From 02d141a56784ecef77454bd25dee602c0fafd1f8 Mon Sep 17 00:00:00 2001
From: ingalls <nick@ingalls.ca>
Date: Wed, 23 Oct 2024 09:44:52 -0600
Subject: [PATCH] Password in quotes and explicit hash type

---
 cloudformation/lib/api.js | 16 ++++++++--------
 start                     |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/cloudformation/lib/api.js b/cloudformation/lib/api.js
index 37a8826..744bf87 100644
--- a/cloudformation/lib/api.js
+++ b/cloudformation/lib/api.js
@@ -230,15 +230,15 @@ export default {
                         ContainerPort: 389
                     }],
                     Environment: [
-                        { Name: 'StackName', Value: cf.stackName },
-                        { Name: 'AWS_DEFAULT_REGION', Value: cf.region },
-                        { Name: 'LDAP_ORGANISATION', Value: cf.ref('LDAPOrganisation') },
-                        { Name: 'LDAP_DOMAIN', Value: cf.ref('LDAPDomain') },
-                        { Name: 'LDAP_ADMIN_USERNAME', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:username:AWSCURRENT}}') },
-                        { Name: 'LDAP_ADMIN_PASSWORD', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:password:AWSCURRENT}}') },
-                        { Name: 'LDAP_SVC_USERNAME', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/svc:SecretString:password:AWSCURRENT}}') },
-                        { Name: 'LDAP_SVC_PASSWORD', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/svc:SecretString:password:AWSCURRENT}}') },
+                        { Name: 'StackName',            Value: cf.stackName },
+                        { Name: 'AWS_DEFAULT_REGION',   Value: cf.region },
+                        { Name: 'LDAP_ORGANISATION',    Value: cf.ref('LDAPOrganisation') },
+                        { Name: 'LDAP_DOMAIN',          Value: cf.ref('LDAPDomain') },
+                        { Name: 'LDAP_ADMIN_USERNAME',  Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:username:AWSCURRENT}}') },
+                        { Name: 'LDAP_ADMIN_PASSWORD',  Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:password:AWSCURRENT}}') },
                         { Name: 'LDAP_CONFIG_PASSWORD', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:password:AWSCURRENT}}') }
+                        { Name: 'LDAP_SVC_USERNAME',    Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/svc:SecretString:username:AWSCURRENT}}') },
+                        { Name: 'LDAP_SVC_PASSWORD',    Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/svc:SecretString:password:AWSCURRENT}}') },
                     ],
                     LogConfiguration: {
                         LogDriver: 'awslogs',
diff --git a/start b/start
index 44a7d95..3056de1 100755
--- a/start
+++ b/start
@@ -11,7 +11,7 @@ TLD="$(echo "${LDAP_DOMAIN}" | sed 's/^.*\.//')"
 echo "ORG: ${ORG}"
 echo "TLD: ${TLD}"
 
-SERVICE_PASSWORD="$(slappasswd -s ${LDAP_SVC_PASSWORD})"
+SERVICE_PASSWORD="$(slappasswd -h "{SSHA}" -s "${LDAP_SVC_PASSWORD}")"
 
 for filename in /container/templates/*.ldif; do
     echo "Building ${filename}"