Git Product home page Git Product logo

openldap's Introduction

OpenLDAP Docker Image

About

The purpose of this project is to create a containerized and scalable OpenLDAP image for use in various development projects and/or production environments. It is intended to be as noninteractive as possible and makes full use of environment variables for configuration.

Quickstart

  1. Run docker-compose up -d (make sure you modify the configuration variables first!)

  2. Login to your LDAP server w/ username cn=admin,dc=example,dc=com and whatever password you chose

Development

Initalization

This container has been set up with two possible states in mind: configured and unconfigured. The first time that you start a container, it will be unconfigured. This means you will have to set some environment variables as well as follow an interactive prompt that will appear when run for the first time. An example of what an initializing Docker command might be:

  docker run -it --rm \
  --name openldap-init \
  -v $DEPLOY_DIR/data/db:/var/lib/ldap \
  -v $DEPLOY_DIR/data/config:/config \
  -e ORG_NAME="Ranvier" \
  -e ORG_DNS="example.com" \
  -e ORG_DN="dc=example,com" \
  -e SERVER_FQDN=$SERVER_FQDN \
  -e ROOT_SECRET="password" \
  ranvier/openldap:latest

After running this, you might then run the following for a persistent server:

docker run -dit \
--restart=always \
--name openldap \
-v /srv/ldap/config:/config \
-v /srv/ldap/db:/var/lib/ldap \
ranvier/openldap:prod

* Note the lack of environment variables

Environment Variables

When configuring a server for the first time, whether as a master or a slave, a certain set of environment variables are required:

  • ORG_NAME : Organization's name. e.g. Ranvier
  • ORG_DNS : Organization's distinguished name. e.g. example.com
  • ORG_DN : Organization's distinguished name. e.g. dc=example,dc=com
  • SERVER_FQDN : Fully qualified domain name of the server. e.g. ldap.example.com
  • ROOT_SECRET : Password for the default admin user in LDAP

These currently don't do much, but hopefully they will in the future.

TLS

When the server is configured for the first time, it is configured to look for the following files:

  • /config/certs/ca-certificates.crt : List of CA certificates
  • /config/certs/server.crt : The server's certificate
  • /config/certs/server.key : The server's key

These are generated on initial configuration but it is also possible to drop in your own key and certificate by simply replacing these files.

Authorization

The default admin account to the server has a DN of cn=admin,ORG_DN where ORG_DN is the base DN that was specified at initialization of the container. Likewise, the password for this user is the same as the ROOT_SECRET that was specified at initalization.

e.g. cn=admin,dc=example,dc=com

Configuring and Using OpenLDAP

ldap-utils

Searching a Server

ldapsearch -H ldaps://ds1-dev.example.com -b dc=example,dc=com -D cn=admin,dc=example,dc=com -W <filter> <attrs>

Modifying DIT Information (with LDIF)

ldapmodify -H ldaps://ds1-dev.example.com -D cn=admin,dc=example,dc=com -W -f dit-changes.ldif

Modifying Server Configuration (OLC) (with LDIF)

To modify locally / within container

docker exec -it openldap bash
ldapmodify -Y EXTERNAL -H ldapi:/// -f config-changes.ldif

To modify remotely (cn=admin,cn=config user must exist!)

ldapmodify -H ldaps://ds1-dev.example.com -D cn=admin,cn=config -W -f config-changes.ldif

Ignoring Invalid TLS Certificates (for self-signed deployments)

export LDAPTLS_REQCERT=never or LDAPTLS_REQCERT=never ldapsearch ...

To-Do

  • Remove interactive configuration wizard in favor of automatic configuration based on environment variables.
    • Add cn=admin,cn=config user (with same pass as default admin) for configuration management.
    • On configured containers, confirm all schemas in the resources folder are applied.
  • Consider using Alpine
  • Add documentation for general use cases
  • Upload to Docker Hub

Notes

  • slapd.conf / ldap.conf are deprecated as configuration options. See more details here.

Resources

openldap's People

Contributors

decaby7e avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.