okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update INSTALL.md

Browse Source
This commit is contained in:
Marisa 2025-11-19 13:22:32 -05:00
parent 8aa0d4d3fe
commit 46093408d9
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
INSTALL.md
View File

@ -8,11 +8,11 @@ Step by step approach on how to setup and run an openLDAP server on a systemd-le
build ldapdock from the dockerfile and run into it, creating the proper volumes to save databases data, config data, and certs data
```
> docker build -t ldapdock /path/to/dockerfile
> docker build -t ldapdock --build-arg LDAP_HOST=example.com .
```
```
> docker run -i -t -p 389:389 -p 636:636 -h example.com -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d -v ldap_certs:/etc/ldap/certs -v $(pwd)/host-certs:/export-certs ldapdock
> docker run -i -t -p 389:389 -p 636:636 -h ${LDAP_HOST:-example.com} -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d -v ldap_certs:/etc/ldap/certs -v $(pwd)/host-certs:/export-certs ldapdock
```
## _2- Run the openLDAP server and populate a directory_
@ -92,9 +92,9 @@ changetype: add
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
EOF
```
<!--olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com-->
```
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
```
@ -297,7 +297,7 @@ Server template
```
root@example:/etc/ldap/certs# cat > ldap01.info <<EOF
organization = Example Company
cn = example.com
cn = ${LDAP_HOST}
tls_www_server
encryption_key
signing_key
@ -366,21 +366,21 @@ root@example:/etc/ldap/certs# source ~/.bashrc
\
Check STARTTLS
```
root@example:/etc/ldap/certs# ldapwhoami -x -ZZ -H ldap://example.com
root@example:/etc/ldap/certs# ldapwhoami -x -ZZ -H ldap://${LDAP_HOST}
```
Check SSL/ldaps
```
root@example:/etc/ldap/certs# ldapwhoami -x -H ldaps://example.com
root@example:/etc/ldap/certs# ldapwhoami -x -H ldaps://${LDAP_HOST}
```
Both should return Anonymous.
Another example to try STARTTLS/ldap it is working:
```
openssl s_client -connect 127.0.0.1:389 -starttls ldap -servername example.com
openssl s_client -connect ${LDAP_HOST}:389 -starttls ldap -servername ${LDAP_HOST}
```
SSL/ldaps
```
openssl s_client -connect example.com:636 -servername example.com
openssl s_client -connect ${LDAP_HOST}:636 -servername ${LDAP_HOST}
```
Both will show the connection to the openLDAP server showing the CN(dc=example,dc=com)
@ -391,6 +391,6 @@ If asked, accept the certificate as with any certificate, or copy the CA file th
> sudo cp mycacert.crt /usr/local/share/ca-certificates/
> sudo update-ca-certificates
```
In both cases by default the login "user" and password are:\
In both cases, providing -h ${LDAP_HOST}, by default the login "user" and password are:\
BIND DN=cn=admin,dc=example,dc=com\
BIND password=admin