hydraldaplam/entrypoint.sh

#!/usr/bin/env bash
set -e

# 1) Ensure required env vars are set:
: "${LDAP_DOMAIN:?Need to set LDAP_DOMAIN (e.g. example.com)}"
: "${LDAP_ORGANISATION:?Need to set LDAP_ORGANISATION}"
: "${LDAP_ADMIN_PASSWORD:?Need to set LDAP_ADMIN_PASSWORD}"
: "${LDAP_USER_PASSWORD:?Need to set LDAP_USER_PASSWORD}"
: "${LAM_BIND_DN:?Need to set LAM_BIND_DN}"
: "${LAM_BIND_PASSWORD:?Need to set LAM_BIND_PASSWORD}"
: "${HYDRA_SECRETS_SYSTEM:?Need to set HYDRA_SECRETS_SYSTEM}"
: "${HYDRA_ISSUER_URL:?Need to set HYDRA_ISSUER_URL}"

# 2) Reconfigure slapd via debconf:
debconf-set-selections <<EOF
slapd slapd/no_configuration boolean false
slapd slapd/password1 password ${LDAP_ADMIN_PASSWORD}
slapd slapd/password2 password ${LDAP_ADMIN_PASSWORD}
slapd slapd/domain string ${LDAP_DOMAIN}
slapd shared/organization string "${LDAP_ORGANISATION}"
slapd slapd/backend select MDB
slapd slapd/purge_database boolean true
slapd slapd/move_old_database boolean true
EOF

# (Re)configure slapd non-interactively:
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -f noninteractive slapd

# 3) Bootstrap the LDIF into slapd:
envsubst < /templates/bootstrap.ldif.tpl > /tmp/bootstrap.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=admin,dc=${LDAP_DOMAIN}" -w "${LDAP_ADMIN_PASSWORD}" -f /tmp/bootstrap.ldif || true
# (ignore “already exists” errors if rerunning)

# 4) Render Hydra’s config:
envsubst < /templates/hydra-config.yaml.tpl > /etc/hydra/config.yaml

# 5) Render LAM’s PHP config:
envsubst < /templates/lam.conf.php.tpl > /var/www/lam/config/lam.conf.php

# 6) Finally, launch supervisord (which starts slapd, hydra, and apache2):
exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf