/null:" ${TARGET} \
 && sed -i -e "s:^;\(opcache.log_verbosity_level\) *=.*$:\1=1:" ${TARGET} \
 && unset TARGET

RUN export TARGET=/etc/php/7.0/fpm/pool.d/www.conf \
 && sed -i -e "s:^\(listen *= *\).*$:\1/run/php7.0-fpm.sock:" ${TARGET} \
 && sed -i -e "s:^\(user *= *\).*$:\1nginx:" ${TARGET} \
 && unset TARGET

RUN export TARGET=/etc/nginx/nginx.conf \
 && sed -i -e "s:^\(user \).*;$:\1 nginx www-data;:" ${TARGET} \
 && unset TARGET

COPY entrypoint.sh /sbin/entrypoint.sh
RUN chmod 755 /sbin/entrypoint.sh
COPY cmd.sh /sbin/cmd.sh
RUN chmod 755 /sbin/cmd.sh
COPY default.conf /etc/nginx/conf.d/

EXPOSE 80 443
ENTRYPOINT ["/sbin/entrypoint.sh"]
CMD ["/sbin/cmd.sh"]

The entrypoint :

#!/bin/bash
set -e

printf "Starting FusionDirectory ... ";

generateconfig(){
  LDAP_DOMAIN=${LDAP_ENV_LDAP_DOMAIN:-${LDAP_DOMAIN}}
  if [ -z ${LDAP_DOMAIN} ] ; then
      printf "\n\nLDAP_DOMAIN is not defined!\n"
      exit 1
  fi

  LDAP_HOST=${LDAP_PORT_389_TCP_ADDR:-${LDAP_HOST}}
  if [ -z ${LDAP_HOST} ] ; then
      printf "\n\nLDAP_HOST is not defined!\n"
      exit 1
  fi

  LDAP_ADMIN_PASSWORD=${LDAP_ENV_LDAP_ADMIN_PASSWORD:-${LDAP_ADMIN_PASSWORD}}
  if [ -z ${LDAP_ADMIN_PASSWORD} ] ; then
      printf "\n\nLDAP_ADMIN_PASSWORD is not defined!\n"
      exit 1
  fi

  IFS='.' read -a domain_elems <<< "${LDAP_DOMAIN}"

  suffix=""
  for elem in "${domain_elems[@]}" ; do
      if [ "x${suffix}" = x ] ; then
          suffix="dc=${elem}"
      else
          suffix="${suffix},dc=${elem}"
      fi
  done

  if [ -z ${LDAP_ADMIN_DN} ] ; then
      BASE_DN="dc=$(echo ${LDAP_DOMAIN} | sed 's/^\.//; s/\.$//; s/\./,dc=/g')"
      : ${LDAP_ADMIN:="admin"}
      LDAP_ADMIN_DN="cn=${LDAP_ADMIN},${BASE_DN}"

      printf "\n\nLDAP_ADMIN_DN is not defined and set to '${LDAP_ADMIN_DN}'\n"
  fi

  LDAP_TLS=${LDAP_TLS:-"false"}
  LDAP_TLS=${LDAP_ENV_LDAP_TLS:-${LDAP_TLS}}

  LDAP_SCHEME=${LDAP_SCHEME:-"ldap"}
  LDAP_COMM_PORT=${LDAP_COMM_PORT:-389}
  if ${LDAP_TLS}; then
      LDAP_SCHEME="ldaps"
      LDAP_COMM_PORT=636
  fi

  cat <<EOF > /etc/fusiondirectory/fusiondirectory.conf
<?xml version="1.0"?>
<conf>
  <!-- Main section **********************************************************
       The main section defines global settings, which might be overridden by
       each location definition inside.

       For more information about the configuration parameters, take a look at
       the FusionDirectory.conf(5) manual page.
  -->
  <main default="default"
        logging="TRUE"
        displayErrors="FALSE"
        forceSSL="FALSE"
        templateCompileDirectory="/var/spool/fusiondirectory/"
        debugLevel="0"
    >

    <!-- Location definition -->
    <location name="default"
    >
        <referral URI="${LDAP_SCHEME}://${LDAP_HOST}:${LDAP_COMM_PORT}/${suffix}"
                        adminDn="${LDAP_ADMIN_DN}"
                        adminPassword="${LDAP_ADMIN_PASSWORD}" />
    </location>
  </main>
</conf>
EOF

  chmod 640 /etc/fusiondirectory/fusiondirectory.conf
  chown root:www-data /etc/fusiondirectory/fusiondirectory.conf

}

if [ "${GENERATE_CONFIG+x}" ]
then
  generateconfig
fi

if [ -e /etc/fusiondirectory/fusiondirectory.conf ]
then
  chmod 640 /etc/fusiondirectory/fusiondirectory.conf
  chown root:www-data /etc/fusiondirectory/fusiondirectory.conf
  yes Yes | fusiondirectory-setup --check-config
  

exec "$@"

An example docker-compose :

version: '3.7'
services:

  fusiondirectory-ldap:
    container_name: ldap.company.org
    image: fusiondirectory-openldap:1.3.1
    environment:
      LDAP_ORGANISATION: ${LDAP_ORGANISATION:-My Company}
      LDAP_DOMAIN: ${LDAP_DOMAIN:-company.org}
      LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-adminmdp}
      LDAP_CONFIG_PASSWORD: ${LDAP_CONFIG_PASSWORD:-configmdp}
      LDAP_TLS_VERIFY_CLIENT: ${LDAP_TLS_VERIFY_CLIENT:-allow}
      LDAP_TLS_ENFORCE: ${LDAP_TLS_ENFORE:-true}
      HOSTNAME: ${HOSTNAME:-ldap.company.org}
    ports:
      - 389:389
      - 636:636
    volumes:
      - ${LDAP_VOLUME_CONF:-./docker-ressources/conf}:/etc/ldap/slapd.d
      - ${LDAP_VOLUME_LIB:-./docker-ressources/var}:/var/lib/ldap

    networks:
      - backend

  fusiondirectory:
    image: fusiondirectory:1.3.1
    volumes:
      - /tmp/fusiondirectory.auth:/var/cache/fusiondirectory/fusiondirectory.auth
    ports:
      - 80:80
      - 443:443
    networks:
      - backend
    depends_on:
      - fusiondirectory-ldap
    environment:
      LDAP_DOMAIN: ${LDAP_DOMAIN:-company.org}
      LDAP_HOST: fusiondirectory-ldap
      LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-adminmdp}
      TZ: Europe/Paris
      #GENERATE_CONFIG: "true"
      LDAP_TLS: "true"

networks:
  backend:

To use this solution, it's necessary to follow the step :

• touch /tmp/fusiondirectory.auth
• comment GENERATE_CONFIG: "true"
• docker-compose up
• Se rendre sur http://127.0.0.1/fd
• stopper les docker
• "uncomment" GENERATE_CONFIG: "true"
• docker-compose up -d