fix: Failed to initialize organization object #12

2026-04-10 15:59:11 +02:00 · 2024-12-09 01:24:00 +01:00 · 2024-12-09 01:24:00 +01:00 · f343710883
commit f343710883
parent 1fe0ba015a
3 changed files with 27 additions and 18 deletions
--- a/example/docker-compose/ldifs/init_org_tree.ldif
+++ b/example/docker-compose/ldifs/init_org_tree.ldif
@ -7,7 +7,7 @@ dn: ${LDAP_INIT_ORG_DN}
 description: ${LDAP_INIT_ORG_NAME}
 objectClass: top
 objectClass: organization
-o: ${LDAP_INIT_ORG_ATTR_O}
+${LDAP_INIT_ORG_COMPUTED_ATTRS}

 dn: ou=Groups,${LDAP_INIT_ORG_DN}
 ou: Groups
--- a/image/ldifs/init_org_tree.ldif
+++ b/image/ldifs/init_org_tree.ldif
@ -7,7 +7,7 @@ dn: ${LDAP_INIT_ORG_DN}
 description: ${LDAP_INIT_ORG_NAME}
 objectClass: top
 objectClass: organization
-${LDAP_INIT_ORG_DN_ATTR}
+${LDAP_INIT_ORG_COMPUTED_ATTRS}

 dn: ou=Groups,${LDAP_INIT_ORG_DN}
 ou: Groups
--- a/image/run.sh
+++ b/image/run.sh
@ -141,8 +141,8 @@ if [ ! -e /etc/ldap/slapd.d/initialized ]; then
   /etc/init.d/slapd start
   # await ldap server start
   for i in {1..8}; do
-     ldapwhoami -H ldapi:/// && break
-     sleep 1
+      ldapwhoami -H ldapi:/// && break
+      sleep 1
   done

   ldif add    -Y EXTERNAL /opt/ldifs/schema_sudo.ldif
@ -157,22 +157,31 @@ if [ ! -e /etc/ldap/slapd.d/initialized ]; then
   ldif add    -Y EXTERNAL /opt/ldifs/init_module_ppolicy.ldif

   if [ "${LDAP_INIT_ALLOW_CONFIG_ACCESS:-false}" == "true" ]; then
-     ldif modify -Y EXTERNAL /opt/ldifs/init_config_admin_access.ldif
+      ldif modify -Y EXTERNAL /opt/ldifs/init_config_admin_access.ldif
   fi

-   if [[ -z ${LDAP_INIT_ORG_ATTR_O:-} ]]; then
-     # derive LDAP_INIT_ORG_ATTR_O (referenced by init_org_tree.ldif) from LDAP_INIT_ORG_DN
-     if [[ "$LDAP_INIT_ORG_DN" =~ [oO]=([^,]*) ]]; then # check if "o=..." attribute is present in DN
-       # e.g. LDAP_INIT_ORG_DN="O=example.com"               -> LDAP_INIT_ORG_ATTR_O="example.com"
-       # e.g. LDAP_INIT_ORG_DN="O=Example,DC=example,DC=com" -> LDAP_INIT_ORG_ATTR_O="Example"
-       LDAP_INIT_ORG_DN_ATTR=${BASH_REMATCH[1]}
-     elif [[ "${LDAP_INIT_ORG_DN}" =~ [dD][cC]= ]]; then
-       # e.g. LDAP_INIT_ORG_DN="DC=example,DC=com" -> LDAP_INIT_ORG_ATTR_O="example.com"
-       LDAP_INIT_ORG_DN_ATTR=$(echo $LDAP_INIT_ORG_DN | grep -ioP 'DC=\K[^,]+' | paste -sd '.')
-     else
-       log ERROR "Unable to derive required 'o' attribute of objectClass 'organization' from LDAP_INIT_ORG_DN='$LDAP_INIT_ORG_DN'"
-       exit 1
-     fi
+   # calculate LDAP_INIT_ORG_COMPUTED_ATTRS variable, referenced in init_org_tree.ldif
+   if [[ -z ${LDAP_INIT_ORG_ATTR_O:-} ]] && [[ "$LDAP_INIT_ORG_DN" =~ [oO]=([^,]*) ]]; then
+      # derive 'o:' from LDAP_INIT_ORG_DN if LDAP_INIT_ORG_ATTR_O is unset and "O=..." is present
+      # e.g. LDAP_INIT_ORG_DN="O=example.com"               -> "o: example.com"
+      # e.g. LDAP_INIT_ORG_DN="O=Example,DC=example,DC=com" -> "o: Example"
+      LDAP_INIT_ORG_ATTR_O=${BASH_REMATCH[1]}
+   fi
+   if [[ "$LDAP_INIT_ORG_DN" =~ [dD][cC]=([^,]*) ]]; then
+      LDAP_INIT_ORG_ATTR_DC=${BASH_REMATCH[1]}
+      # derive 'o:' from LDAP_INIT_ORG_DN if LDAP_INIT_ORG_ATTR_O is unset and "DC=..." is present
+      if [[ -z ${LDAP_INIT_ORG_ATTR_O:-} ]]; then
+         # e.g. LDAP_INIT_ORG_DN="DC=example,DC=com" -> "o: example.com"
+         LDAP_INIT_ORG_ATTR_O=$(echo "$LDAP_INIT_ORG_DN" | grep -ioP 'DC=\K[^,]+' | paste -sd '.')
+      fi
+      LDAP_INIT_ORG_COMPUTED_ATTRS="objectClass: dcObject
+o: $LDAP_INIT_ORG_ATTR_O
+dc: $LDAP_INIT_ORG_ATTR_DC"
+   elif [[ -n ${LDAP_INIT_ORG_ATTR_O:-} ]]; then
+      LDAP_INIT_ORG_COMPUTED_ATTRS="o: $LDAP_INIT_ORG_ATTR_O"
+   else
+      log ERROR "Unable to derive required 'o' attribute of objectClass 'organization' from LDAP_INIT_ORG_DN='$LDAP_INIT_ORG_DN'"
+      exit 1
   fi

   ldif add -x -D "$LDAP_INIT_ROOT_USER_DN" -w "$LDAP_INIT_ROOT_USER_PW" /opt/ldifs/init_org_tree.ldif