Update README.md
This commit is contained in:
parent
dbb89bdfae
commit
cdb25ae1ee
16
README.md
16
README.md
@ -19,16 +19,15 @@ REPOSITORY TAG IMAGE ID CREATED SIZE
|
||||
ldapdock latest 0e4a1521b346 6 hours ago 138MB
|
||||
```
|
||||
|
||||
You can run into the container in an interactive way already with this command:
|
||||
If you just want to jump in the container and right now don't care saving the configuration or directories, you can run it with this command:
|
||||
```
|
||||
> docker run -h example.com -i -t ldapdock /bin/bash
|
||||
```
|
||||
|
||||
If you wish (and it is recommended in development) to save the configuration and LDAP directory structure (also called LDAP database) outside of the container, run this command instead:
|
||||
```
|
||||
> docker run -h example.com -i -t -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d ldapdock /bin/bash
|
||||
```
|
||||
With -h we are specifying the name of the host, we are using example.com, this is very important. -i tells docker to run in an interactive way instead of running the container in the background. -t goes in hand with -i, and allocates a tty (terminal) so we can run commands. -v mounts a volume to save information (we use one to save the data and another one to save the configuration).
|
||||
`Parameters explanation:`with -h we are specifying the name of the host, we are using example.com, this is very important. -i tells docker to run in an interactive way instead of running the container in the background. -t goes in hand with -i, and allocates a tty (terminal) so we can run commands. -v mounts a volume to save information (we use one to save the data and another one to save the configuration).
|
||||
|
||||
## _Explaining DN, parentDN, CN, and DC as parameters_
|
||||
|
||||
@ -36,12 +35,12 @@ One of the key configuration of LDAP is our "DC" or "parent DN" and other terms,
|
||||
|
||||
## _Inside the ldapdock image container_
|
||||
|
||||
make sure to use the following command to start openLDAP
|
||||
Use the following command to start openLDAP
|
||||
```
|
||||
root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
|
||||
```
|
||||
|
||||
test connectivity to slapd
|
||||
It's always a good idea to test connectivity to slapd the first times
|
||||
```
|
||||
root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)"
|
||||
# extended LDIF
|
||||
@ -50,6 +49,7 @@ root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base
|
||||
# base <dc=example,dc=com> with scope baseObject
|
||||
...
|
||||
```
|
||||
|
||||
## _Create an Administrator account_
|
||||
|
||||
In order to create users with different attributes and permits, we need to create a new admin account besides the root one that comes by default.\
|
||||
@ -58,12 +58,12 @@ We will refer to the Administrator account as admin, and in a few cases, the roo
|
||||
**`why is this needed?`** _unnecesary long explanation, but just in case:_ in openLDAP, by default a special administrative account is created as core base to execute first hand tasks, however aside being able to bypass ACLs (Access Control Lists), and therefore any other account created, being allowed to authenthicate for operations like ldapadd, ldapmodify and ldapsearch, etc. it has not an actual entry in the dc=example,dc=com tree (our parentDN). This account it is only configured as olcRootDN in the core base directory/database, cn=config (/etc/ldap/slapd.d/'cn=config') and nothing more. It does not create the corresponding entry in any data tree, therefore the server cannot locate the full entry cn=admin,dc=example,dc=com because it does not exists. In pragmatic terms, we need to create an administrative account for our DN and our parentDN, the later being our domain name as previously explained.
|
||||
tl;dr cn=admin,dc=example,dc=com is only a rootDN and not a admin data entry directory which is what we need to setup Access Control Lists (ACLs) as well as setup password schemas.
|
||||
|
||||
Generate a password hash for our admin user
|
||||
Generate a password hash for our administrator user, 1234 here being the password
|
||||
```
|
||||
root@example:/# slappasswd -s 1234
|
||||
root@example:/# slappasswd -s 1234 # Change 1234 to your desired password
|
||||
{SSHA}yxIgYTzcuRRdlesjfWkIN6K97/8jOrZF
|
||||
```
|
||||
Create the .ldif file that will create the admin user
|
||||
Create the .ldif file that will create the admin user, editing the _userPassword_ attribute with our password hash
|
||||
```
|
||||
root@example:/# vim create_admin.ldif
|
||||
dn: cn=admin,dc=example,dc=com
|
||||
|
||||
Loading…
Reference in New Issue
Block a user