Update INSTALL.md

Delete index.php.tls
Delete dockerlog
2025-12-14 13:59:52 -05:00 · 2025-12-14 13:55:26 -05:00 · 2025-12-14 13:55:09 -05:00 · 2025-12-08 10:09:49 -03:00 · 2025-12-07 12:16:33 -03:00 · 2025-12-05 12:36:55 -05:00
5 changed files with 282 additions and 173 deletions
--- a/INSTALL.md
+++ b/INSTALL.md
@ -366,26 +366,65 @@ root@example:/etc/ldap/certs# export LDAPTLS_CACERT=/etc/ldap/certs/ca-cert.pem
 root@example:/etc/ldap/certs# echo 'export LDAPTLS_CACERT=/etc/ldap/certs/ca-cert.pem' >> ~/.bashrc
 root@example:/etc/ldap/certs# source ~/.bashrc
 ```
-\
+## _6- Connect to OpenLDAP server via StartTLS/SSL_
 Check STARTTLS
 ```
 root@example:/etc/ldap/certs# ldapwhoami -x -ZZ -H ldap://${LDAP_HOST}
 ```
 Check SSL/ldaps
 ```
 root@example:/etc/ldap/certs# ldapwhoami -x -H ldaps://${LDAP_HOST}
 ```
 Both should return Anonymous.
-Another example to try STARTTLS/ldap it is working:
+Vital checks of different levels to test **openLDAP's StartTLS and SSL**:\
 1.Check StartTLS and SSL, both should output "anonymous"
 ```
-openssl s_client -connect ${LDAP_HOST}:389 -starttls ldap -servername ${LDAP_HOST}
+root@example:/# ldapwhoami -x -ZZ -H ldap://${LDAP_HOST}
 anonymous
 root@example:/# ldapwhoami -x -H ldaps://${LDAP_HOST}
 anonymous
 ```
-SSL/ldaps
+\
 2.Check direct connection via openssl to confirm certificates are working properly:
 ```
-openssl s_client -connect ${LDAP_HOST}:636 -servername ${LDAP_HOST}
+root@example:/# openssl s_client -connect ${LDAP_HOST}:389 -starttls ldap -servername ${LDAP_HOST} #StartTLS
 CONNECTED(00000003)
 depth=1 CN = Example Company CA
 verify return:1
 depth=0 O = Example Company, CN = example.com
 verify return:1
 ...
 SSL handshake has read 2977 bytes and written 424 bytes
 Verification: OK
 ---
 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
 Server public key is 2048 bit
 Secure Renegotiation IS NOT supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 Early data was not sent
 Verify return code: 0 (ok)
 root@example:/# openssl s_client -connect ${LDAP_HOST}:636 -servername ${LDAP_HOST} #SSL
 CONNECTED(00000003)
 depth=1 CN = Example Company CA
 verify return:1
 depth=0 O = Example Company, CN = example.com
 verify return:1
 ...
 SSL handshake has read 2963 bytes and written 393 bytes
 Verification: OK
 ---
 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
 Server public key is 2048 bit
 Secure Renegotiation IS NOT supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 Early data was not sent
 Verify return code: 0 (ok)
 ```
 The output of both of these commands should be similar. Also, both will show the openLDAP's server CN (example.com in this case). You can terminate the connection with Ctrl+C.
 3.A very important check is to make sure connections as users from the OpenLDAP's tree other than admin works: 
 ```
 root@example:/# ldapwhoami -x -D "uid=marisa,ou=People,dc=example,dc=com" -w MarisaNewPass2025 -H ldap://127.0.0.1 #StartTLS
 dn:uid=marisa,ou=People,dc=example,dc=com
 root@example:/# ldapwhoami -x -D "uid=marisa,ou=People,dc=example,dc=com" -w MarisaNewPass2025 -H ldap://127.0.0.1 #SSL
 dn:uid=marisa,ou=People,dc=example,dc=com 
 ```
 Both will show the connection to the openLDAP server showing the CN(dc=example,dc=com)
 To connect to the server via `STARTTLS`, use port 389, to connect to the server via `SSL`, use port 636, both auth method Simple. 
 If asked, accept the certificate as with any certificate, or copy the CA file that resides inside ldapdock from out of the container to our host system certificate trust directory (/usr/local/share/ca-certificates/ works for any Debian based distribution):
@ -395,5 +434,9 @@ If asked, accept the certificate as with any certificate, or copy the CA file th
 > sudo update-ca-certificates
 ```
 In both cases, providing -h ${LDAP_HOST}, by default the login "user" and password are:\
-BIND DN=cn=admin,dc=example,dc=com\
+As admin:
 BIND DN="cn=admin,dc=example,dc=com"\
 BIND password=admin
 As marisa:
 BIND DN="uid=marisa,ou=People,dc=example,dc=com"\
 BIND password=MarisaNewPass2025
--- a/37
+++ b/37
@ -1,22 +1,43 @@
 FROM ubuntu:22.04
-# set container hostname
+# set container hostname and DN in case we don't set it on the docker build/run command
 ARG LDAP_HOST=example.com
 ENV LDAP_HOST=${LDAP_HOST}
 # set non-interactive TERM for docker
 ENV DEBIAN_FRONTEND=noninteractive
-
+#──────────────────────────────────────────────────────────────
-# install slapd, ldap-utils, and packages needed for ldapdock to work
+# install OpenLDAP, ldap-utils, and packages needed for ldapdock to work
 #──────────────────────────────────────────────────────────────
 RUN apt-get update && apt-get install -y --no-install-recommends \
 slapd ldap-utils gnutls-bin ssl-cert ca-certificates schema2ldif vim mc && apt-get clean
 #──────────────────────────────────────────────────────────────
 # APACHE && PHP && neccesary related software
 #──────────────────────────────────────────────────────────────
 RUN apt-get update && apt-get install -y --no-install-recommends \
    apache2 \
    php libapache2-mod-php \
    php-ldap php-mbstring php-xml php-curl php-intl wget \
    && rm -rf /var/lib/apt/lists/*
 # Enable required Apache modules
 RUN a2enmod rewrite headers ssl
 # Use mpm_prefork (required for PHP)
 RUN a2dismod mpm_event && a2enmod mpm_prefork
 # Clean up default Apache site
 RUN rm -rf /var/www/html/* && \
    echo "<?php phpinfo(); ?>" > /var/www/html/info.php
 # preconfigure slapd installation without using systemd
 RUN echo "slapd slapd/password1 password admin" | debconf-set-selections && \
    echo "slapd slapd/password2 password admin" | debconf-set-selections && \
    echo "slapd slapd/domain string example.com" | debconf-set-selections && \
    echo "slapd slapd/no_configuration boolean false" | debconf-set-selections && \
    echo "slapd slapd/purge_database boolean true" | debconf-set-selections && \
    echo "slapd slapd/ldapi_tls boolean false" | debconf-set-selections && \
    echo "slapd slapd/move_old_database boolean true" | debconf-set-selections
 # make use of debconf-set-selections
@ -26,21 +47,27 @@ RUN dpkg-reconfigure -f noninteractive slapd
 COPY entrypoint.sh ./entrypoint.sh
 RUN chmod +x ./entrypoint.sh
-# open up LDAP simple port
+# open up LDAP StartTLS and SSL ports, and Apache ports
 EXPOSE 389
 EXPOSE 636
 EXPOSE 80
 EXPOSE 443
 #──────────────────────────────────────────────────────────────
 # Create directory for exporting certs to host
 RUN mkdir -p /export-certs
 #──────────────────────────────────────────────────────────────
 # set salvable volumes for LDAP data, configuration, certs
 VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d", "/etc/ldap/certs","/export-certs"]
 # set correct permissions for openldap user
-RUN chown -R openldap:openldap /var/lib/ldap /etc/ldap/slapd.d
+#RUN chown -R openldap:openldap /var/lib/ldap /etc/ldap/slapd.d
 #──────────────────────────────────────────────────────────────
 # ENTRYPOINT ensures this sh file ALWAYS runs first before any CMD or command line instruction
 ENTRYPOINT ["./entrypoint.sh"]
 #──────────────────────────────────────────────────────────────
 # CMD provides the default command (/bin/bash) which is passed as an argument to the ENTRYPOINT script
 CMD ["/bin/bash"]
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,32 +1,64 @@
 #!/bin/bash
-# this script runs INSIDE the container
+#set -euo pipefail
-# set -e  # exit on any error?
+
 # Fix permissions
 chown -R openldap:openldap /var/lib/ldap /etc/ldap/slapd.d /etc/ldap/certs 2>/dev/null || true
 chmod -R 777 /export-certs 2>/dev/null || true
 #──────────────────────────────────────────────────────────────
 # Correct base DN and hostname
 export LDAP_HOST="${LDAP_HOST:-$(hostname)}"
 export LDAP_BASE_DN=$(echo "$LDAP_HOST" | sed 's/\.\([^.]*\)/,dc=\1/g; s/^/dc=/')
 echo "--> Using LDAP base DN: ${LDAP_BASE_DN}"
 #──────────────────────────────────────────────────────────────
 echo "--> Starting ldapdock 0.10"
 echo "--> Launching slapd (temp)..."
-# start slapd temporarily for setup
+# Temporarily "relax" strict security on start to configure stuff
-/usr/sbin/slapd -h "ldap:/// ldapi:///" -g openldap -u openldap &
+if [ -d "/etc/ldap/slapd.d" ] && ls /etc/ldap/slapd.d/* >/dev/null 2>&1; then
-sleep 3
+    echo "--> Temporarily relaxing security for init"
    slapd -h "ldap:/// ldapi:///" -u openldap -g openldap &
    sleep 6
    ldapmodify -Y EXTERNAL -H ldapi:/// >/dev/null 2>&1 <<EOF || true
 dn: cn=config
 changetype: modify
 delete: olcLocalSSF
 -
 delete: olcSecurity
 -
 EOF
    pkill slapd || true
    sleep 2
 fi
-# populate with user & group
+# Start temporary slapd for Users and Groups addition
-echo "--> Populating directory with users and groups..."
+echo "--> Starting temporary slapd"
-cat > /tmp/add_content.ldif << EOF
+slapd -h "ldap:/// ldapi:///" -u openldap -g openldap &
-dn: ou=People,dc=${LDAP_HOST}
+SLAPD_PID=$!
 sleep 8
 # Full tree with root entry
 cat > /tmp/base.ldif <<EOF
 dn: ${LDAP_BASE_DN}
 objectClass: top
 objectClass: dcObject
 objectClass: organization
 o: Example Company
 dn: ou=People,${LDAP_BASE_DN}
 objectClass: organizationalUnit
 ou: People
-dn: ou=Groups,dc=${LDAP_HOST}
+dn: ou=Groups,${LDAP_BASE_DN}
 objectClass: organizationalUnit
 ou: Groups
-dn: cn=mages,ou=Groups,dc=${LDAP_HOST}
+dn: cn=mages,ou=Groups,${LDAP_BASE_DN}
 objectClass: posixGroup
 cn: mages
 gidNumber: 5000
 memberUid: marisa
-dn: uid=marisa,ou=People,dc=${LDAP_HOST}
+dn: uid=marisa,ou=People,${LDAP_BASE_DN}
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: shadowAccount
@ -38,64 +70,22 @@ displayName: Marisa Kirisame
 uidNumber: 10000
 gidNumber: 5000
 userPassword: {CRYPT}x
 gecos: Marisa Kirisame
 loginShell: /bin/bash
 homeDirectory: /home/marisa
-EOF
+gecos: Marisa Kirisame
 sleep 2
 # add the structure — ignore "already exists" errors only here
 echo "--> Adding base structure..."
 ldapadd -x -D "cn=admin,dc=${LDAP_HOST}" -w admin -f /tmp/add_content.ldif || \
    echo "--> Some entries already exist — continuing (this is normal)"
 # setting up user marisa of group People password
 ldappasswd -x -D "cn=admin,dc=${LDAP_HOST}" -w admin -s qwerty "uid=marisa,ou=People,dc=${LDAP_HOST}"
 sleep 2
 # load and enable policies module
 echo "--> Loading policies module..."
 cat > modify_ppolicy_module.ldif << EOF
 dn: cn=module{0},cn=config
 changetype: modify
 add: olcModuleLoad
 olcModuleLoad: ppolicy.so
 EOF
 ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif
-# restarting slapd to load ppolicy.so
+echo "--> Adding base structure"
 ldapadd -c -x -D "cn=admin,dc=example,dc=com" -w admin -f /tmp/base.ldif || true
-slapd -h "ldap:/// ldapi:/// ldaps:///" -u openldap -g openldap &
+#──────────────────────────────────────────────────────────────
-sleep 3
+# TLS BLOCK 
-
+#──────────────────────────────────────────────────────────────
 cat > enable_ppolicy.ldif << EOF
 dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
 changetype: add
 objectClass: olcOverlayConfig
 objectClass: olcPPolicyConfig
 olcOverlay: ppolicy
 EOF
 #olcPPolicyDefault: cn=default,ou=policies,dc=${LDAP_HOST}
 ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
 # display schemas loaded by default
 echo "--> Schemas loaded by default..."
 ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
 # kill temp slapd
 pkill slapd
 sleep 3
 # === CERTIFICATES: ONLY IF NOT ALREADY EXPORTED ===
 if [ ! -f "/export-certs/mycacert.crt" ]; then
-    echo "--> No CA found in /export-certs → generating certificates..."
+    echo "--> No CA found → generating certificates..."
    mkdir -p /etc/ldap/certs
    cd /etc/ldap/certs
    # CA
    certtool --generate-privkey --bits 4096 --outfile ca-key.pem
    cat > ca.info <<EOF
 cn = Example Company CA
@ -104,8 +94,6 @@ cert_signing_key
 expiration_days = 3650
 EOF
    certtool --generate-self-signed --load-privkey ca-key.pem --template ca.info --outfile ca-cert.pem
    # server
    certtool --generate-privkey --bits 2048 --outfile ldap01_slapd_key.pem
    cat > ldap01.info <<EOF
 organization = Example Company
@ -121,21 +109,14 @@ EOF
      --load-ca-privkey ca-key.pem \
      --template ldap01.info \
      --outfile ldap01_slapd_cert.pem
    # permissions
    chgrp openldap ldap01_slapd_key.pem
    chmod 640 ldap01_slapd_key.pem
    # bundle
    cat ldap01_slapd_cert.pem ca-cert.pem > ldap01_slapd_cert_full.pem
    chown root:openldap ldap01_slapd_cert_full.pem
    chmod 640 ldap01_slapd_cert_full.pem
-
+    echo "--> Starting second temporary slapd to apply TLS config"
    # start temp slapd to apply config
    slapd -h "ldap:/// ldapi:///" -u openldap -g openldap &
-    sleep 3
+    sleep 4
    # apply TLS config
    cat > /tmp/certinfo.ldif <<EOF
 dn: cn=config
 changetype: modify
@ -149,41 +130,154 @@ replace: olcTLSCertificateKeyFile
 olcTLSCertificateKeyFile: /etc/ldap/certs/ldap01_slapd_key.pem
 EOF
    ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/certinfo.ldif
    # trust locally
    cp /etc/ldap/certs/ca-cert.pem /usr/local/share/ca-certificates/mycacert.crt
    update-ca-certificates
-
+    pkill slapd || true
    # kill temp
    pkill slapd
    sleep 2
-
+    echo "--> Exporting certificates to host volume..."
    # === EXPORT TO HOST (always, since volume is mounted) ===
    echo "--> Exporting CA to /export-certs..."
    cp /etc/ldap/certs/ca-cert.pem /export-certs/mycacert.crt
    cp /etc/ldap/certs/ldap01_slapd_cert_full.pem /export-certs/server-cert.pem
    echo "--> Certificate READY at ./hosts-certs/mycacert.crt on host"
 else
-    echo "--> CA already exists at /export-certs/mycacert.crt → skipping generation"
+    echo "--> Certificates already exist — skipping generation and using existing ones"
 fi
-# === FINAL SLAPD START ===
+export LDAPTLS_REQCERT=allow
-echo "--> Starting final slapd with LDAPS..."
+
 # ←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←
 # NEW: Save and restore the LDIF — no changes to TLS block
 if [ ! -f "/export-certs/certinfo.ldif" ]; then
    echo "--> Saving TLS config LDIF for future restarts"
    cp /tmp/certinfo.ldif /export-certs/certinfo.ldif
 fi
 if [ -f "/export-certs/certinfo.ldif" ]; then
    echo "--> Restoring TLS config LDIF from persistent volume"
    cp /export-certs/certinfo.ldif /tmp/certinfo.ldif
 fi
 # ←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←←
 # Set Marisa password (full LDIF — so ldapmodify knows what to modify)
 echo "--> Setting Marisa password to 'MarisaNewPass2025' using Admin Bind"
 ADMIN_DN="cn=admin,${LDAP_BASE_DN}"
 ADMIN_PW="admin"
 slappasswd -h '{SSHA}' -s MarisaNewPass2025 | \
 ldapmodify -x -D "$ADMIN_DN" -w "$ADMIN_PW" <<EOF >/dev/null 2>&1
 dn: uid=marisa,ou=People,${LDAP_BASE_DN}
 changetype: modify
 replace: userPassword
 userPassword: $(< /dev/stdin)
 EOF
 # Kill temporary slapd
 kill $SLAPD_PID 2>/dev/null || true
 wait $SLAPD_PID 2>/dev/null || true
 # Kill any stray slapd that might be holding ports
 pkill -9 slapd 2>/dev/null || true
 sleep 2
 # Start final OpenLDAP
 echo "--> Starting final OpenLDAP (background)"
 slapd -h "ldap:/// ldaps:/// ldapi:///" -u openldap -g openldap -d 0 &
-sleep 3
+SLAPD_PID=$!
 sleep 8
-# === ENABLE TLS FOR ALL CLIENT TOOLS INSIDE CONTAINER ===
+# Apply TLS config to final slapd
-export LDAPTLS_CACERT=/etc/ldap/certs/ca-cert.pem
+echo "--> Applying TLS config to final slapd"
-echo "LDAPTLS_CACERT=$LDAPTLS_CACERT (all ldap* commands now work with TLS)"
+ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/certinfo.ldif
 echo 'export LDAPTLS_CACERT=/etc/ldap/certs/ca-cert.pem' >> ~/.bashrc
 source ~/.bashrc
-echo "--> ldapdock framework ready."
+# Restart slapd to load the new TLS config (required for OpenLDAP)
 echo "--> Restarting slapd to load TLS config"
 kill $SLAPD_PID 2>/dev/null || true
 wait $SLAPD_PID 2>/dev/null || true
 slapd -h "ldap:/// ldaps:/// ldapi:///" -u openldap -g openldap -d 0 &
 SLAPD_PID=$!
 sleep 8
-# === KEEP CONTAINER ALIVE AND CONTINUE ===
+# Make the container trust its own CA — every time
 cp /etc/ldap/certs/ca-cert.pem /usr/local/share/ca-certificates/mycacert.crt 2>/dev/null || true
 update-ca-certificates --fresh >/dev/null 2>&1 || true
-# 'exec' replaces the script process with the command (e.g., /bin/bash),
+# Start Apache inside APACHE_PID variable in background
-# ensuring the container stays alive as long as that command runs interactively.
+echo "--> Starting Apache + PHP (background)"
-echo "Executing: $@"
+/usr/sbin/apache2ctl -D FOREGROUND  &
 APACHE_PID=$!
 sleep 5
 # HTTPS setup — using the real LDAP certificates
 echo "--> Configuring Apache for HTTPS with real certificates"
 export DEBIAN_FRONTEND=noninteractive  # Silence a2ensite prompts
 APACHE_CERT_FILE="/etc/ldap/certs/ldap01_slapd_cert_full.pem"
 APACHE_KEY_FILE="/etc/ldap/certs/ldap01_slapd_key.pem"
 # Enable the site silently
 a2ensite default-ssl.conf >/dev/null 2>&1
 # Replace the snakeoil certs with your real ones
 sed -i -E "s|^\s*SSLCertificateFile\s+.*|SSLCertificateFile ${APACHE_CERT_FILE}|g" \
    /etc/apache2/sites-available/default-ssl.conf
 sed -i -E "s|^\s*SSLCertificateKeyFile\s+.*|SSLCertificateKeyFile ${APACHE_KEY_FILE}|g" \
    /etc/apache2/sites-available/default-ssl.conf
 # Reload Apache gracefully (updates config without killing)
 apache2ctl graceful >/dev/null 2>&1
 sleep 5
 # ──────────────────────────────
 # phpLDAPadmin — auto-installed, no rebuild, works forever
 # ──────────────────────────────
 echo "--> Installing phpLDAPadmin"
 # Only install once — use a flag file
 if [ ! -f "/var/www/html/phpldapadmin-installed" ]; then
    cd /var/www/html
    # Download and extract (direct tarball, no git needed)
    wget -q -O phpldapadmin.tgz \
      https://github.com/leenooks/phpLDAPadmin/archive/refs/tags/1.2.6.7.tar.gz
    tar xzf phpldapadmin.tgz
    mv phpLDAPadmin-1.2.6.7 phpldapadmin
    rm phpldapadmin.tgz
    # Copy config and apply minimal working settings
    cp phpldapadmin/config/config.php.example phpldapadmin/config/config.php
 cat > phpldapadmin/config/config.php <<EOF
 <?php
 \$servers = new Datastore();
 \$servers->newServer('ldap_pla');
 \$servers->setValue('server','name','Local OpenLDAP');
 \$servers->setValue('server','host','127.0.0.1');
 \$servers->setValue('server','port',389);
 \$servers->setValue('server','base',array('${LDAP_BASE_DN}'));
 \$servers->setValue('server','tls',true);
 \$servers->setValue('login','auth_type','session');
 \$servers->setValue('login','bind_id','cn=admin,${LDAP_BASE_DN}');
 \$servers->setValue('login','bind_pass','admin');
 ?>
 EOF
    # Mark as installed
    touch /var/www/html/phpldapadmin-installed
    echo "--> phpLDAPadmin installed → https://localhost/phpldapadmin"
 else
    echo "--> phpLDAPadmin already installed"
 fi
 # Victory message
 echo "--> ldapdock ready — OpenLDAP + Apache + PHP running"
 echo "   → LDAP: 389/636"
 echo "   → PHPinfo: https://localhost/info.php"
 echo "   → Shell: /bin/bash"
 echo "   → Exit with CTRL+D or 'exit' command"
 # THIS IS THE MAGIC LINE THAT KILLS CHILD PROCESSES ON EXIT
 trap 'echo "Stopping services..."; kill $SLAPD_PID $APACHE_PID 2>/dev/null; wait' SIGINT SIGTERM
 # Give you your interactive shell — forever
 exec "$@"
--- a/index.php.tls
+++ b/index.php.tls
@ -1,55 +0,0 @@
 <?php
 $host = $_SERVER['HTTP_HOST'];   // works for example.com or any LDAP_HOST
 $msg = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $uid = trim($_POST['uid'] ?? '');
    $password = $_POST['password'] ?? '';
    if ($uid && $password) {
        // DIRECT LDAPS CONNECTION — NO STARTTLS NEEDED
        $ldap = ldap_connect("ldaps://127.0.0.1:636");
 	// Allow self-signed cert for ldaps://
 	putenv('LDAPTLS_REQCERT=allow');
        if (!$ldap) {
            $msg = "<p style='color:red'>Cannot connect to LDAP server</p>";
        } else {
            ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
            ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
            $bind_dn = "uid=$uid,ou=People,dc=$host";
            if (@ldap_bind($ldap, $bind_dn, $password)) {
                $msg = "<p style='color:green;font-weight:bold'>Login successful! Welcome $uid 🎉</p>";
            } else {
                $msg = "<p style='color:red'>Invalid credentials</p>";
            }
            ldap_close($ldap);
        }
    } else {
        $msg = "<p style='color:red'>uid=$uid,ou=People,dc=$host Please fill both fields</p>";
    }
 }
 ?>
 <!DOCTYPE html>
 <html>
 <head>
    <title>ldapdock – LDAP login</title>
    <style>
        body { font-family: Arial, sans-serif; max-width: 400px; margin: 100px auto; text-align: center; }
        input, button { padding: 10px; margin: 5px; width: 100%; font-size: 16px; }
        button { background: #007cba; color: white; cursor: pointer; }
    </style>
 </head>
 <body>
    <h1>ldapdock login</h1>
    <p>Server: <strong><?= htmlspecialchars($host) ?></strong></p>
    <?= $msg ?>
    <form method="post">
        <input type="text" name="uid" placeholder="uid (e.g. marisa)" required autofocus><br>
        <input type="password" name="password" placeholder="password" required><br>
        <button type="submit">Login</button>
    </form>
    <hr>
    <small>Test user: marisa / q*****</small>
 </body>
 </html>
--- a/media/devall.png
+++ b/media/devall.png
Author	SHA1	Message	Date
Marisa	82f6d6f4f4	Update INSTALL.md	2025-12-14 13:59:52 -05:00
Marisa	cd5f0b8ada	Delete index.php.tls	2025-12-14 13:55:26 -05:00
Marisa	3ec502bfc0	Delete dockerlog	2025-12-14 13:55:09 -05:00
okasion	30504afd6c	Added phpLDAPadmin autoinstallation	2025-12-08 10:09:49 -03:00
okasion	26e78904ac	Fixed Apache SSL	2025-12-07 12:16:33 -03:00
Marisa	78017f9e87	Upload files to "/"	2025-12-05 12:36:55 -05:00
Marisa	cb7dcffc3b	Upload files to "media"	2025-11-30 10:16:05 -05:00
Marisa	e72c842b43	Upload files to "/"	2025-11-30 10:15:02 -05:00
Marisa	026b02aa51	Upload files to "/"	2025-11-29 17:01:07 -05:00
Marisa	110e2c10e4	Add dockerlog	2025-11-29 15:56:29 -05:00
Marisa	e64b9e46d8	Upload files to "/"	2025-11-29 11:58:52 -05:00
Marisa	c004efafc9	Upload files to "/"	2025-11-29 11:57:39 -05:00