osixia / docker-openldap

OpenLDAP container image 🐳🌴
MIT License
4.05k stars 977 forks source link

failed to build docker with custom GID/UID #483

Open phanthaihuan opened 4 years ago

phanthaihuan commented 4 years ago

Hello everyone,

I tried to set build arg to custom UID/GID but the exported image always get the UID/GID 911/911. Here is my build command:

#!/bin/sh

##
## mark build tag
##
BUILD="$1"

# Check openldap UID/GID on host's system before build
id -u openldap
status=$?

if [ $status -ne 0 ]; then
    sudo useradd -r -s /sbin/nologin openldap  
fi

LDAP_OPENLDAP_UID=$(id -u openldap)
LDAP_OPENLDAP_GID=$(id -g openldap)

echo "LDAP_OPENLDAP_UID = $LDAP_OPENLDAP_UID"
echo "LDAP_OPENLDAP_GID = $LDAP_OPENLDAP_GID"

docker build \
--no-cache=true \
--build-arg LDAP_OPENLDAP_GID=$LDAP_OPENLDAP_GID \
--build-arg LDAP_OPENLDAP_UID=$LDAP_OPENLDAP_UID -t openldap:$BUILD .

exit 0

here is the snippet code from Dockerfile

# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
# If explicit uid or gid is given, use it.
RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -g 911 -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
    && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -u 911 -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi

RUN echo "LDAP_OPENLDAP_UID = $LDAP_OPENLDAP_UID"; \
    echo "LDAP_OPENLDAP_GID = $LDAP_OPENLDAP_GID"; \
    sleep 5;

the two variables has the number > 0

$LDAP_OPENLDAP_UID
$LDAP_OPENLDAP_GID

Thank you for your feedback. Best regards, Huan Phan

phanthaihuan commented 4 years ago

Here is the full script of Dockerfile:


# Use osixia/light-baseimage
# sources: https://github.com/osixia/docker-light-baseimage
FROM osixia/light-baseimage:1.2.0

ARG LDAP_OPENLDAP_GID
ARG LDAP_OPENLDAP_UID

ARG PQCHECKER_VERSION=2.0.0
ARG PQCHECKER_MD5=c005ce596e97d13e39485e711dcbc7e1

# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
# If explicit uid or gid is given, use it.
RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -g 911 -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
    && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -u 911 -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi

RUN echo "LDAP_OPENLDAP_UID = $LDAP_OPENLDAP_UID"; \
    echo "LDAP_OPENLDAP_GID = $LDAP_OPENLDAP_GID"; \
    sleep 5;

# Add buster-backports in preparation for downloading newer openldap components, especially sladp
RUN echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

# Install OpenLDAP, ldap-utils and ssl-tools from the (backported) baseimage and clean apt-get files
# sources: https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-service-available
#          https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/download.sh
RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update \
    && /container/tool/add-service-available :ssl-tools \
    && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t buster-backports install -y --no-install-recommends \
    ca-certificates \
    curl \
    ldap-utils \
    libsasl2-modules \
    libsasl2-modules-db \
    libsasl2-modules-gssapi-mit \
    libsasl2-modules-ldap \
    libsasl2-modules-otp \
    libsasl2-modules-sql \
    openssl \
    slapd \
    slapd-contrib \
    krb5-kdc-ldap \
    && curl -o pqchecker.deb -SL http://www.meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb \
    && echo "${PQCHECKER_MD5} *pqchecker.deb" | md5sum -c - \
    && dpkg -i pqchecker.deb \
    && rm pqchecker.deb \
    && update-ca-certificates \
    && apt-get remove -y --purge --auto-remove curl ca-certificates \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Add service directory to /container/service
ADD supporting_files/service /container/service

# Use baseimage install-service script
# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service
RUN /container/tool/install-service

# Add default env variables
ADD supporting_files/environment /container/environment/99-default

# Expose default ldap and ldaps ports
EXPOSE 389
EXPOSE 636

# Put ldap config and database dir in a volume to persist data.
VOLUME /etc/ldap/slapd.d 
VOLUME /var/lib/ldap