# ldapdock *_a configurable container running openLDAP_* Step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container ## _Creating the ldapdock image container_ build ldapdock ``` > docker build -t ldapdock /path/to/dockerfile ``` after build, check the docker image has been created properly with the given REPOSITORY name ``` > docker images REPOSITORY TAG IMAGE ID CREATED SIZE ldapdock latest 0e4a1521b346 6 hours ago 138MB ``` run into the container to setup openLDAP ``` > docker run -h example.com -i -t ldapdock /bin/bash ``` ## _Inside the ldapdock image container_ make sure to use the following command to start openLDAP ``` root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d ``` test connectivity to slapd ``` root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)" # extended LDIF # # LDAPv3 # base with scope baseObject ... ``` ## _Users administrative tasks_ ### _Add users into LDAP directories_ create a new LDAP directory called Supergirls (LDAP OU) with the following data ``` root@example:/# vim add_ou.ldif dn: ou=Supergirls,dc=example,dc=com objectClass: organizationalUnit ou: Supergirls ``` create it in our LDAP server, when asked for the root password, remember in the dockerfile by default is _admin_ ``` root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_ou.ldif Enter LDAP Password: adding new entry "ou=Supergirls,dc=example,dc=com" ``` verify the entry in the LDAP server ``` root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(ou=Supergirls)" dn dn: ou=Supergirls,dc=example,dc=com ``` create a new LDAP password to manage our new directory, and annotate the result hashed password ``` root@example:/# slappasswd New password: Re-enter new password: {SSHA}hashedpasswd ``` create a .ldif file with the necessary attributes to insert in our Supergirls directory ``` root@example:/# vim add_user_supergirls.ldif dn: uid=marisa,ou=Supergirls,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount cn: Marisa sn: Kirisame givenName: Marisa displayName: Marisa Kirisame uid: marisa uidNumber: 1001 gidNumber: 5000 homeDirectory: /home/marisa loginShell: /bin/bash userPassword: {SSHA}hashedpasswd mail: marisa@example.com ``` insert the new user (marisa) in our Supergirls directory (LDAP OU), still using the root password _admin_ ``` root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_user_supergirls.ldif Enter LDAP Password: adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com" ``` verify the user (marisa) has been added to the Supergirls OU ``` root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" dn dn: uid=marisa,ou=Supergirls,dc=example,dc=com ``` ### _Modify users from LDAP directories_ create a new .ldif file with the attributes we want to change\ in this case we want to modify the _mail_ marisa@example.com of the user (_uid_) marisa from the group (_ou_) Supergirls ``` root@example:/home# vim modify_user.ldif dn: uid=marisa,ou=Supergirls,dc=example,dc=com changetype: modify replace: mail mail: marisa.kirisame@example.com ``` run the modify file, when asked for the root password, remember in the dockerfile by default is _admin_ ``` root@example:/home# ldapmodify -x -D "cn=admin,dc=example,dc=com" -W -f modify_user.ldif Enter LDAP Password: modifying entry "uid=marisa,ou=Supergirls,dc=example,dc=com" ``` verify the _mail_ attribute of the user marisa has been changed to marisa.kirisame@example.com ``` root@example:/home# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" mail dn: uid=marisa,ou=Engineering,dc=example,dc=com mail: marisa.kirisame@example.com ``` ### _Query a LDAP directory as a user_ we already created the user (_uid_) marisa, and established the user's own password using slappasswd\ now we are gonna query our LDAP server using the user (_uid_) marisa credentials, and _the password we entered during slappasswd, called plain password_ ``` root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # example.com dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization o: nodomain dc: example # Supergirls, example.com dn: ou=Supergirls,dc=example,dc=com ... ``` we can narrow this search to get only specific attributes of the user marisa, remember we are using _the plainpasswd when asked_ ``` root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd givenName uidNumber gidNumber homeDirectory # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: givenName uidNumber gidNumber homeDirectory # # example.com dn: dc=example,dc=com # Supergirls, example.com dn: ou=Supergirls,dc=example,dc=com # marisa, Supergirls, example.com dn: uid=marisa,ou=Supergirls,dc=example,dc=com givenName: Marisa uidNumber: 1001 gidNumber: 5000 homeDirectory: /home/marisa ```