add Dockerfile and change permissions of root directory of lam

openldap/image-v2/Dockerfile

@@ -0,0 +1,52 @@
+FROM osixia/web-baseimage:1.1.1
+
+# phpLDAPadmin version
+ARG PHPLDAPADMIN_VERSION=1.2.3
+ARG PHPLDAPADMIN_SHA1=669fca66c75e24137e106fdd02e3832f81146e23
+
+# Add multiple process stack to supervise apache2 and php7.0-fpm
+# sources: https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-multiple-process-stack
+#          https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-service-available
+#          https://github.com/osixia/docker-web-baseimage/blob/stable/image/service-available/:apache2/download.sh
+#          https://github.com/osixia/docker-web-baseimage/blob/stable/image/service-available/:php7.0-fpm/download.sh
+#          https://github.com/osixia/light-baseimage/blob/stable/image/service-available/:ssl-tools/download.sh
+# Install ca-certificates, curl and php dependencies
+# Download phpLDAPadmin, check file integrity, and unzip phpLDAPadmin to /var/www/phpldapadmin_bootstrap
+# Remove curl
+RUN apt-get update \
+	&& /container/tool/add-multiple-process-stack \
+	&& /container/tool/add-service-available :apache2 :php7.0-fpm :ssl-tools \
+	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+	ca-certificates \
+	curl \
+	patch \
+	php7.0-ldap \
+	php7.0-readline \
+	php7.0-xml \
+	&& curl -o phpldapadmin.tgz -SL https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${PHPLDAPADMIN_VERSION}/phpldapadmin-${PHPLDAPADMIN_VERSION}.tgz \
+	&& echo "$PHPLDAPADMIN_SHA1 *phpldapadmin.tgz" | sha1sum -c - \
+	&& mkdir -p /var/www/phpldapadmin_bootstrap /var/www/phpldapadmin \
+	&& tar -xzf phpldapadmin.tgz --strip 1 -C /var/www/phpldapadmin_bootstrap \
+	&& apt-get remove -y --purge --auto-remove curl ca-certificates \
+	&& rm phpldapadmin.tgz \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Add service directory to /container/service
+ADD service /container/service
+
+# Use baseimage install-service script
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service
+RUN /container/tool/install-service
+
+# Add default env variables
+ADD environment /container/environment/99-default
+
+# Set phpLDAPadmin data directory in a data volume
+VOLUME ["/var/www/phpldapadmin"]
+ADD ./ldap.tar.gz /tmp/
+ADD ./php7.0-zip_7.0.30-0+deb9u1_amd64.deb /tmp
+ADD ./libzip4_1.1.2-1.1+b1_amd64.deb /tmp
+RUN dpkg -i /tmp/*.deb ; rm -f /tmp/*.deb
+# Expose http and https default ports
+EXPOSE 80 443

openldap/image-v2/environment/default.startup.yaml

@@ -0,0 +1,20 @@
+PHPLDAPADMIN_LDAP_HOSTS:
+  - ldap.example.org:
+    - server:
+      - tls: true
+    - login:
+      - bind_id: cn=admin,dc=example,dc=org
+  - ldap2.example.org
+  - ldap3.example.org
+
+# LDAP client tls config
+PHPLDAPADMIN_LDAP_CLIENT_TLS: true
+PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: demand
+PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ldap-ca.crt
+PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: ldap-client.crt
+PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: ldap-client.key
+
+# ssl-helper environment variables prefix
+LDAP_CLIENT_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
+
+SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: :apache2 :php7.0-fpm

openldap/image-v2/environment/default.yaml

@@ -0,0 +1,19 @@
+# Apache
+PHPLDAPADMIN_SERVER_ADMIN: webmaster@example.org
+PHPLDAPADMIN_SERVER_PATH: /phpldapadmin
+
+# Self signed certificat will be generated
+# if PHPLDAPADMIN_HTTPS is set to true and no certificat and key are provided.
+
+# To use your custom certificat and key 2 options :
+# - add them in service/phpldapadmin/assets/apache2/certs and build the image
+# - or during docker run mount a data volume with those files to /container/service/phpldapadmin/assets/apache2/certs
+PHPLDAPADMIN_HTTPS: true
+PHPLDAPADMIN_HTTPS_CRT_FILENAME: phpldapadmin.crt
+PHPLDAPADMIN_HTTPS_KEY_FILENAME: phpldapadmin.key
+PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca.crt
+
+PHPLDAPADMIN_TRUST_PROXY_SSL: false
+
+# ssl-helper environment variables prefix
+PHPLDAPADMIN_SSL_HELPER_PREFIX: phpldapadmin # ssl-helper first search config from PHPLDAPADMIN_SSL_HELPER_* variables, before SSL_HELPER_* variables.

openldap/image-v2/service/ldap-client/assets/certs/README.md

@@ -0,0 +1,2 @@
+Add your ldap client certificate, key and CA certificate here
+or during docker run mount a data volume with those files to /container/service/ldap-client/assets/certs

openldap/image-v2/service/ldap-client/startup.sh

@@ -0,0 +1,38 @@
+#!/bin/bash -e
+
+# set -x (bash debug) if log level is trace
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
+log-helper level eq trace && set -x
+
+www_data_homedir=$( getent passwd "www-data" | cut -d: -f6 )
+
+FIRST_START_DONE="${CONTAINER_STATE_DIR}/docker-ldap-client-first-start-done"
+# container first start
+if [ ! -e "$FIRST_START_DONE" ]; then
+
+  if [ "${PHPLDAPADMIN_LDAP_CLIENT_TLS,,}" == "true" ]; then
+
+    # generate a certificate and key if files don't exists
+    # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper
+    ssl-helper ${LDAP_CLIENT_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME}"
+
+    # ldap client config
+    sed -i --follow-symlinks "s,TLS_CACERT.*,TLS_CACERT ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
+    echo "TLS_REQCERT $PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT" >> /etc/ldap/ldap.conf
+    cp -f /etc/ldap/ldap.conf ${CONTAINER_SERVICE_DIR}/ldap-client/assets/ldap.conf
+
+    [[ -f "$www_data_homedir/.ldaprc" ]] && rm -f $www_data_homedir/.ldaprc
+    echo "TLS_CERT ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" > $www_data_homedir/.ldaprc
+    echo "TLS_KEY ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" >> $www_data_homedir/.ldaprc
+    cp -f $www_data_homedir/.ldaprc ${CONTAINER_SERVICE_DIR}/ldap-client/assets/.ldaprc
+
+    chown www-data:www-data -R ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/
+  fi
+
+  touch $FIRST_START_DONE
+fi
+
+ln -sf ${CONTAINER_SERVICE_DIR}/ldap-client/assets/.ldaprc $www_data_homedir/.ldaprc
+ln -sf ${CONTAINER_SERVICE_DIR}/ldap-client/assets/ldap.conf /etc/ldap/ldap.conf
+
+exit 0

openldap/image-v2/service/phpldapadmin/assets/apache2/certs/README.md

@@ -0,0 +1,2 @@
+Add your https server certificate, key and the CA certificate (if any) here
+or during docker run mount a data volume with those files to /container/service/phpldapadmin/assets/apache2/certs

openldap/image-v2/service/phpldapadmin/assets/apache2/http.conf

@@ -0,0 +1,20 @@
+<VirtualHost *:80>
+
+	ServerName ${HOSTNAME}
+	ServerAdmin ${PHPLDAPADMIN_SERVER_ADMIN}
+	ServerPath ${PHPLDAPADMIN_SERVER_PATH}
+
+	DocumentRoot /var/www/phpldapadmin/htdocs
+
+	Include /etc/apache2/conf-available/gzip.conf
+	Include /etc/apache2/conf-available/cache.conf
+
+	<Directory /var/www/phpldapadmin/htdocs >
+		Require all granted
+	</Directory>
+
+	<files config.php >
+		Require all denied
+	</files>
+
+</VirtualHost>

openldap/image-v2/service/phpldapadmin/assets/apache2/https.conf

@@ -0,0 +1,26 @@
+<VirtualHost _default_:443>
+
+	ServerName ${HOSTNAME}
+	ServerAdmin ${PHPLDAPADMIN_SERVER_ADMIN}
+	ServerPath ${PHPLDAPADMIN_SERVER_PATH}
+
+	DocumentRoot /var/www/phpldapadmin/htdocs
+
+	Include /etc/apache2/conf-available/ssl.conf
+
+	SSLCertificateFile    ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CRT_FILENAME}
+	SSLCertificateKeyFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_KEY_FILENAME}
+	#SSLCACertificateFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME}
+
+	Include /etc/apache2/conf-available/gzip.conf
+	Include /etc/apache2/conf-available/cache.conf
+
+	<Directory /var/www/phpldapadmin/htdocs >
+		Require all granted
+	</Directory>
+
+	<files config.php >
+		Require all denied
+	</files>
+
+</VirtualHost>

openldap/image-v2/service/phpldapadmin/assets/config/README.md

@@ -0,0 +1 @@
+Add your custom config.php file here or mount one at docker run to /container/service/phpldapadmin/assets/config/config.php

openldap/image-v2/service/phpldapadmin/assets/config/config.php

@@ -0,0 +1,68 @@
+<?php
+/** NOTE **
+ ** Make sure that <?php is the FIRST line of this file!
+ ** IE: There should NOT be any blank lines or spaces BEFORE <?php
+ **/
+
+ /*********************************************
+  * Useful important configuration overrides  *
+  *********************************************/
+
+ /* If you are asked to put PLA in debug mode, this is how you do it: */
+ $config->custom->debug['level'] = 0;
+ $config->custom->debug['syslog'] = true;
+ #  $config->custom->debug['file'] = '/tmp/pla_debug.log';
+
+/**
+ * The phpLDAPadmin config file
+ * See: http://phpldapadmin.sourceforge.net/wiki/index.php/Config.php
+ */
+
+/* The temporary storage directory where we will put jpegPhoto data
+   This directory must be readable and writable by your web server. */
+ $config->custom->jpeg['tmpdir'] = '/var/www/tmp';
+
+ /* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
+   to a big random string. */
+
+/*
+ * Autogenerated value will be automatically added by phpldapadmin/startup.sh
+ */
+ $config->custom->session['blowfish'] = '{{ PHPLDAPADMIN_CONFIG_BLOWFISH }}';
+
+
+/*********************************************
+ * Appearance                                *
+ *********************************************/
+/* Hide the warnings for invalid objectClasses/attributes in templates. */
+$config->custom->appearance['hide_template_warning'] = true;
+
+
+
+/*********************************************
+ * User-friendly attribute translation       *
+ *********************************************/
+
+/* Use this array to map attribute names to user friendly names. For example, if
+   you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
+// $config->custom->appearance['friendly_attrs'] = array();
+$config->custom->appearance['friendly_attrs'] = array(
+	'facsimileTelephoneNumber' => 'Fax',
+	'gid'                      => 'Group',
+	'mail'                     => 'Email',
+	'telephoneNumber'          => 'Telephone',
+	'uid'                      => 'User Name',
+	'userPassword'             => 'Password'
+);
+
+
+/*********************************************
+ * Define your LDAP servers in this section  *
+ *********************************************/
+
+$servers = new Datastore();
+
+/*
+ * Autogenerated servers variables will come here
+ */
+{{ PHPLDAPADMIN_SERVERS }}

openldap/image-v2/service/phpldapadmin/assets/php5.5.patch

@@ -0,0 +1,144 @@
+diff --git a/lib/PageRender.php b/lib/PageRender.php
+index 7d86a54..eed5d5f 100644
+--- a/lib/PageRender.php
++++ b/lib/PageRender.php
+@@ -287,7 +287,7 @@ class PageRender extends Visitor {
+ 						break;
+ 
+ 					default:
+-						$vals[$i] = password_hash($passwordvalue,$enc);
++						$vals[$i] = password_hash_custom($passwordvalue,$enc);
+ 				}
+ 
+ 				$vals = array_unique($vals);
+@@ -957,7 +957,7 @@ class PageRender extends Visitor {
+ 		if (trim($val))
+ 			$enc_type = get_enc_type($val);
+ 		else
+-			$enc_type = $server->getValue('appearance','password_hash');
++			$enc_type = $server->getValue('appearance','password_hash_custom');
+ 
+ 		$obfuscate_password = obfuscate_password_display($enc_type);
+ 
+@@ -982,7 +982,7 @@ class PageRender extends Visitor {
+ 		if (trim($val))
+ 			$enc_type = get_enc_type($val);
+ 		else
+-			$enc_type = $server->getValue('appearance','password_hash');
++			$enc_type = $server->getValue('appearance','password_hash_custom');
+ 
+ 		echo '<table cellspacing="0" cellpadding="0"><tr><td valign="top">';
+ 
+diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php
+index c346660..7532539 100644
+--- a/lib/ds_ldap.php
++++ b/lib/ds_ldap.php
+@@ -1116,13 +1116,24 @@ class ldap extends DS {
+ 
+ 		if (is_array($dn)) {
+ 			$a = array();
+-			foreach ($dn as $key => $rdn)
+-				$a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
++			foreach ($dn as $key => $rdn) {
++				$a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++					function ($m) {
++						return ''.chr(hexdec('\\1')).'';
++					},
++					$rdn
++					);
++			}
+ 
+ 			return $a;
+ 
+ 		} else
+-			return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
++			 return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++				function ($m) {
++					return ''.chr(hexdec('\\1')).'';
++				},
++				$dn
++			);
+ 	}
+ 
+ 	public function getRootDSE($method=null) {
+diff --git a/lib/ds_ldap_pla.php b/lib/ds_ldap_pla.php
+index 7ece393..6b0990e 100644
+--- a/lib/ds_ldap_pla.php
++++ b/lib/ds_ldap_pla.php
+@@ -16,7 +16,7 @@ class ldap_pla extends ldap {
+ 	function __construct($index) {
+ 		parent::__construct($index);
+ 
+-		$this->default->appearance['password_hash'] = array(
++		$this->default->appearance['password_hash_custom'] = array(
+ 			'desc'=>'Default HASH to use for passwords',
+ 			'default'=>'md5');
+ 
+diff --git a/lib/functions.php b/lib/functions.php
+index 56d8bf3..5ac3caf 100644
+--- a/lib/functions.php
++++ b/lib/functions.php
+@@ -2127,7 +2127,7 @@ function password_types() {
+  *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
+  * @return string The hashed password.
+  */
+-function password_hash($password_clear,$enc_type) {
++function password_hash_custom($password_clear,$enc_type) {
+ 	if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
+ 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
+ 
+@@ -2318,7 +2318,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
+ 
+ 		# SHA crypted passwords
+ 		case 'sha':
+-			if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
++			if (strcasecmp(password_hash_custom($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
+ 				return true;
+ 			else
+ 				return false;
+@@ -2327,7 +2327,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
+ 
+ 		# MD5 crypted passwords
+ 		case 'md5':
+-			if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
++			if( strcasecmp(password_hash_custom($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
+ 				return true;
+ 			else
+ 				return false;
+@@ -2392,7 +2392,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
+ 
+ 		# SHA512 crypted passwords
+ 		case 'sha512':
+-			if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
++			if (strcasecmp(password_hash_custom($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
+ 				return true;
+ 			else
+ 				return false;
+@@ -2564,13 +2564,24 @@ function dn_unescape($dn) {
+ 	if (is_array($dn)) {
+ 		$a = array();
+ 
+-		foreach ($dn as $key => $rdn)
+-			$a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
++		foreach ($dn as $key => $rdn) {
++			$a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++				function ($m) {
++					return ''.chr(hexdec('\\1')).'';
++				},
++				$rdn
++			);
++		}
+ 
+ 		return $a;
+ 
+ 	} else {
+-		return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
++		 return  preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
++			 function ($m) {
++				return ''.chr(hexdec('\\1')).'';
++			},
++			$dn
++		);
+ 	}
+ }
+ 

openldap/image-v2/service/phpldapadmin/assets/php7.0-fpm/opcache.ini

@@ -0,0 +1,6 @@
+opcache.enable=1
+opcache.validate_timestamps=0
+opcache.max_accelerated_files=5413
+opcache.memory_consumption=128
+opcache.interned_strings_buffer=16
+opcache.fast_shutdown=1

openldap/image-v2/service/phpldapadmin/assets/php7.0-fpm/pool.conf

@@ -0,0 +1 @@
+php_value[include_path] = .

openldap/image-v2/service/phpldapadmin/install.sh

@@ -0,0 +1,25 @@
+#!/bin/bash -e
+# this script is run during the image build
+
+cat /container/service/phpldapadmin/assets/php7.0-fpm/pool.conf >> /etc/php/7.0/fpm/pool.d/www.conf
+rm -rf /container/service/phpldapadmin/assets/php7.0-fpm/pool.conf
+
+cp -f /container/service/phpldapadmin/assets/php7.0-fpm/opcache.ini /etc/php/7.0/fpm/conf.d/opcache.ini
+rm -rf /container/service/phpldapadmin/assets/php7.0-fpm/opcache.ini
+
+mkdir -p /var/www/tmp
+chown www-data:www-data /var/www/tmp
+
+# remove apache default host
+a2dissite 000-default
+rm -rf /var/www/html
+
+# Add apache modules
+a2enmod deflate expires
+
+# delete unnecessary files
+rm -rf /var/www/phpldapadmin_bootstrap/doc
+
+# apply php5.5 patch
+patch -p1 -d /var/www/phpldapadmin_bootstrap < /container/service/phpldapadmin/assets/php5.5.patch
+sed -i "s/password_hash/password_hash_custom/g" /var/www/phpldapadmin_bootstrap/lib/TemplateRender.php

openldap/image-v2/service/phpldapadmin/startup.sh

@@ -0,0 +1,158 @@
+#!/bin/bash -e
+
+# set -x (bash debug) if log level is trace
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
+log-helper level eq trace && set -x
+
+FIRST_START_DONE="${CONTAINER_STATE_DIR}/docker-phpldapadmin-first-start-done"
+
+#
+# HTTPS config
+#
+if [ "${PHPLDAPADMIN_HTTPS,,}" == "true" ]; then
+
+  log-helper info "Set apache2 https config..."
+
+  # generate a certificate and key if files don't exists
+  # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper
+  ssl-helper ${PHPLDAPADMIN_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CRT_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_KEY_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME"
+
+  # add CA certificat config if CA cert exists
+  if [ -e "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME" ]; then
+    sed -i "s/#SSLCACertificateFile/SSLCACertificateFile/g" ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf
+  fi
+
+  ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf /etc/apache2/sites-available/phpldapadmin.conf
+#
+# HTTP config
+#
+else
+  log-helper info "Set apache2 http config..."
+  ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/http.conf /etc/apache2/sites-available/phpldapadmin.conf
+fi
+
+#
+# Reverse proxy config
+#
+if [ "${PHPLDAPADMIN_TRUST_PROXY_SSL,,}" == "true" ]; then
+  echo 'SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on' > /etc/apache2/mods-enabled/remoteip_ssl.conf
+fi
+
+a2ensite phpldapadmin | log-helper debug
+
+#
+# phpLDAPadmin directory is empty, we use the bootstrap
+#
+if [ ! "$(ls -A -I lost+found /var/www/phpldapadmin)" ]; then
+
+  log-helper info "Bootstap phpLDAPadmin..."
+
+  cp -R /var/www/phpldapadmin_bootstrap/* /var/www/phpldapadmin
+  rm -rf /var/www/phpldapadmin_bootstrap
+  rm -f /var/www/phpldapadmin/config/config.php
+fi
+
+# if there is no config
+if [ ! -e "/var/www/phpldapadmin/config/config.php" ]; then
+
+  # on container first start customise the container config file
+  if [ ! -e "$FIRST_START_DONE" ]; then
+
+    get_salt() {
+      salt=$(</dev/urandom tr -dc '1324567890#<>,()*.^@$% =-_~;:/{}[]+!`azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN' | head -c64 | tr -d '\\')
+    }
+
+    # phpLDAPadmin cookie secret
+    get_salt
+    sed -i "s|{{ PHPLDAPADMIN_CONFIG_BLOWFISH }}|${salt}|g" ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php
+
+    append_to_file() {
+      TO_APPEND=$1
+      sed -i "s|{{ PHPLDAPADMIN_SERVERS }}|${TO_APPEND}\n{{ PHPLDAPADMIN_SERVERS }}|g" ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php
+    }
+
+    append_value_to_file() {
+      local TO_PRINT=$1
+      local VALUE=$2
+      local php_value=$(print_by_php_type "$VALUE")
+      append_to_file "\$servers->setValue($TO_PRINT$php_value);"
+    }
+
+    print_by_php_type() {
+      if [ "$1" == "True" ]; then
+        echo "true"
+      elif [ "$1" == "False" ]; then
+        echo "false"
+      elif [[ "$1" == array\(\'* ]]; then
+        echo "$1"
+      else
+        echo "'$1'"
+      fi
+    }
+
+    # phpLDAPadmin host config
+    host_info(){
+      local to_print=$1
+
+      for info in $(complex-bash-env iterate "$2")
+      do
+        if [ $(complex-bash-env isRow "${!info}") = true ]; then
+          local key=$(complex-bash-env getRowKey "${!info}")
+          local valueVarName=$(complex-bash-env getRowValueVarName "${!info}")
+
+          if [ $(complex-bash-env isTable "${!valueVarName}") = true ] || [ $(complex-bash-env isRow "${!valueVarName}") = true ]; then
+            host_info "$to_print'$key'," "${valueVarName}"
+          else
+            append_value_to_file "$to_print'$key'," "${!valueVarName}"
+          fi
+        fi
+      done
+    }
+
+    # phpLDAPadmin config
+    for host in $(complex-bash-env iterate PHPLDAPADMIN_LDAP_HOSTS)
+    do
+
+      append_to_file "\$servers->newServer('ldap_pla');"
+
+      if [ $(complex-bash-env isRow "${!host}") = true ]; then
+        hostname=$(complex-bash-env getRowKey "${!host}")
+        info=$(complex-bash-env getRowValueVarName "${!host}")
+
+        if [ "${PHPLDAPADMIN_LDAP_HOSTS_FRIENDLY,,}" != "true" ]; then
+          append_to_file "\$servers->setValue('server','host','$hostname');"
+        fi
+        append_to_file "\$servers->setValue('server','name','$hostname');"
+        host_info "" "$info"
+
+      else
+        append_to_file "\$servers->setValue('server','name','${!host}');"
+        append_to_file "\$servers->setValue('server','host','${!host}');"
+      fi
+    done
+
+    sed -i "/{{ PHPLDAPADMIN_SERVERS }}/d" ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php
+
+    touch $FIRST_START_DONE
+  fi
+
+  log-helper debug "link ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php to /var/www/phpldapadmin/config/config.php"
+  cp -f ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php /var/www/phpldapadmin/config/config.php
+
+fi
+
+# fix file permission
+find /var/www/ -type d -exec chmod 755 {} \;
+find /var/www/ -type f -exec chmod 644 {} \;
+chown www-data:www-data -R /var/www
+
+# symlinks special (chown -R don't follow symlinks)
+chown www-data:www-data /var/www/phpldapadmin/config/config.php
+chmod 400 /var/www/phpldapadmin/config/config.php
+echo "++++++++++++++copy lam to htdocs..."
+mv /tmp/ldap /var/www/phpldapadmin/htdocs/
+chmod 757 -R /var/www/phpldapadmin/htdocs/ldap/tmp/
+chmod 757 -R /var/www/phpldapadmin/htdocs/ldap/sess/
+chmod 777 -R /var/www/phpldapadmin/htdocs/ldap/config
+chown -R www-data:www-data /var/www/phpldapadmin/htdocs/ldap/
+exit 0