From 2f075d40fce5fda464b8e00b83ddf8620eeec0a9 Mon Sep 17 00:00:00 2001 From: Marisa Date: Tue, 16 Sep 2025 12:49:21 -0400 Subject: [PATCH] Add READMEnew.md --- READMEnew.md | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 READMEnew.md diff --git a/READMEnew.md b/READMEnew.md new file mode 100644 index 0000000..2a59501 --- /dev/null +++ b/READMEnew.md @@ -0,0 +1,120 @@ +# ldapdock +*_a configurable container running openLDAP_* + +A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, **optional steps are marked with __*__** + +### _Creating the ldapdock container_ + +build ldapdock +``` +> docker build -t ldapdock /path/to/dockerfile +``` + +__*__ after build, check the docker image has been created properly with the given REPOSITORY name +``` +> docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +ldapdock latest 0e4a1521b346 6 hours ago 138MB +``` + +run into the container to setup openLDAP +``` +> docker run -h example.com -i -t ldapdock /bin/bash +``` + +make sure to use the following command to start openLDAP +``` +slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d +``` + +################################################### + +run into the container setting up the LDAP server and the hostname +``` +> docker run -h example.com -i -t ldapdock /bin/bash +``` + +### _Inside the ldapdock image_ + +start the openLDAP daemon server +``` +> service slapd start + * Starting OpenLDAP slapd [ OK ] +``` + +__*__ edit base configuration of openLDAP server +``` +> vim /etc/ldap/ldap.conf +``` + +__*__ check basic LDAP schemas are loaded +``` +# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn +dn: cn=schema,cn=config + +dn: cn={0}core,cn=schema,cn=config + +dn: cn={1}cosine,cn=schema,cn=config + +dn: cn={2}nis,cn=schema,cn=config + +dn: cn={3}inetorgperson,cn=schema,cn=config +``` +__*__ load basic LDAP schemas in case the base config didn't +``` +# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif +SASL/EXTERNAL authentication started +SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +SASL SSF: 0 +adding new entry "cn=core,cn=schema,cn=config" +``` + +create a **password** for openLDAP root user +``` +> slappasswd +New password: +Re-enter new password: +{SSHA}hashpwd +``` + +__*__ checkout the root DN configuration, the oldRootDN that we will setup later +``` +> ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(olcRootDN=*)" olcRootDN +dn: olcDatabase={0}config,cn=config +olcRootDN: cn=admin,cn=config + +dn: olcDatabase={1}mdb,cn=config +olcRootDN: cn=admin,dc=example,dc=com +``` + +### _Base administrative Tasks for openLDAP_ + +create a file setting up our default root DN and our *hostname* **(change *dc=example,dc=com* as needed)** +``` +> vim change_root.ldif +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcRootDN +olcRootDN: cn=admin,dc=example,dc=com +``` +now save this changes in the main database +``` +> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_root.ldif +``` + +create a file setting up our default rootPW **(change *{SSHA}hashpwd* with our previous *password*)** +``` +> vim change_password.ldif +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcRootPW +olcRootPW: {SSHA}hashpwd +``` +now apply our new password for the main database +``` +> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_password.ldif +modifying entry "olcDatabase={1}mdb,cn=config" +``` +we are done with our openLDAP root configuration and can begin creating new LDAP directories (.ldif files) + +