You're just replacing once constant with another here, why not just
set it correctly once, in the source file?
Because the destination field is not always the same, it is different for different vm groups.
Why use a rootpw at all?
I though I cannot get around using this when changing the log level or acls during runtime for instance?
Why aren't you using slapadd to initialize the config?
No specific reason.
Cool thanks! I am more fan of Centos because then I can fall back on RedHat support, especially for production environments. I am not sure
your script is takling the issue described here, but looking at it, I
think you can add also --no-cache. You should beware of ENV LDAP_ROOTPASS that stays when the task is launched (at least on mesos), better work with the hashes. Furthermore I try to run as less
tasks as possible under root so I am binding to a high port ;) I also
need to be able to use slapadd otherwise syncing will take to long.
So at the moment mine looks like this ;)
# Version: 0.0.1 - openldap FROM centos:7
ENV SLAPD_USER="ldap" \ SLAPD_UID=10061 \ SLAPD_CFG_DIR="/etc/openldap/" \ SLAPD_DATA_DIR="/var/lib/ldap" \ SLAPD_KEY_DIR="/etc/pki/tls/private" \ SLAPD_CRT_DIR="/etc/pki/tls/certs" \ SLAPD_OPTS="-d 0 -4 -u ldap" \ SLAPD_URLS="ldap://0.0.0.0:8443/"
# create user/group RUN groupadd $SLAPD_USER -g $SLAPD_UID \
&& useradd $SLAPD_USER -u $SLAPD_UID -g $SLAPD_UID --system