okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Marisa 2025-09-28 14:52:07 -04:00
parent 9093453fe8
commit 1ec576a4ee
1 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -320,15 +320,7 @@ If successful, the output will show the modified entry.
Since no policy overlay exists (more on this later), we need to create our own.\
\
Try adding one of the core schemas that comes with LDAP.
```
root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/corba.ldif
adding new entry "cn=corba,cn=schema,cn=config"
```
Notice we are using the -Q and -Y EXTERNAL parameters instead of our usual -x, meaning SASL EXTERNAL authentication over the ldapi:/// socket, which we usually use binding as the root account. We need to make use of a real administrative account to continue, like the one we created in the first part.
If we get a result different from the showed up here, we won't be able to implement any schemas or ACLs, and we should check the dockerfile first, and second the commands we used to run the container as well that we started slapd with the specified parameters before.
\
Check our administrative account was well created, so it has it's own directory so we can add special configurations, such schemas
In the next command, notice we are using the -Q and -Y EXTERNAL parameters instead of our usual -x, meaning SASL EXTERNAL authentication over the ldapi:/// socket, which we usually use for binding as the root account.
```
root@example:/# ldapsearch -Q -Y EXTERNAL -H ldapi:/// -D "cn=admin,dc=example,dc=com" -b cn=config "(objectclass=olcModuleList)"
# extended LDIF
@ -344,7 +336,27 @@ objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
...
```
If you read the output, we are only "loading" the default backend mdb that comes by default with LDAP to load basic schemas such as directory (OU) creation.
Run the following command:\
```
root@example:/# ls /usr/lib/ldap/ppolicy*
/usr/lib/ldap/ppolicy-2.5.so.0 /usr/lib/ldap/ppolicy-2.5.so.0.1.14 /usr/lib/ldap/ppolicy.la /usr/lib/ldap/ppolicy.so
```
Our LDAP server may not come loaded with the right policies, but the modules exists inside the container image.
We need to make use of schemas, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it:
```
root@example:/# vim modify_ppolicy_module.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: ppolicy.so
```
Now we run modify_ppolicy_module.ldif
```
If we get a different result from the last command, we won't be able to implement any schemas or ACLs, and we should check the dockerfile first, and second the commands we used to run the container as well that we started slapd with the specified parameters before.
\
<!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->