| dockerfile | ||
| README.md | ||
| READMEold.md | ||
ldapdock
a configurable container running openLDAP
Step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container
Creating the ldapdock image container
build ldapdock
> docker build -t ldapdock /path/to/dockerfile
after build, check the docker image has been created properly with the given REPOSITORY name
> docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ldapdock latest 0e4a1521b346 6 hours ago 138MB
run into the container to setup openLDAP
> docker run -h example.com -i -t ldapdock /bin/bash
Inside the ldapdock image container
make sure to use the following command to start openLDAP
root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
test connectivity to slapd
root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope baseObject
...
Users administrative tasks
Add users into LDAP directories
create a new LDAP directory called Supergirls (LDAP OU) with the following data
root@example:/# vim add_ou.ldif
dn: ou=Supergirls,dc=example,dc=com
objectClass: organizationalUnit
ou: Supergirls
create it in our LDAP server, when asked for the root password, remember in the dockerfile by default is admin
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_ou.ldif
Enter LDAP Password:
adding new entry "ou=Supergirls,dc=example,dc=com"
verify the entry in the LDAP server
root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(ou=Supergirls)" dn
dn: ou=Supergirls,dc=example,dc=com
create a new LDAP password to manage our new directory, and annotate the result hashed password
root@example:/# slappasswd
New password:
Re-enter new password:
{SSHA}hashedpasswd
create a .ldif file with the necessary attributes to insert in our Supergirls directory
root@example:/# vim add_user_supergirls.ldif
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Marisa
sn: Kirisame
givenName: Marisa
displayName: Marisa Kirisame
uid: marisa
uidNumber: 1001
gidNumber: 5000
homeDirectory: /home/marisa
loginShell: /bin/bash
userPassword: {SSHA}hashedpasswd
mail: marisa@example.com
insert the new user (marisa) in our Supergirls directory (LDAP OU), still using the root password admin
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_user_supergirls.ldif
Enter LDAP Password:
adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
verify the user (marisa) has been added to the Supergirls OU
root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" dn
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
Modify users from LDAP directories
create a new .ldif file with the attributes we want to change
in this case we want to modify the mail marisa@example.com of the user (uid) marisa from the group (ou) Supergirls
root@example:/home# vim modify_user.ldif
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
changetype: modify
replace: mail
mail: marisa.kirisame@example.com
run the modify file, when asked for the root password, remember in the dockerfile by default is admin
root@example:/home# ldapmodify -x -D "cn=admin,dc=example,dc=com" -W -f modify_user.ldif
Enter LDAP Password:
modifying entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
verify the mail attribute of the user marisa has been changed to marisa.kirisame@example.com
root@example:/home# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" mail
dn: uid=marisa,ou=Engineering,dc=example,dc=com
mail: marisa.kirisame@example.com
ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w qwerty ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"