From fa7653dd14ea333b6f04ccbf9e8ac64abc115e9f Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@cadoles.com>
Date: Tue, 15 Mar 2022 12:12:09 +0100
Subject: [PATCH] update ldap and postgresql password

---
 .../openldap-server/dictionaries/21_openldap-server.xml  | 1 +
 .../2022.03.08/openldap-server/templates/slapd.service   | 1 +
 .../2022.03.08/openldap-server/templates/users_mod.ldif  | 9 +++++++++
 .../postgresql-server/templates/postgresql.sql           | 1 +
 4 files changed, 12 insertions(+)
 create mode 100644 seed/applicationservice/2022.03.08/openldap-server/templates/users_mod.ldif

diff --git a/seed/applicationservice/2022.03.08/openldap-server/dictionaries/21_openldap-server.xml b/seed/applicationservice/2022.03.08/openldap-server/dictionaries/21_openldap-server.xml
index 850791d..e7750ac 100644
--- a/seed/applicationservice/2022.03.08/openldap-server/dictionaries/21_openldap-server.xml
+++ b/seed/applicationservice/2022.03.08/openldap-server/dictionaries/21_openldap-server.xml
@@ -8,6 +8,7 @@
       <file owner="ldap" mode="400">/etc/pki/tls/private/openldap.key</file>
       <file owner="ldap">/var/lib/ldap/DB_CONFIG</file>
       <file>/secrets/users.ldif</file>
+      <file>/secrets/users_mod.ldif</file>
       <file>/secrets/config.ldif</file>
       <file>/secrets/config_acl.ldif</file>
       <file>/secrets/admin_ldap.pwd</file>
diff --git a/seed/applicationservice/2022.03.08/openldap-server/templates/slapd.service b/seed/applicationservice/2022.03.08/openldap-server/templates/slapd.service
index 81a6049..9b4b253 100644
--- a/seed/applicationservice/2022.03.08/openldap-server/templates/slapd.service
+++ b/seed/applicationservice/2022.03.08/openldap-server/templates/slapd.service
@@ -13,3 +13,4 @@ ExecStart=+/usr/sbin/slapd -u ldap -h ldaps:///
 #waiting for ldap server...
 ExecStartPost=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done'
 ExecStartPost=-/usr/bin/ldapmodify -D %%ldap_admin_dn -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
+ExecStartPost=-/usr/bin/ldapmodify -D %%ldap_admin_dn -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
diff --git a/seed/applicationservice/2022.03.08/openldap-server/templates/users_mod.ldif b/seed/applicationservice/2022.03.08/openldap-server/templates/users_mod.ldif
new file mode 100644
index 0000000..6908924
--- /dev/null
+++ b/seed/applicationservice/2022.03.08/openldap-server/templates/users_mod.ldif
@@ -0,0 +1,9 @@
+# Remote
+%for %%remote in %%accounts.remotes
+ %set %%name = %%normalize_family(%%remote)
+dn: %%accounts['remote_' + %%name]['dn_' + %%name]
+changetype: modify
+replace: userPassword
+userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name])
+
+%end for
diff --git a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.sql b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.sql
index 312b46e..7f3892a 100644
--- a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.sql
+++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.sql
@@ -2,5 +2,6 @@
  %set %%name = %%normalize_family(%%server)
 CREATE DATABASE "%%name";
 CREATE ROLE "%%name" WITH LOGIN ENCRYPTED PASSWORD '%%accounts["remote_" + %%name]["password_" + %%name]';
+ALTER USER "%%name" PASSWORD '%%accounts["remote_" + %%name]["password_" + %%name]';
 GRANT ALL PRIVILEGES ON DATABASE "%%name" TO "%%name";
 %end for