Update INSTALL.md

installl.md updated to fully test TLS/SSL
Delete index.php.tls
2025-12-14 13:59:05 -05:00 · 2025-12-14 13:52:31 -05:00
5 changed files with 70 additions and 193 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,29 +0,0 @@
-version: '3.8'
-
-services:
-  ldap:
-    # Tells Compose to build the image from the Dockerfile in the current directory
-    build:
-      context: .
-      args:
-        - LDAP_HOST=example.com
-    image: ldapdock
-    container_name: ldapdock
-    hostname: example.com
-    stdin_open: true # Equivalent of -i
-    tty: true        # Equivalent of -t
-    ports:
-      - "389:389"
-      - "636:636"
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ldap_data:/var/lib/ldap
-      - ldap_config:/etc/ldap/slapd.d
-      - ldap_certs:/etc/ldap/certs
-      - ./hosts-certs:/export-certs
-
-volumes:
-  ldap_data:
-  ldap_config:
-  ldap_certs:
--- a/29
+++ b/29
@ -1,4 +1,4 @@
-FROM debian:12
+FROM ubuntu:22.04

 # set container hostname and DN in case we don't set it on the docker build/run command
 ARG LDAP_HOST=example.com
@ -6,25 +6,20 @@ ENV LDAP_HOST=${LDAP_HOST}

 # set non-interactive TERM for docker
 ENV DEBIAN_FRONTEND=noninteractive
+#──────────────────────────────────────────────────────────────
+# install OpenLDAP, ldap-utils, and packages needed for ldapdock to work
+#──────────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+slapd ldap-utils gnutls-bin ssl-cert ca-certificates schema2ldif vim mc && apt-get clean

 #──────────────────────────────────────────────────────────────
-# Install ALL necessary packages in a single run for minimal image size
+# APACHE && PHP && neccesary related software
 #──────────────────────────────────────────────────────────────
-RUN apt-get update && apt-get install -y --no-install-recommends gnupg lsb-release ca-certificates apt-transport-https software-properties-common wget curl \
-# Add the Ondřej Surý PHP repository (modern Debian way)
-&& wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /usr/share/keyrings/sury-php-archive-keyring.gpg \
-&& echo "deb [signed-by=/usr/share/keyrings/sury-php-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list \
-# Update package lists again to include the new PHP repo
-&& apt-get update \
-# Install all required packages, using PHP 8.1 from the Surý repo
-&& apt-get install -y --no-install-recommends \
-apt-utils \
-slapd ldap-utils gnutls-bin ssl-cert schema2ldif vim mc \
-apache2 \
-php8.1 libapache2-mod-php8.1 \
-php8.1-ldap php8.1-mbstring php8.1-xml php8.1-curl php8.1-intl \
-# Clean up APT caches to keep the image small
-&& apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    apache2 \
+    php libapache2-mod-php \
+    php-ldap php-mbstring php-xml php-curl php-intl wget \
+    && rm -rf /var/lib/apt/lists/*

 # Enable required Apache modules
 RUN a2enmod rewrite headers ssl
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -37,8 +37,7 @@ slapd -h "ldap:/// ldapi:///" -u openldap -g openldap &
 SLAPD_PID=$!
 sleep 8

-# Full tree with root and users entries
-echo "--> Creating base.ldif with root and user entries"  
+# Full tree with root entry
 cat > /tmp/base.ldif <<EOF
 dn: ${LDAP_BASE_DN}
 objectClass: top
@ -76,98 +75,9 @@ homeDirectory: /home/marisa
 gecos: Marisa Kirisame
 EOF

-# Create phplogin.php with dynamic base DN
-echo "--> Creating phplogin.php with full users support"
-cat > /var/www/html/phplogin.php <<'EOF'
-<?php
-// Use the same logic as entrypoint.sh, but with better localhost handling
-$raw_host = $_SERVER['HTTP_HOST'] ?? 'example.com';
-$raw_host = preg_replace('/:\d+$/', '', $raw_host); // strip port if present
-
-if ($raw_host === 'localhost' || $raw_host === '127.0.0.1') {
-    // When testing locally via http://localhost → assume default example.com
-    $base_dn = 'dc=example,dc=com';
-} else {
-    // Normal case: build dc=... from real hostname
-    $host_parts = explode('.', $raw_host);
-    $base_dn = '';
-    foreach ($host_parts as $part) {
-        if ($part) $base_dn .= ($base_dn ? ',' : '') . 'dc=' . $part;
-    }
-    if (!$base_dn) $base_dn = 'dc=example,dc=com'; // ultimate fallback
-}
-
-$msg = '';
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $username = trim($_POST['username'] ?? '');
-    $password = $_POST['password'] ?? '';
-
-    if ($username && $password) {
-        $ldap = ldap_connect("ldap://127.0.0.1:389");
-        if ($ldap) {
-            ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
-            ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
-
-            if (ldap_start_tls($ldap)) {
-                // First: try admin bind (no ou=People)
-                $admin_dn = "cn=admin,{$base_dn}";
-                if (@ldap_bind($ldap, $admin_dn, $password)) {
-                    $msg = "<p style='color:green;font-weight:bold'>Login successful! Welcome <strong>admin</strong> (full privileges)</p>";
-                }
-                // Second: if not admin, try regular user
-                elseif (@ldap_bind($ldap, "uid={$username},ou=People,{$base_dn}", $password)) {
-                    $msg = "<p style='color:green;font-weight:bold'>Login successful! Welcome {$username}</p>";
-                }
-                else {
-                    $msg = "<p style='color:red'>Invalid credentials</p>";
-                }
-            } else {
-                $msg = "<p style='color:red'>StartTLS failed</p>";
-            }
-            ldap_close($ldap);
-        } else {
-            $msg = "<p style='color:red'>Could not connect to LDAP server</p>";
-        }
-    } else {
-        $msg = "<p style='color:red'>Please fill both fields</p>";
-    }
-}
-?>
-<!DOCTYPE html>
-<html>
-<head>
-    <title>ldapdock LDAP login</title>
-    <style>
-        body { font-family: Arial, sans-serif; max-width: 400px; margin: 100px auto; text-align: center; }
-        input, button { padding: 10px; margin: 5px; width: 100%; font-size: 16px; box-sizing: border-box; }
-        button { background: #007cba; color: white; border: none; cursor: pointer; }
-        .note { font-size: 0.9em; color: #666; }
-    </style>
-</head>
-<body>
-    <h1>ldapdock login</h1>
-    <p>Server base DN: <strong><?= htmlspecialchars($base_dn) ?></strong></p>
-    <?= $msg ?>
-    <form method="post">
-        <input type="text" name="username" placeholder="Username (marisa or admin)" required autofocus>
-        <input type="password" name="password" placeholder="Password" required>
-        <button type="submit">Login</button>
-    </form>
-    <hr>
-    <div class="note">
-        <strong>Test accounts:</strong><br>
-        Regular user: <code>marisa</code> / password: <code>MarisaNewPass2025</code><br>
-        Admin user: <code>admin</code> / password: <code>admin</code>
-    </div>
-</body>
-</html>
-EOF
-
-ADMIN_DN="cn=admin,${LDAP_BASE_DN}"
-ADMIN_PW="admin"

 echo "--> Adding base structure"
-ldapadd -c -x -D "$ADMIN_DN" -w "$ADMIN_PW" -f /tmp/base.ldif || true
+ldapadd -c -x -D "cn=admin,dc=example,dc=com" -w admin -f /tmp/base.ldif || true

 #──────────────────────────────────────────────────────────────
 # TLS BLOCK 
@ -248,6 +158,8 @@ fi

 # Set Marisa password (full LDIF — so ldapmodify knows what to modify)
 echo "--> Setting Marisa password to 'MarisaNewPass2025' using Admin Bind"
+ADMIN_DN="cn=admin,${LDAP_BASE_DN}"
+ADMIN_PW="admin"
 slappasswd -h '{SSHA}' -s MarisaNewPass2025 | \
 ldapmodify -x -D "$ADMIN_DN" -w "$ADMIN_PW" <<EOF >/dev/null 2>&1
 dn: uid=marisa,ou=People,${LDAP_BASE_DN}
@ -360,7 +272,6 @@ fi
 echo "--> ldapdock ready — OpenLDAP + Apache + PHP running"
 echo "   → LDAP: 389/636"
 echo "   → PHPinfo: https://localhost/info.php"
-echo "   → PHPlogin test: https://localhost/phplogin.php"
 echo "   → Shell: /bin/bash"
 echo "   → Exit with CTRL+D or 'exit' command"

--- a/index.php
+++ b/index.php
@ -0,0 +1,54 @@
+<?php
+$host = $_SERVER['HTTP_HOST'];   // works for example.com or any LDAP_HOST
+$msg = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $uid = trim($_POST['uid'] ?? '');
+    $password = $_POST['password'] ?? '';
+
+    if ($uid && $password) {
+        $ldap = ldap_connect("ldap://127.0.0.1:389");
+        ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+
+        // StartTLS – required because your OpenLDAP enforces it
+        if (ldap_start_tls($ldap)) {
+            $bind_dn = "uid=$uid,ou=People,dc=$host";
+            if (@ldap_bind($ldap, $bind_dn, $password)) {
+                $msg = "<p style='color:green;font-weight:bold'>Login successful! Welcome $uid</p>";
+            } else {
+                $msg = "<p style='color:red'>Invalid credentials</p>";
+            }
+        } else {
+            $msg = "<p style='color:red'>TLS failure</p>";
+        }
+        ldap_close($ldap);
+    } else {
+        $msg = "<p style='color:red'>Please fill both fields</p>";
+    }
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title>ldapdock – LDAP login</title>
+    <style>
+        body { font-family: Arial, sans-serif; max-width: 400px; margin: 100px auto; text-align: center; }
+        input, button { padding: 10px; margin: 5px; width: 100%; font-size: 16px; }
+        button { background: #007cba; color: white; cursor: pointer; }
+    </style>
+</head>
+<body>
+    <h1>ldapdock login</h1>
+    <p>Server: <strong><?= htmlspecialchars($host) ?></strong></p>
+    <?= $msg ?>
+    <form method="post">
+        <input type="text" name="uid" placeholder="uid (e.g. marisa)" required autofocus><br>
+        <input type="password" name="password" placeholder="password" required><br>
+        <button type="submit">Login</button>
+    </form>
+    <hr>
+    <small>Test user: marisa / qwerty</small>
+</body>
+</html>
--- a/phplogin.php
+++ b/phplogin.php
@ -1,54 +0,0 @@
- 	<?php
-	$host = $_SERVER['HTTP_HOST'];   // works for example.com or any LDAP_HOST
-	$msg = '';
-	
-	if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-	    $uid = trim($_POST['uid'] ?? '');
-	    $password = $_POST['password'] ?? '';
-	
-	    if ($uid && $password) {
-	        $ldap = ldap_connect("ldap://127.0.0.1:389");
-	        ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
-	        ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
-	
-        // StartTLS required because your OpenLDAP enforces it
-	        if (ldap_start_tls($ldap)) {
-	            $bind_dn = "$uid,dc=example,dc=com";
-	            if (@ldap_bind($ldap, $bind_dn, $password)) {
-	                $msg = "<p style='color:green;font-weight:bold'>Login successful! Welcome $uid</p>";
-	            } else {
-	                $msg = "<p style='color:red'>Invalid credentials</p>$bind_dn";
-	            }
-	        } else {
-	            $msg = "<p style='color:red'>TLS failure</p>";
-	        }
-	        ldap_close($ldap);
-	    } else {
-	        $msg = "<p style='color:red'>Please fill both fields</p>";
-	    }
-	}
-	?>
-	
-	<!DOCTYPE html>
-	<html>
-	<head>
-    <title>ldapdock LDAP login</title>
-	    <style>
-	        body { font-family: Arial, sans-serif; max-width: 400px; margin: 100px auto; text-align: center; }
-	        input, button { padding: 10px; margin: 5px; width: 100%; font-size: 16px; }
-	        button { background: #007cba; color: white; cursor: pointer; }
-	    </style>
-	</head>
-	<body>
-	    <h1>ldapdock login</h1>
-	    <p>Server: <strong><?= htmlspecialchars($host) ?></strong></p>
-	    <?= $msg ?>
-	    <form method="post">
-	        <input type="text" name="uid" placeholder="uid (e.g. marisa)" required autofocus><br>
-	        <input type="password" name="password" placeholder="password" required><br>
-	        <button type="submit">Login</button>
-	    </form>
-	    <hr>
-	    <small>Test user: uid=marisa,ou=People / MarisaNewPass2025</small>
-	</body>
-	</html>
Author	SHA1	Message	Date
Marisa	36e1c94a99	Update INSTALL.md installl.md updated to fully test TLS/SSL	2025-12-14 13:59:05 -05:00
Marisa	bcdb9351bd	Delete index.php.tls	2025-12-14 13:52:31 -05:00