okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update INSTALL.md

Browse Source
This commit is contained in:
Marisa 2025-11-19 13:22:32 -05:00
parent 8aa0d4d3fe
commit 46093408d9
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
INSTALL.md
View File

@ -8,11 +8,11 @@ Step by step approach on how to setup and run an openLDAP server on a systemd-le
build ldapdock from the dockerfile and run into it, creating the proper volumes to save databases data, config data, and certs data build ldapdock from the dockerfile and run into it, creating the proper volumes to save databases data, config data, and certs data
``` ```
> docker build -t ldapdock /path/to/dockerfile > docker build -t ldapdock --build-arg LDAP_HOST=example.com .
``` ```
``` ```
> docker run -i -t -p 389:389 -p 636:636 -h example.com -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d -v ldap_certs:/etc/ldap/certs -v $(pwd)/host-certs:/export-certs ldapdock > docker run -i -t -p 389:389 -p 636:636 -h ${LDAP_HOST:-example.com} -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d -v ldap_certs:/etc/ldap/certs -v $(pwd)/host-certs:/export-certs ldapdock
``` ```
## _2- Run the openLDAP server and populate a directory_ ## _2- Run the openLDAP server and populate a directory_
@ -92,9 +92,9 @@ changetype: add
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig objectClass: olcPPolicyConfig
olcOverlay: ppolicy olcOverlay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
EOF EOF
``` ```
<!--olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com-->
``` ```
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
``` ```
@ -297,7 +297,7 @@ Server template
``` ```
root@example:/etc/ldap/certs# cat > ldap01.info <<EOF root@example:/etc/ldap/certs# cat > ldap01.info <<EOF
organization = Example Company organization = Example Company
cn = example.com cn = ${LDAP_HOST}
tls_www_server tls_www_server
encryption_key encryption_key
signing_key signing_key
@ -366,21 +366,21 @@ root@example:/etc/ldap/certs# source ~/.bashrc
\ \
Check STARTTLS Check STARTTLS
``` ```
root@example:/etc/ldap/certs# ldapwhoami -x -ZZ -H ldap://example.com root@example:/etc/ldap/certs# ldapwhoami -x -ZZ -H ldap://${LDAP_HOST}
``` ```
Check SSL/ldaps Check SSL/ldaps
``` ```
root@example:/etc/ldap/certs# ldapwhoami -x -H ldaps://example.com root@example:/etc/ldap/certs# ldapwhoami -x -H ldaps://${LDAP_HOST}
``` ```
Both should return Anonymous. Both should return Anonymous.
Another example to try STARTTLS/ldap it is working: Another example to try STARTTLS/ldap it is working:
``` ```
openssl s_client -connect 127.0.0.1:389 -starttls ldap -servername example.com openssl s_client -connect ${LDAP_HOST}:389 -starttls ldap -servername ${LDAP_HOST}
``` ```
SSL/ldaps SSL/ldaps
``` ```
openssl s_client -connect example.com:636 -servername example.com openssl s_client -connect ${LDAP_HOST}:636 -servername ${LDAP_HOST}
``` ```
Both will show the connection to the openLDAP server showing the CN(dc=example,dc=com) Both will show the connection to the openLDAP server showing the CN(dc=example,dc=com)
@ -391,6 +391,6 @@ If asked, accept the certificate as with any certificate, or copy the CA file th
> sudo cp mycacert.crt /usr/local/share/ca-certificates/ > sudo cp mycacert.crt /usr/local/share/ca-certificates/
> sudo update-ca-certificates > sudo update-ca-certificates
``` ```
In both cases by default the login "user" and password are:\ In both cases, providing -h ${LDAP_HOST}, by default the login "user" and password are:\
BIND DN=cn=admin,dc=example,dc=com\ BIND DN=cn=admin,dc=example,dc=com\
BIND password=admin BIND password=admin