okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update READMEnew.md

Browse Source
This commit is contained in:
Marisa 2025-09-16 13:54:39 -04:00
parent cbcfd37a6a
commit a45aada258
1 changed files with 56 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
READMEnew.md
View File

@ -3,7 +3,7 @@
A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, **optional steps are marked with __*__** A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, **optional steps are marked with __*__**
### _Creating the ldapdock container_ ### _Creating the ldapdock image container_
build ldapdock build ldapdock
``` ```
@ -21,6 +21,7 @@ run into the container to setup openLDAP
``` ```
> docker run -h example.com -i -t ldapdock /bin/bash > docker run -h example.com -i -t ldapdock /bin/bash
``` ```
### _Inside the ldapdock image container_
make sure to use the following command to start openLDAP make sure to use the following command to start openLDAP
``` ```
@ -37,7 +38,7 @@ root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base
... ...
``` ```
make a new test directory and create two attributes/branches with People and Group make new test LDAP directories (LDAP OU) and create two attributes/branches with People and Group
``` ```
root@example:/# vim base.ldif root@example:/# vim base.ldif
``` ```
@ -52,7 +53,7 @@ objectClass: organizationalUnit
ou: Group ou: Group
``` ```
create the test directory on our LDAP server, the password in the dockerfile by default is _admin_ create the test directory in our LDAP server, the password in the dockerfile by default is _admin_
``` ```
root@example:/# ldapadd -x -D cn=admin,dc=example,dc=com -W -f base.ldif root@example:/# ldapadd -x -D cn=admin,dc=example,dc=com -W -f base.ldif
Enter LDAP Password: Enter LDAP Password:
@ -61,96 +62,79 @@ adding new entry "ou=People,dc=example,dc=com"
adding new entry "ou=Groups,dc=example,dc=com" adding new entry "ou=Groups,dc=example,dc=com"
``` ```
now we have an **Organizational Unit (ou=People, ou=Group, etc.)** prepared to deal with users and groups, with a directory structure we can begin managing users verify the entries in the LDAP server
###################################################
run into the container setting up the LDAP server and the hostname
``` ```
> docker run -h example.com -i -t ldapdock /bin/bash root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=People' dn
dn: ou=People,dc=example,dc=com
root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=Groups' dn
dn: ou=Groups,dc=example,dc=com
```
now we have an **Organizational Unit (ou=People, ou=Group, etc.)** with users and groups within an LDAP directory structure correctly created
### _Users administrative tasks_
create a new LDAP directory called Supergirls (LDAP OU) with the following data
```
root@example:/# vim add_ou.ldif
dn: ou=Supergirls,dc=example,dc=com
objectClass: organizationalUnit
ou: Supergirls
``` ```
### _Inside the ldapdock image_ create it in our LDAP server, when asked for the root password, remember in the dockerfile by default is _admin_
start the openLDAP daemon server
``` ```
> service slapd start root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_ou.ldif
* Starting OpenLDAP slapd [ OK ] Enter LDAP Password:
adding new entry "ou=Supergirls,dc=example,dc=com"
``` ```
__*__ edit base configuration of openLDAP server verify the entry in the LDAP server
``` ```
> vim /etc/ldap/ldap.conf root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(ou=Supergirls)" dn
dn: ou=Supergirls,dc=example,dc=com
root@example:/#
``` ```
__*__ check basic LDAP schemas are loaded create a new LDAP password to manage our new directory, and annotate the result hashed password
``` ```
# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn root@example:/# slappasswd
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
```
__*__ load basic LDAP schemas in case the base config didn't
```
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=core,cn=schema,cn=config"
```
create a **password** for openLDAP root user
```
> slappasswd
New password: New password:
Re-enter new password: Re-enter new password:
{SSHA}hashpwd {SSHA}hashedpasswd
``` ```
__*__ checkout the root DN configuration, the oldRootDN that we will setup later create a .ldif file with the necessary attributes to insert in our Supergirls directory
``` ```
> ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(olcRootDN=*)" olcRootDN root@example:/# vim add_user_supergirls.ldif
dn: olcDatabase={0}config,cn=config dn: uid=marisa,ou=Supergirls,dc=example,dc=com
olcRootDN: cn=admin,cn=config objectClass: inetOrgPerson
objectClass: posixAccount
dn: olcDatabase={1}mdb,cn=config cn: Marisa
olcRootDN: cn=admin,dc=example,dc=com sn: Kirisame
givenName: Marisa
displayName: Marisa Kirisame
uid: marisa
uidNumber: 1001
gidNumber: 5000
homeDirectory: /home/marisa
loginShell: /bin/bash
userPassword: {SSHA}hashedpasswd
mail: marisa@example.com
``` ```
### _Base administrative Tasks for openLDAP_ insert the new user (marisa) in our Supergirls directory (LDAP OU), still using the root password _admin_
create a file setting up our default root DN and our *hostname* **(change *dc=example,dc=com* as needed)**
``` ```
> vim change_root.ldif root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_user_supergirls.ldif
dn: olcDatabase={1}mdb,cn=config Enter LDAP Password:
changetype: modify adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=com
```
now save this changes in the main database
```
> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_root.ldif
``` ```
create a file setting up our default rootPW **(change *{SSHA}hashpwd* with our previous *password*)** verify the user (marisa) has been added tp tje Supergirls OU
``` ```
> vim change_password.ldif root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" dn
dn: olcDatabase={1}mdb,cn=config dn: uid=marisa,ou=Supergirls,dc=example,dc=com
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}hashpwd
``` ```
now apply our new password for the main database
```
> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_password.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
```
we are done with our openLDAP root configuration and can begin creating new LDAP directories (.ldif files)