rename customSchemaFiles to extraSchemaFiles and add a new customSche…

…maFiles option

.bin/myval.yaml

@@ -1,19 +1,19 @@
 logLevel: debug
-resources: 
+resources:
   limits:
     cpu: "128m"
     memory: "64Mi"
 replicaCount: 3
 ltb-passwd:
   ingress:
     hosts:
-    - "ssl-ldap2.example"
+      - "ssl-ldap2.example"
 phpldapadmin:
   ingress:
     hosts:
-    - "phpldapadmin.example"
-customSchemaFiles:
-  00-memberof.ldif: |-
+      - "phpldapadmin.example"
+extraSchemaFiles:
+  memberof.ldif: |-
     # Load memberof module
     dn: cn=module,cn=config
     cn: module
@@ -27,8 +27,8 @@ customSchemaFiles:
     objectClass: olcMemberOf
     olcOverlay: memberof
     olcMemberOfRefint: TRUE
-    
-  10_owncloud_schema.ldif: |-
+customSchemaFiles:
+  00_owncloud_schema.ldif: |-
     # This LDIF files describes the ownCloud schema and can be used to
     # add two optional attributes: ownCloudQuota and ownCloudUUID
     # The ownCloudUUID is used to store a unique, non-reassignable, persistent identifier for users and groups
@@ -105,4 +105,4 @@ initTLSSecret:
     repository: alpine/openssl
     tag: latest
     pullPolicy: IfNotPresent
-  secret: "custom-cert" 
+  secret: "custom-cert"

advanced_examples/MemberOf.md

@@ -1,12 +1,12 @@
 # Examples of MemberOf configuration
 
-## Enable MemberOf 
+## Enable MemberOf
 
 Use the following values to enable `memberof` attribute:
 
 This configuration works regardless of the `replication` configuration (`enabled` or `disabled`)
 
-```
+```ldif
 # Default configuration for openldap as environment variables. These get injected directly in the container.
 # Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
 env:
@@ -45,7 +45,7 @@ customLdifFiles:
     objectclass: posixGroup
     objectclass: top
     add: memberUid
-    memberUid: jdupond    
+    memberUid: jdupond
   03-test-memberof.ldif: |-
     dn: ou=Group,dc=example,dc=org
     objectclass: organizationalUnit
@@ -63,7 +63,7 @@ customLdifFiles:
     objectclass: groupOfNames
     cn: testgroup
     member: uid=test1,ou=People,dc=example,dc=org
-customSchemaFiles:
+extraSchemaFiles:
   #enable memberOf ldap search functionality, users automagically track groups they belong to
   00-memberof.ldif: |-
     # Load memberof module
@@ -83,11 +83,13 @@ customSchemaFiles:
 
 Connect to your openldap instance and execute:
 
-```
+```bash
 LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://127.0.0.1:1636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)"
 ```
-You should get the following result: 
-```
+
+You should get the following result:
+
+```ldif
 # extended LDIF
 #
 # LDAPv3
@@ -107,4 +109,4 @@ result: 0 Success
 
 # numResponses: 2
 # numEntries: 1
-```
+```

templates/_helpers.tpl

@@ -89,7 +89,7 @@ Generate olcSyncRepl list
 {{- define "olcSyncRepls2" -}}
 {{- $name := (include "openldap.fullname" .) }}
 {{- $domain := (include "global.baseDomain" .) }}
-{{- $bindDNUser := .Values.global.adminUser }} 
+{{- $bindDNUser := .Values.global.adminUser }}
 {{- $namespace := .Release.Namespace }}
 {{- $cluster := .Values.replication.clusterName }}
 {{- $adminPassword := ternary .Values.global.adminPassword "%%ADMIN_PASSWORD%%" (empty .Values.global.existingSecret) }}
@@ -186,9 +186,9 @@ Cannot return list => return string comma separated
 Return the list of custom schema files to use
 Cannot return list => return string comma separated
 */}}
-{{- define "openldap.customSchemaFiles" -}}
+{{- define "openldap.extraSchemaFiles" -}}
   {{- $schemas := "" -}}
-  {{- $schemas := ((join "," (.Values.customSchemaFiles | keys | sortAlpha))  | replace ".ldif" "") -}}
+  {{- $schemas := ((join "," (.Values.extraSchemaFiles | keys | sortAlpha))  | replace ".ldif" "") -}}
   {{- print $schemas -}}
 {{- end -}}
 
@@ -198,7 +198,7 @@ Cannot return list => return string comma separated
 */}}
 {{- define "openldap.schemaFiles" -}}
   {{- $schemas := (include "openldap.builtinSchemaFiles" .) -}}
-  {{- $custom_schemas := (include "openldap.customSchemaFiles" .) -}}
+  {{- $custom_schemas := (include "openldap.extraSchemaFiles" .) -}}
   {{- if gt (len $custom_schemas) 0 -}}
     {{- $schemas = print $schemas "," $custom_schemas  -}}
   {{- end -}}

templates/configmap-extraschema.yaml

@@ -0,0 +1,23 @@
+#
+# A ConfigMap spec for openldap slapd that map directly to files under
+# /opt/bitnami/openldap/etc/schema/custom
+#
+{{- if .Values.extraSchemaFiles }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "openldap.fullname" . }}-extraschema
+  labels:
+    app: {{ template "openldap.name" . }}
+    chart: {{ template "openldap.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.extraLabels }}
+{{ toYaml .Values.extraLabels | indent 4 }}
+{{- end }}
+data:
+{{- range $key, $val := .Values.extraSchemaFiles }}
+  {{ $key }}: |-
+{{ $val | indent 4}}
+{{- end }}
+{{- end }}

templates/statefulset.yaml

@@ -33,6 +33,12 @@ spec:
         {{- if .Values.customLdifFiles}}
         checksum/configmap-customldif: {{ include (print $.Template.BasePath "/configmap-customldif.yaml") . | sha256sum }}
         {{- end }}
+        {{- if .Values.extraSchemaFiles}}
+        checksum/configmap-extraschema: {{ include (print $.Template.BasePath "/configmap-extraschema.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.customSchemaFiles}}
+        checksum/configmap-customschema: {{ include (print $.Template.BasePath "/configmap-customschema.yaml") . | sha256sum }}
+        {{- end }}
       labels: {{- include "common.labels.standard" . | nindent 8 }}
         app.kubernetes.io/component: {{ template "openldap.fullname" . }}
         release: {{ .Release.Name }}
@@ -52,12 +58,15 @@ spec:
               if [ "$host" = "{{ template "openldap.fullname" . }}-0" ]
               then
                 echo "This is the main openldap so let's init all additional schemas and ldifs here"
-                cp -p -f /cm-schemas-acls/*.ldif /custom_config/ 
-                if [ -d /cm-schemas ]; then
-                  cp -p -f /cm-schemas/*.ldif /custom-schemas/ 
+                cp -p -f /cm-schemas-acls/*.ldif /custom_config/
+                if [ -d /cm-extra-schemas ]; then
+                  cp -p -f /cm-extra-schemas/*.ldif /extra-schemas/
+                fi
+                if [ -d /cm-custom-schemas ]; then
+                  cp -p -f /cm-custom-schemas/*.ldif /custom-schemas/
                 fi
                 if [ -d /cm-ldifs ]; then
-                  cp -p -f /cm-ldifs/*.ldif /custom-ldifs/ 
+                  cp -p -f /cm-ldifs/*.ldif /custom-ldifs/
                 fi
               else
                 cp -p -f /cm-schemas-acls/*.ldif /custom_config/
@@ -74,14 +83,20 @@ spec:
           resources: {{- toYaml .Values.initTLSSecret.resources | nindent 12 }}
           {{- end }}
           volumeMounts:
-    {{- if .Values.customSchemaFiles }}
-      {{- range $file := (include "openldap.customSchemaFiles" . | split ",") }}
-            - name: cm-custom-schema-files
-              mountPath: /cm-schemas/{{ $file }}.ldif
+    {{- if .Values.extraSchemaFiles }}
+      {{- range $file := (include "openldap.extraSchemaFiles" . | split ",") }}
+            - name: cm-extra-schema-files
+              mountPath: /cm-extra-schemas/{{ $file }}.ldif
               subPath: {{ $file }}.ldif
       {{- end }}
+            - name: extra-schema-files
+              mountPath: /extra-schemas/
+    {{- end }}
+    {{- if .Values.customSchemaFiles }}
+            - name: cm-custom-schema-files
+              mountPath: /cm-schemas
             - name: custom-schema-files
-              mountPath: /custom-schemas/
+              mountPath: /custom-schemas
     {{- end }}
     {{- if or (.Values.customLdifFiles) (.Values.customLdifCm) }}
             - name: cm-custom-ldif-files
@@ -141,7 +156,7 @@ spec:
             - mountPath: /bitnami
               name: data
       {{- end }}
-    
+
       serviceAccountName: {{ template "openldap.serviceAccountName" . }}
       {{- include "openldap.imagePullSecrets" . | nindent 6 }}
       {{- if .Values.hostAliases }}
@@ -252,16 +267,20 @@ spec:
               mountPath: /opt/bitnami/openldap/etc/schema/{{ $file }}.ldif
               subPath: {{ $file }}.ldif
             {{- end }}
-{{- if .Values.customSchemaFiles}}
-            {{- range $file := (include "openldap.customSchemaFiles" . | split ",") }}
-            - name: custom-schema-files
+{{- if .Values.extraSchemaFiles}}
+            {{- range $file := (include "openldap.extraSchemaFiles" . | split ",") }}
+            - name: extra-schema-files
               mountPath: /opt/bitnami/openldap/etc/schema/{{ $file }}.ldif
               subPath: {{ $file }}.ldif
             {{- end }}
 {{- end }}
+{{- if .Values.customSchemaFiles}}
+            - name: custom-schema-files
+              mountPath: /schemas # default value for LDAP_CUSTOM_SCHEMA_DIR, see https://github.com/bitnami/containers/blob/c969cdc2e0d547f67f89b7e4a21bc2e00716f6ab/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh#L42
+{{- end }}
 {{- if or (.Values.customLdifFiles) (.Values.customLdifCm) }}
             - name: custom-ldif-files
-              mountPath: /ldifs/
+              mountPath: /ldifs # default value for LDAP_CUSTOM_LDIF_DIR, see https://github.com/bitnami/containers/blob/c969cdc2e0d547f67f89b7e4a21bc2e00716f6ab/bitnami/openldap/2.6/debian-
 {{- end }}
 {{- range .Values.customFileSets }}
 {{- $fs := . }}
@@ -307,6 +326,14 @@ spec:
           emptyDir:
             medium: Memory
 {{- end }}
+{{- if .Values.extraSchemaFiles }}
+        - name: cm-extra-schema-files
+          configMap:
+            name: {{ template "openldap.fullname" . }}-extraschema
+        - name: extra-schema-files
+          emptyDir:
+            medium: Memory
+{{- end }}
 {{- if .Values.customSchemaFiles }}
         - name: cm-custom-schema-files
           configMap:

values.yaml

@@ -66,7 +66,7 @@ image:
 logLevel: info
 
 initSchema:
-  image: 
+  image:
     repository: debian
     tag: latest
     pullPolicy: Always
@@ -98,13 +98,12 @@ service:
 # Use the env variables from https://hub.docker.com/r/bitnami/openldap/
 # Be careful, do not modify the following values unless you know exactly what your are doing
 env:
- BITNAMI_DEBUG: "true"
- LDAP_LOGLEVEL: "256"
- LDAP_TLS_ENFORCE: "false"
- LDAPTLS_REQCERT: "never"
- LDAP_ENABLE_TLS: "yes"
- LDAP_SKIP_DEFAULT_TREE: "no"
-
+  BITNAMI_DEBUG: "true"
+  LDAP_LOGLEVEL: "256"
+  LDAP_TLS_ENFORCE: "false"
+  LDAPTLS_REQCERT: "never"
+  LDAP_ENABLE_TLS: "yes"
+  LDAP_SKIP_DEFAULT_TREE: "no"
 
 # Pod Disruption Budget for Stateful Set
 # Disabled by default, to ensure backwards compatibility
@@ -122,12 +121,20 @@ pdb:
 # userPasswords: bitnami1, bitnami2
 
 ## Group to create and add list of user above
-  ## Default set by bitnami image
+## Default set by bitnami image
 # group: readers
 
 # Custom openldap schema files used to be used in addition to default schemas
 # Note that the supplied files are sorted by name and inserted into 'LDAP_EXTRA_SCHEMAS' env var
 # after chart default schemas, allowing you to control the loading sequence.
+# extraSchemaFiles:
+#   custom.ldif: |-
+#     # custom schema
+#   anothercustom.ldif: |-
+#     # another custom schema
+
+# Custom openldap schema files used to be used in addition to default schemas
+# Note that the supplied schema files are imported in order of their filename
 # customSchemaFiles:
 #   custom.ldif: |-
 #     # custom schema
@@ -383,7 +390,7 @@ serviceAccount:
   automountServiceAccountToken: false
   ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
   ##
-  annotations: {}  
+  annotations: {}
 
 ## @section Init Container Parameters
 
@@ -409,7 +416,7 @@ initTLSSecret:
     ##
     pullPolicy: IfNotPresent
   # The name of a kubernetes.io/tls type secret to use for TLS
-  secret: "" 
+  secret: ""
   ## init-tls-secret container's resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
   ## @param initTlsSecret.resources.limits The resources limits for the init container
@@ -444,8 +451,8 @@ volumePermissions:
     tag: 10-debian-10
     pullPolicy: IfNotPresent
 
-  ## Command to execute during the volumePermission startup
-    command: [ 'sh', '-c', 'chmod -R g+rwX /bitnami' ]
+    ## Command to execute during the volumePermission startup
+    command: ["sh", "-c", "chmod -R g+rwX /bitnami"]
   ## command: {}
   ## Init container's resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -477,7 +484,6 @@ updateReplication:
     limits: {}
     requests: {}
 
-
 ## Configure extra options for liveness, readiness, and startup probes
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
 livenessProbe:
@@ -512,7 +518,7 @@ test:
 ## ltb-passwd
 # For more parameters check following file: ./charts/ltb-passwd/values.yaml
 ltb-passwd:
-  enabled : true
+  enabled: true
   image:
     tag: 5.2.3
   ingress:
@@ -524,19 +530,19 @@ ltb-passwd:
     pathType: Prefix
     ## Ingress Host
     hosts:
-    - "ssl-ldap2.example"
+      - "ssl-ldap2.example"
     ## Ingress cert
     tls: []
     # - secretName: ssl-ldap2.example
     #   hosts:
     #   - ssl-ldap2.example
   # ldap:
-    # if you want to restrict search base tree for users instead of complete domain
-    # searchBase: "ou=....,dc=mydomain,dc=com"
-    # if you want to use a dedicated bindDN for the search with less permissions instead of cn=admin one
-    # bindDN: "cn=....,dc=mydomain,dc=com"
-    # if you want to use a specific key of the credentials secret instead of the default one (LDAP_ADMIN_PASSWORD)
-    # passKey: LDAP_MY_KEY
+  # if you want to restrict search base tree for users instead of complete domain
+  # searchBase: "ou=....,dc=mydomain,dc=com"
+  # if you want to use a dedicated bindDN for the search with less permissions instead of cn=admin one
+  # bindDN: "cn=....,dc=mydomain,dc=com"
+  # if you want to use a specific key of the credentials secret instead of the default one (LDAP_ADMIN_PASSWORD)
+  # passKey: LDAP_MY_KEY
 
 ## phpldapadmin
 ## For more parameters check following file: ./charts/phpldapadmin/values.yaml
@@ -555,7 +561,7 @@ phpldapadmin:
     pathType: Prefix
     ## Ingress Host
     hosts:
-    - phpldapadmin.example
+      - phpldapadmin.example
     ## Ingress cert
     tls: []
     # - secretName: phpldapadmin.example