From a4bcaf89126a981f32c2dcaf79b3539634cd8bd7 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Thu, 1 Jan 2026 11:47:47 -0300
Subject: [PATCH] sso(openldap): fix bootstrap ldif mount

---
 services/openldap/statefulset.yaml | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/services/openldap/statefulset.yaml b/services/openldap/statefulset.yaml
index 8af04e4..9bdfefb 100644
--- a/services/openldap/statefulset.yaml
+++ b/services/openldap/statefulset.yaml
@@ -20,6 +20,25 @@ spec:
       nodeSelector:
         kubernetes.io/arch: arm64
         node-role.kubernetes.io/worker: "true"
+      initContainers:
+        - name: copy-bootstrap-ldif
+          image: docker.io/library/alpine:3.20
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -euxo pipefail
+              cp -a /bootstrap-src/. /bootstrap-dst/
+              chmod -R 0644 /bootstrap-dst || true
+          volumeMounts:
+            - name: bootstrap-src
+              mountPath: /bootstrap-src
+              readOnly: true
+            - name: bootstrap-ldif
+              mountPath: /bootstrap-dst
       containers:
         - name: openldap
           image: docker.io/osixia/openldap:1.5.0
@@ -61,11 +80,12 @@ spec:
               mountPath: /etc/ldap/slapd.d
             - name: bootstrap-ldif
               mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom
-              readOnly: true
       volumes:
-        - name: bootstrap-ldif
+        - name: bootstrap-src
           configMap:
             name: openldap-bootstrap
+        - name: bootstrap-ldif
+          emptyDir: {}
   volumeClaimTemplates:
     - metadata:
         name: ldap-data