diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..baddb72 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,29 @@ +version: '3.8' + +services: + ldap: + # Tells Compose to build the image from the Dockerfile in the current directory + build: + context: . + args: + - LDAP_HOST=example.com + image: ldapdock + container_name: ldapdock + hostname: example.com + stdin_open: true # Equivalent of -i + tty: true # Equivalent of -t + ports: + - "389:389" + - "636:636" + - "80:80" + - "443:443" + volumes: + - ldap_data:/var/lib/ldap + - ldap_config:/etc/ldap/slapd.d + - ldap_certs:/etc/ldap/certs + - ./hosts-certs:/export-certs + +volumes: + ldap_data: + ldap_config: + ldap_certs: \ No newline at end of file diff --git a/dockerfile b/dockerfile index 0f6d98f..87d9e59 100644 --- a/dockerfile +++ b/dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04 +FROM debian:12 # set container hostname and DN in case we don't set it on the docker build/run command ARG LDAP_HOST=example.com @@ -6,20 +6,25 @@ ENV LDAP_HOST=${LDAP_HOST} # set non-interactive TERM for docker ENV DEBIAN_FRONTEND=noninteractive -#────────────────────────────────────────────────────────────── -# install OpenLDAP, ldap-utils, and packages needed for ldapdock to work -#────────────────────────────────────────────────────────────── -RUN apt-get update && apt-get install -y --no-install-recommends \ -slapd ldap-utils gnutls-bin ssl-cert ca-certificates schema2ldif vim mc && apt-get clean #────────────────────────────────────────────────────────────── -# APACHE && PHP && neccesary related software +# Install ALL necessary packages in a single run for minimal image size #────────────────────────────────────────────────────────────── -RUN apt-get update && apt-get install -y --no-install-recommends \ - apache2 \ - php libapache2-mod-php \ - php-ldap php-mbstring php-xml php-curl php-intl wget \ - && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends gnupg lsb-release ca-certificates apt-transport-https software-properties-common wget \ + # Add the repository for older PHP versions + && wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \ + && echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list \ + # Update again to fetch packages from the new repository + && apt-get update \ + # Install all packages, specifying PHP 8.1 + && apt-get install -y --no-install-recommends \ + apt-utils \ + slapd ldap-utils gnutls-bin ssl-cert schema2ldif vim mc \ + apache2 \ + php8.1 libapache2-mod-php8.1 \ + php8.1-ldap php8.1-mbstring php8.1-xml php8.1-curl php8.1-intl \ + # Clean up APT caches to reduce image size + && apt-get clean && rm -rf /var/lib/apt/lists/* # Enable required Apache modules RUN a2enmod rewrite headers ssl diff --git a/entrypoint.sh b/entrypoint.sh index 3ed9b39..909771d 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -83,7 +83,7 @@ ldapadd -c -x -D "cn=admin,dc=example,dc=com" -w admin -f /tmp/base.ldif || true # TLS BLOCK #────────────────────────────────────────────────────────────── if [ ! -f "/export-certs/mycacert.crt" ]; then - echo "--> No CA found → generating certificates..." + echo "--> No CA found, generating new certificates and TLS config..." mkdir -p /etc/ldap/certs cd /etc/ldap/certs certtool --generate-privkey --bits 4096 --outfile ca-key.pem @@ -94,7 +94,6 @@ cert_signing_key expiration_days = 3650 EOF certtool --generate-self-signed --load-privkey ca-key.pem --template ca.info --outfile ca-cert.pem - certtool --generate-privkey --bits 2048 --outfile ldap01_slapd_key.pem cat > ldap01.info < ldap01_slapd_cert_full.pem chown root:openldap ldap01_slapd_cert_full.pem chmod 640 ldap01_slapd_cert_full.pem - echo "--> Starting second temporary slapd to apply TLS config" - slapd -h "ldap:/// ldapi:///" -u openldap -g openldap & - sleep 4 + + # Generate the LDIF for TLS config now, but apply it later cat > /tmp/certinfo.ldif < Exporting certificates to host volume..." cp /etc/ldap/certs/ca-cert.pem /export-certs/mycacert.crt cp /etc/ldap/certs/ldap01_slapd_cert_full.pem /export-certs/server-cert.pem + cp /tmp/certinfo.ldif /export-certs/certinfo.ldif else echo "--> Certificates already exist — skipping generation and using existing ones" fi @@ -144,12 +140,6 @@ fi export LDAPTLS_REQCERT=allow # ←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←← -# NEW: Save and restore the LDIF — no changes to TLS block -if [ ! -f "/export-certs/certinfo.ldif" ]; then - echo "--> Saving TLS config LDIF for future restarts" - cp /tmp/certinfo.ldif /export-certs/certinfo.ldif -fi - if [ -f "/export-certs/certinfo.ldif" ]; then echo "--> Restoring TLS config LDIF from persistent volume" cp /export-certs/certinfo.ldif /tmp/certinfo.ldif @@ -232,11 +222,14 @@ echo "--> Installing phpLDAPadmin" # Only install once — use a flag file if [ ! -f "/var/www/html/phpldapadmin-installed" ]; then + # Clean up any previous partial installation + rm -rf /var/www/html/phpldapadmin* + cd /var/www/html # Download and extract (direct tarball, no git needed) wget -q -O phpldapadmin.tgz \ - https://github.com/leenooks/phpLDAPadmin/archive/refs/tags/1.2.6.7.tar.gz + https://github.com/leenooks/phpLDAPadmin/archive/refs/tags/1.2.6.7.tar.gz || exit 1 tar xzf phpldapadmin.tgz mv phpLDAPadmin-1.2.6.7 phpldapadmin rm phpldapadmin.tgz @@ -280,4 +273,3 @@ trap 'echo "Stopping services..."; kill $SLAPD_PID $APACHE_PID 2>/dev/null; wait # Give you your interactive shell — forever exec "$@" -