# ldapdock *_a configurable container running openLDAP_* A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, **optional steps are marked with __*__** ### _Creating the ldapdock container_ build ldapdock ``` > docker build -t ldapdock /path/to/dockerfile ``` __*__ after build, check the docker image has been created properly with the given REPOSITORY name ``` > docker images REPOSITORY TAG IMAGE ID CREATED SIZE ldapdock latest 0e4a1521b346 6 hours ago 138MB ``` run into the container to setup openLDAP ``` > docker run -h example.com -i -t ldapdock /bin/bash ``` make sure to use the following command to start openLDAP ``` root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d ``` test connectivity to slapd ``` root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)" # extended LDIF # # LDAPv3 # base with scope baseObject ... ``` make a new test directory and create two attributes/branches with People and Group ``` root@example:/# vim base.ldif ``` ``` dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit ou: Group ``` create the test directory on our LDAP server, the password in the dockerfile by default is _admin_ ``` root@example:/# ldapadd -x -D cn=admin,dc=example,dc=com -W -f base.ldif Enter LDAP Password: adding new entry "ou=People,dc=example,dc=com" adding new entry "ou=Groups,dc=example,dc=com" ``` now we have an **Organizational Unit (ou=People, ou=Group, etc.)** prepared to deal with users and groups, with a directory structure we can begin managing users ################################################### run into the container setting up the LDAP server and the hostname ``` > docker run -h example.com -i -t ldapdock /bin/bash ``` ### _Inside the ldapdock image_ start the openLDAP daemon server ``` > service slapd start * Starting OpenLDAP slapd [ OK ] ``` __*__ edit base configuration of openLDAP server ``` > vim /etc/ldap/ldap.conf ``` __*__ check basic LDAP schemas are loaded ``` # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config dn: cn={1}cosine,cn=schema,cn=config dn: cn={2}nis,cn=schema,cn=config dn: cn={3}inetorgperson,cn=schema,cn=config ``` __*__ load basic LDAP schemas in case the base config didn't ``` # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=core,cn=schema,cn=config" ``` create a **password** for openLDAP root user ``` > slappasswd New password: Re-enter new password: {SSHA}hashpwd ``` __*__ checkout the root DN configuration, the oldRootDN that we will setup later ``` > ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(olcRootDN=*)" olcRootDN dn: olcDatabase={0}config,cn=config olcRootDN: cn=admin,cn=config dn: olcDatabase={1}mdb,cn=config olcRootDN: cn=admin,dc=example,dc=com ``` ### _Base administrative Tasks for openLDAP_ create a file setting up our default root DN and our *hostname* **(change *dc=example,dc=com* as needed)** ``` > vim change_root.ldif dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=admin,dc=example,dc=com ``` now save this changes in the main database ``` > ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_root.ldif ``` create a file setting up our default rootPW **(change *{SSHA}hashpwd* with our previous *password*)** ``` > vim change_password.ldif dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: {SSHA}hashpwd ``` now apply our new password for the main database ``` > ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_password.ldif modifying entry "olcDatabase={1}mdb,cn=config" ``` we are done with our openLDAP root configuration and can begin creating new LDAP directories (.ldif files)