From a848854e6c71159c3b47f9adbae41d1db3d0d8cf Mon Sep 17 00:00:00 2001 From: Marisa Date: Tue, 16 Sep 2025 13:57:31 -0400 Subject: [PATCH] Add READMEold.md --- READMEold.md | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 READMEold.md diff --git a/READMEold.md b/READMEold.md new file mode 100644 index 0000000..17c3525 --- /dev/null +++ b/READMEold.md @@ -0,0 +1,108 @@ +# ldapdock +*_a configurable container running openLDAP_* + +A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, **optional steps are marked with __*__** + +### _Creating the ldapdock container_ + +build ldapdock +``` +> docker build -t ldapdock /path/to/dockerfile +``` + +__*__ after build, check the docker image has been created properly with the given REPOSITORY name +``` +> docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +ldapdock latest 0e4a1521b346 6 hours ago 138MB +``` + +run into the container setting up the LDAP server and the hostname +``` +> docker run -h example.com -i -t ldapdock /bin/bash +``` + +### _Inside the ldapdock image_ + +start the openLDAP daemon server +``` +> service slapd start + * Starting OpenLDAP slapd [ OK ] +``` + +__*__ edit base configuration of openLDAP server +``` +> vim /etc/ldap/ldap.conf +``` + +__*__ check basic LDAP schemas are loaded +``` +# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn +dn: cn=schema,cn=config + +dn: cn={0}core,cn=schema,cn=config + +dn: cn={1}cosine,cn=schema,cn=config + +dn: cn={2}nis,cn=schema,cn=config + +dn: cn={3}inetorgperson,cn=schema,cn=config +``` +__*__ load basic LDAP schemas in case the base config didn't +``` +# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif +SASL/EXTERNAL authentication started +SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +SASL SSF: 0 +adding new entry "cn=core,cn=schema,cn=config" +``` + +create a **password** for openLDAP root user +``` +> slappasswd +New password: +Re-enter new password: +{SSHA}hashpwd +``` + +__*__ checkout the root DN configuration, the oldRootDN that we will setup later +``` +> ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(olcRootDN=*)" olcRootDN +dn: olcDatabase={0}config,cn=config +olcRootDN: cn=admin,cn=config + +dn: olcDatabase={1}mdb,cn=config +olcRootDN: cn=admin,dc=example,dc=com +``` + +### _Base administrative Tasks for openLDAP_ + +create a file setting up our default root DN and our *hostname* **(change *dc=example,dc=com* as needed)** +``` +> vim change_root.ldif +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcRootDN +olcRootDN: cn=admin,dc=example,dc=com +``` +now save this changes in the main database +``` +> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_root.ldif +``` + +create a file setting up our default rootPW **(change *{SSHA}hashpwd* with our previous *password*)** +``` +> vim change_password.ldif +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcRootPW +olcRootPW: {SSHA}hashpwd +``` +now apply our new password for the main database +``` +> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_password.ldif +modifying entry "olcDatabase={1}mdb,cn=config" +``` +we are done with our openLDAP root configuration and can begin creating new LDAP directories (.ldif files) + +