Update README.md
This commit is contained in:
parent
a45aada258
commit
9132478544
156
README.md
156
README.md
@ -3,7 +3,7 @@
|
||||
|
||||
A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, **optional steps are marked with __*__**
|
||||
|
||||
### _Creating the ldapdock container_
|
||||
### _Creating the ldapdock image container_
|
||||
|
||||
build ldapdock
|
||||
```
|
||||
@ -17,92 +17,124 @@ REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
ldapdock latest 0e4a1521b346 6 hours ago 138MB
|
||||
```
|
||||
|
||||
run into the container setting up the LDAP server and the hostname
|
||||
run into the container to setup openLDAP
|
||||
```
|
||||
> docker run -h example.com -i -t ldapdock /bin/bash
|
||||
```
|
||||
### _Inside the ldapdock image container_
|
||||
|
||||
### _Inside the ldapdock image_
|
||||
|
||||
start the openLDAP daemon server
|
||||
make sure to use the following command to start openLDAP
|
||||
```
|
||||
> service slapd start
|
||||
* Starting OpenLDAP slapd [ OK ]
|
||||
root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
|
||||
```
|
||||
|
||||
__*__ edit base configuration of openLDAP server
|
||||
test connectivity to slapd
|
||||
```
|
||||
> vim /etc/ldap/ldap.conf
|
||||
root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)"
|
||||
# extended LDIF
|
||||
#
|
||||
# LDAPv3
|
||||
# base <dc=example,dc=com> with scope baseObject
|
||||
...
|
||||
```
|
||||
|
||||
__*__ check basic LDAP schemas are loaded
|
||||
make new test LDAP directories (LDAP OU) and create two attributes/branches with People and Group
|
||||
```
|
||||
# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
|
||||
dn: cn=schema,cn=config
|
||||
|
||||
dn: cn={0}core,cn=schema,cn=config
|
||||
|
||||
dn: cn={1}cosine,cn=schema,cn=config
|
||||
|
||||
dn: cn={2}nis,cn=schema,cn=config
|
||||
|
||||
dn: cn={3}inetorgperson,cn=schema,cn=config
|
||||
```
|
||||
__*__ load basic LDAP schemas in case the base config didn't
|
||||
```
|
||||
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
|
||||
SASL/EXTERNAL authentication started
|
||||
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
|
||||
SASL SSF: 0
|
||||
adding new entry "cn=core,cn=schema,cn=config"
|
||||
root@example:/# vim base.ldif
|
||||
```
|
||||
|
||||
create a **password** for openLDAP root user
|
||||
```
|
||||
> slappasswd
|
||||
dn: ou=People,dc=example,dc=com
|
||||
objectClass: organizationalUnit
|
||||
ou: People
|
||||
|
||||
dn: ou=Groups,dc=example,dc=com
|
||||
objectClass: organizationalUnit
|
||||
ou: Group
|
||||
```
|
||||
|
||||
create the test directory in our LDAP server, the password in the dockerfile by default is _admin_
|
||||
```
|
||||
root@example:/# ldapadd -x -D cn=admin,dc=example,dc=com -W -f base.ldif
|
||||
Enter LDAP Password:
|
||||
adding new entry "ou=People,dc=example,dc=com"
|
||||
|
||||
adding new entry "ou=Groups,dc=example,dc=com"
|
||||
```
|
||||
|
||||
verify the entries in the LDAP server
|
||||
```
|
||||
root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=People' dn
|
||||
dn: ou=People,dc=example,dc=com
|
||||
root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=Groups' dn
|
||||
dn: ou=Groups,dc=example,dc=com
|
||||
```
|
||||
now we have an **Organizational Unit (ou=People, ou=Group, etc.)** with users and groups within an LDAP directory structure correctly created
|
||||
|
||||
### _Users administrative tasks_
|
||||
|
||||
create a new LDAP directory called Supergirls (LDAP OU) with the following data
|
||||
```
|
||||
root@example:/# vim add_ou.ldif
|
||||
dn: ou=Supergirls,dc=example,dc=com
|
||||
objectClass: organizationalUnit
|
||||
ou: Supergirls
|
||||
```
|
||||
|
||||
create it in our LDAP server, when asked for the root password, remember in the dockerfile by default is _admin_
|
||||
```
|
||||
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_ou.ldif
|
||||
Enter LDAP Password:
|
||||
adding new entry "ou=Supergirls,dc=example,dc=com"
|
||||
```
|
||||
|
||||
verify the entry in the LDAP server
|
||||
```
|
||||
root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(ou=Supergirls)" dn
|
||||
dn: ou=Supergirls,dc=example,dc=com
|
||||
|
||||
root@example:/#
|
||||
```
|
||||
|
||||
create a new LDAP password to manage our new directory, and annotate the result hashed password
|
||||
```
|
||||
root@example:/# slappasswd
|
||||
New password:
|
||||
Re-enter new password:
|
||||
{SSHA}hashpwd
|
||||
{SSHA}hashedpasswd
|
||||
```
|
||||
|
||||
__*__ checkout the root DN configuration, the oldRootDN that we will setup later
|
||||
create a .ldif file with the necessary attributes to insert in our Supergirls directory
|
||||
```
|
||||
> ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(olcRootDN=*)" olcRootDN
|
||||
dn: olcDatabase={0}config,cn=config
|
||||
olcRootDN: cn=admin,cn=config
|
||||
|
||||
dn: olcDatabase={1}mdb,cn=config
|
||||
olcRootDN: cn=admin,dc=example,dc=com
|
||||
root@example:/# vim add_user_supergirls.ldif
|
||||
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: posixAccount
|
||||
cn: Marisa
|
||||
sn: Kirisame
|
||||
givenName: Marisa
|
||||
displayName: Marisa Kirisame
|
||||
uid: marisa
|
||||
uidNumber: 1001
|
||||
gidNumber: 5000
|
||||
homeDirectory: /home/marisa
|
||||
loginShell: /bin/bash
|
||||
userPassword: {SSHA}hashedpasswd
|
||||
mail: marisa@example.com
|
||||
```
|
||||
|
||||
### _Base administrative Tasks for openLDAP_
|
||||
|
||||
create a file setting up our default root DN and our *hostname* **(change *dc=example,dc=com* as needed)**
|
||||
insert the new user (marisa) in our Supergirls directory (LDAP OU), still using the root password _admin_
|
||||
```
|
||||
> vim change_root.ldif
|
||||
dn: olcDatabase={1}mdb,cn=config
|
||||
changetype: modify
|
||||
replace: olcRootDN
|
||||
olcRootDN: cn=admin,dc=example,dc=com
|
||||
```
|
||||
now save this changes in the main database
|
||||
```
|
||||
> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_root.ldif
|
||||
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_user_supergirls.ldif
|
||||
Enter LDAP Password:
|
||||
adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
|
||||
```
|
||||
|
||||
create a file setting up our default rootPW **(change *{SSHA}hashpwd* with our previous *password*)**
|
||||
verify the user (marisa) has been added tp tje Supergirls OU
|
||||
```
|
||||
> vim change_password.ldif
|
||||
dn: olcDatabase={1}mdb,cn=config
|
||||
changetype: modify
|
||||
replace: olcRootPW
|
||||
olcRootPW: {SSHA}hashpwd
|
||||
root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" dn
|
||||
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
|
||||
```
|
||||
now apply our new password for the main database
|
||||
```
|
||||
> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_password.ldif
|
||||
modifying entry "olcDatabase={1}mdb,cn=config"
|
||||
```
|
||||
we are done with our openLDAP root configuration and can begin creating new LDAP directories (.ldif files)
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user