# ldapdock *_a configurable container running openLDAP_* Step by step approach on how to setup and run an openLDAP server on a systemd-less docker image container ## _1- Creating the ldapdock image container_ build ldapdock from the dockerfile and run into it ``` > docker build -t ldapdock /path/to/dockerfile ``` ``` > docker run -h example.com -i -t -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d ldapdock /bin/bash ``` ## _2- Run the openLDAP server and create an admin user_ Use the following command to start openLDAP ``` root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d ``` Generate a password hash for our administrator user, Op3nLd4p! here being the password to comply with password policies ``` root@example:/# slappasswd -s Op3nLd4p! {SSHA}vP1xt9t8+/GmOXmqlH1yNh305+MpUDe+ ``` Create the .ldif file that will create the admin user, edit the _userPassword_ attribute with our password hash\ (you can copy & paste the entire command until userPassword, copy your password hash with the mouse, and paste it directly) ``` root@example:/# cat > create_admin.ldif << EOL dn: cn=admin,dc=example,dc=com changetype: add objectClass: organizationalRole objectClass: simpleSecurityObject cn: admin description: LDAP administrator userPassword: {SSHA}vP1xt9t8+/GmOXmqlH1yNh305+MpUDe+ # Replace with the hash of your password EOL ``` ``` root@example:/# ldapadd -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w admin -f create_admin.ldif adding new entry "cn=admin,dc=example,dc=com" ``` That's all, our administrator user was properly done. ## _3- Load and enable policy modules_ We need to make use of new schemas and **policies**, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it: ``` root@example:/# cat > modify_ppolicy_module.ldif << EOL dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: ppolicy.so EOL ``` ``` root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif modifying entry "cn=module{0},cn=config" ``` Reset slapd (openLDAP server) ``` root@example:/# kill $(pidof slapd) root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d ``` Now that we restarted our openLDAP server, we can load the new module, so we create the following .ldif file: ``` root@example:/# cat > enable_ppolicy.ldif << EOL dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: ppolicy olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com EOL ``` ``` root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif adding new entry "olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config" ``` The policies module has been loaded and we can begin to configure password schemas and ACLs.