From 5265ad59b084c8bdbe42b58eae67183ea69cd3a4 Mon Sep 17 00:00:00 2001
From: Matteo Brancaleoni <mbrancaleoni@gmail.com>
Date: Fri, 31 May 2024 10:32:34 +0200
Subject: [PATCH] Allow to optionally set olcSuffix via LDAP_SUFFIX env var

Signed-off-by: Matteo Brancaleoni <mbrancaleoni@gmail.com>
---
 .../2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh    | 3 ++-
 .../2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh    | 3 ++-
 bitnami/openldap/README.md                                     | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh
index 88ff8114c6f33..94d17f3a50a92 100644
--- a/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh
+++ b/bitnami/openldap/2.5/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh
@@ -53,6 +53,7 @@ export LDAP_DAEMON_GROUP="slapd"
 export LDAP_PORT_NUMBER="${LDAP_PORT_NUMBER:-1389}"
 export LDAP_LDAPS_PORT_NUMBER="${LDAP_LDAPS_PORT_NUMBER:-1636}"
 export LDAP_ROOT="${LDAP_ROOT:-dc=example,dc=org}"
+export LDAP_SUFFIX="$(if [ -z ${LDAP_SUFFIX+x} ]; then echo ${LDAP_ROOT}; else echo ${LDAP_SUFFIX}; fi)"
 export LDAP_ADMIN_USERNAME="${LDAP_ADMIN_USERNAME:-admin}"
 export LDAP_ADMIN_DN="${LDAP_ADMIN_USERNAME/#/cn=},${LDAP_ROOT}"
 export LDAP_ADMIN_PASSWORD="${LDAP_ADMIN_PASSWORD:-adminpassword}"
@@ -382,7 +383,7 @@ ldap_admin_credentials() {
 dn: olcDatabase={2}mdb,cn=config
 changetype: modify
 replace: olcSuffix
-olcSuffix: $LDAP_ROOT
+olcSuffix: $LDAP_SUFFIX
 
 dn: olcDatabase={2}mdb,cn=config
 changetype: modify
diff --git a/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh b/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh
index 88ff8114c6f33..94d17f3a50a92 100644
--- a/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh
+++ b/bitnami/openldap/2.6/debian-12/rootfs/opt/bitnami/scripts/libopenldap.sh
@@ -53,6 +53,7 @@ export LDAP_DAEMON_GROUP="slapd"
 export LDAP_PORT_NUMBER="${LDAP_PORT_NUMBER:-1389}"
 export LDAP_LDAPS_PORT_NUMBER="${LDAP_LDAPS_PORT_NUMBER:-1636}"
 export LDAP_ROOT="${LDAP_ROOT:-dc=example,dc=org}"
+export LDAP_SUFFIX="$(if [ -z ${LDAP_SUFFIX+x} ]; then echo ${LDAP_ROOT}; else echo ${LDAP_SUFFIX}; fi)"
 export LDAP_ADMIN_USERNAME="${LDAP_ADMIN_USERNAME:-admin}"
 export LDAP_ADMIN_DN="${LDAP_ADMIN_USERNAME/#/cn=},${LDAP_ROOT}"
 export LDAP_ADMIN_PASSWORD="${LDAP_ADMIN_PASSWORD:-adminpassword}"
@@ -382,7 +383,7 @@ ldap_admin_credentials() {
 dn: olcDatabase={2}mdb,cn=config
 changetype: modify
 replace: olcSuffix
-olcSuffix: $LDAP_ROOT
+olcSuffix: $LDAP_SUFFIX
 
 dn: olcDatabase={2}mdb,cn=config
 changetype: modify
diff --git a/bitnami/openldap/README.md b/bitnami/openldap/README.md
index 66c313764bd89..207d31663a075 100644
--- a/bitnami/openldap/README.md
+++ b/bitnami/openldap/README.md
@@ -194,6 +194,7 @@ The Bitnami Docker OpenLDAP can be easily setup with the following environment v
 * `LDAP_CONFIGURE_PPOLICY`: Enables the ppolicy module and creates an empty configuration. Default: **no**.
 * `LDAP_PPOLICY_USE_LOCKOUT`: Whether bind attempts to locked accounts will always return an error. Will only be applied with `LDAP_CONFIGURE_PPOLICY` active. Default: **no**.
 * `LDAP_PPOLICY_HASH_CLEARTEXT`: Whether plaintext passwords should be hashed automatically. Will only be applied with `LDAP_CONFIGURE_PPOLICY` active. Default: **no**.
+* `LDAP_SUFFIX`: The DN suffix of queries that will be handled by the default database. Default: `LDAP_ROOT` value.
 
 You can bootstrap the contents of your database by putting LDIF files in the directory `/ldifs` (or the one you define in `LDAP_CUSTOM_LDIF_DIR`). Those may only contain content underneath your base DN (set by `LDAP_ROOT`). You can **not** set configuration for e.g. `cn=config` in those files.