How to add an overlay?

[tnunamak]

Hey all, I'd like to add smbk5pwd to synchronize UNIX and Samba passwords.

What are the basic steps for doing this with this image? I'm not sure if an approach like this one is appropriate, or where the .ldif files should be created.

[KokutoSan]

Hello @tnunamak ,

You can have your .ldif file on your own computer and then apply them using a command like this one: ldapmodify -x -H ldaps://<your LDAP URI> -W -D "cn=admin,cn=config" -f smbk5pwd-module.ldif

This will apply the content of smbk5pwd-module.ldif to the LDAP server specified with the -H argument. You will also be prompted for the configuration password (not the same as admin).

After that, you can check that the configuration has changed using: ldapsearch -x -H ldaps://<your LDAP URI> -LLL -D "cn=admin,cn=config" -W -b "cn=config" olcModuleList

You should see something like:

dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_mdb olcModuleLoad: {1}memberof olcModuleLoad: {2}refint olcModuleLoad: {3}ppolicy olcModuleLoad: {4}syncprov olcModuleLoad: {5}smbk5pwd.la

I hope this help.

[jmalyik]

I would not open another issue for this, I think this belongs here too:

It is not possible (it seems) to apply an overlay in the same way as the ldif files can be applied (by adding them to /container/service/slapd/assets/config/bootstrap/ldif). This requires difficult workarounds if one would like to create a docker image where e.g. the pwpolicy overlay is activated (and no need to go there and run that script manually).

For example, this ldif cannot be applied (probably because at bootstrap time the olcModuleList attribute is not available yet):

dn: cn=module,cn=config
cn: module{0}
objectClass: top
objectClass: olcModuleList
olcModuleLoad: ppolicy.la
olcModulePath: /usr/lib/ldap