# ldapdock *_a configurable container running openLDAP_* Step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container ## _Creating the ldapdock image container_ build ldapdock ``` > docker build -t ldapdock /path/to/dockerfile ``` after build, check the docker image has been created properly with the given REPOSITORY name ``` > docker images REPOSITORY TAG IMAGE ID CREATED SIZE ldapdock latest 0e4a1521b346 6 hours ago 138MB ``` run into the container to setup openLDAP ``` > docker run -h example.com -i -t ldapdock /bin/bash ``` ## _Inside the ldapdock image container_ make sure to use the following command to start openLDAP ``` root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d ``` test connectivity to slapd ``` root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)" # extended LDIF # # LDAPv3 # base with scope baseObject ... ``` make new test LDAP directories (LDAP OU) and create two attributes/branches with People and Group ``` root@example:/# vim base.ldif ``` ``` dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit ou: Group ``` create the test directory in our LDAP server, the password in the dockerfile by default is _admin_ ``` root@example:/# ldapadd -x -D cn=admin,dc=example,dc=com -W -f base.ldif Enter LDAP Password: adding new entry "ou=People,dc=example,dc=com" adding new entry "ou=Groups,dc=example,dc=com" ``` verify the entries in the LDAP server ``` root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=People' dn dn: ou=People,dc=example,dc=com root@example:/# ldapsearch -x -LLL -b dc=example,dc=com 'ou=Groups' dn dn: ou=Groups,dc=example,dc=com ``` now we have an **Organizational Unit (ou=People, ou=Group, etc.)** with users and groups within an LDAP directory structure correctly created ## _Users administrative tasks_ create a new LDAP directory called Supergirls (LDAP OU) with the following data ``` root@example:/# vim add_ou.ldif dn: ou=Supergirls,dc=example,dc=com objectClass: organizationalUnit ou: Supergirls ``` create it in our LDAP server, when asked for the root password, remember in the dockerfile by default is _admin_ ``` root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_ou.ldif Enter LDAP Password: adding new entry "ou=Supergirls,dc=example,dc=com" ``` verify the entry in the LDAP server ``` root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(ou=Supergirls)" dn dn: ou=Supergirls,dc=example,dc=com root@example:/# ``` create a new LDAP password to manage our new directory, and annotate the result hashed password ``` root@example:/# slappasswd New password: Re-enter new password: {SSHA}hashedpasswd ``` create a .ldif file with the necessary attributes to insert in our Supergirls directory ``` root@example:/# vim add_user_supergirls.ldif dn: uid=marisa,ou=Supergirls,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount cn: Marisa sn: Kirisame givenName: Marisa displayName: Marisa Kirisame uid: marisa uidNumber: 1001 gidNumber: 5000 homeDirectory: /home/marisa loginShell: /bin/bash userPassword: {SSHA}hashedpasswd mail: marisa@example.com ``` insert the new user (marisa) in our Supergirls directory (LDAP OU), still using the root password _admin_ ``` root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_user_supergirls.ldif Enter LDAP Password: adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com" ``` verify the user (marisa) has been added tp tje Supergirls OU ``` root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" dn dn: uid=marisa,ou=Supergirls,dc=example,dc=com ```