From d17de44d8c6cfa0d69a8efd7c1c7bd59746831c2 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <w.hottgenroth@krohne.com>
Date: Mon, 2 Sep 2019 10:48:39 +0000
Subject: [PATCH] ready for first build, I hope

---
 Dockerfile                |  5 +++--
 docker-entrypoint.sh-head |  8 +++-----
 load_pam_plugin.cnf       |  4 ++++
 readme.md                 | 26 ++++++++++++++++++++++++++
 4 files changed, 36 insertions(+), 7 deletions(-)
 create mode 100644 load_pam_plugin.cnf
 create mode 100644 readme.md

diff --git a/Dockerfile b/Dockerfile
index 3db6ac6..d3e40bf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,8 +15,9 @@ RUN \
   env DEBIAN_FRONTEND=noninteractive apt-get -yq install pamtester
 
 COPY docker-entrypoint.sh-head /usr/local/bin
-COPY pam.conf-tail /etc/pam.conf-tail
-COPY ldap.conf-tmpl /etc/ldap.conf-tmpl
+COPY pam.conf-tail /etc
+COPY ldap.conf-tmpl /etc
+COPY load_pam_plugin.cnf /etc/mysql/conf.d
 
 RUN \
   cd /usr/local/bin && \
diff --git a/docker-entrypoint.sh-head b/docker-entrypoint.sh-head
index 50d6c62..3e4c090 100644
--- a/docker-entrypoint.sh-head
+++ b/docker-entrypoint.sh-head
@@ -1,9 +1,7 @@
 #!/bin/bash
 
-echo "new docker-entrypoint.sh head"
-
-pushd /etc
-cat ldap.conf-tmpl | sed -e "s/%LDAPBASE%/$LDAPBASE/" -e "s,%LDAPURI%,$LDAPURI," -e "s/%LDAPBINDDN%/$LDAPBINDDN/" -e "s/%LDAPBINDPW%/$LDAPBINDPW/" > ldap.conf
-popd 
+if [ `whoami` = 'root' ]; then
+  (cd /etc && cat ldap.conf-tmpl | sed -e "s/%LDAPBASE%/$LDAPBASE/" -e "s,%LDAPURI%,$LDAPURI," -e "s/%LDAPBINDDN%/$LDAPBINDDN/" -e "s/%LDAPBINDPW%/$LDAPBINDPW/" > ldap.conf)
+fi
 
 
diff --git a/load_pam_plugin.cnf b/load_pam_plugin.cnf
new file mode 100644
index 0000000..76d9b5e
--- /dev/null
+++ b/load_pam_plugin.cnf
@@ -0,0 +1,4 @@
+[mariadb]
+plugin_load=auth_pam.so
+
+
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..b5b064a
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,26 @@
+# MariaDB with PAM authentication via LDAP against an ActiveDirectory server
+
+This image directly derives from the official mariadb image from docker hub, (https://hub.docker.com/_/mariadb).
+
+It is built via a CI/CD pipeline on Gitlab from the repository https://gitlab.com/wolutator/mariadb-with-ldap-pam.
+
+The `libpam_ldap` package is installed and configured. Final values for the LDAP configuration are loaded at start time of the container from environment variables given on the command line.
+
+These variables are
+
+  * `LDAPURI`: LDAP URI, like `ldap://dc.yourdomain.com:389`
+  * `LDAPBASE`: Search base, like `DC=YOURDOMAIN, DC=com`
+  * `LDAPBINDDN`: DN of a user to read on the ActiveDirectory server
+  * `LDAPBINDPW`: Password of that user
+
+Start the container after creating the required volumes (see documentation of the original mariadb image) with something like this:
+
+    docker run --rm --name mariadb \
+      -e LDAPURI="ldap://dc.yourdomain.com:389" \
+      -e LDAPBASE="dc=YOURDOMAIN,dc=com" \
+      -e LDAPBINDDN="ldapbinddn" \
+      -e LDAPBINDPW="ldapbindpw" \
+      -e MYSQL_ROOT_PASSWORD=test123 \
+      wollud1969/mariadb-with-ldap-pam:latest
+
+