175 lines
6.3 KiB
Plaintext
175 lines
6.3 KiB
Plaintext
$ sudo docker run -i -t -p 389:389 -p 636:636 -p 80:80 -p 443:443 -h ${LDAP_HOST:-example.com} -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d -v ldap_certs:/etc/ldap/certs -v $(pwd)/hosts-certs:/export-certs ldapdock
|
|
--> Using LDAP base DN: dc=example,dc=com
|
|
--> Starting ldapdock 0.10
|
|
--> Temporarily relaxing security for init
|
|
--> Starting temporary slapd
|
|
--> Adding base structure
|
|
adding new entry "dc=example,dc=com"
|
|
ldap_add: Already exists (68)
|
|
|
|
adding new entry "ou=People,dc=example,dc=com"
|
|
ldap_add: Already exists (68)
|
|
|
|
adding new entry "ou=Groups,dc=example,dc=com"
|
|
ldap_add: Already exists (68)
|
|
|
|
adding new entry "cn=mages,ou=Groups,dc=example,dc=com"
|
|
ldap_add: Already exists (68)
|
|
|
|
adding new entry "uid=marisa,ou=People,dc=example,dc=com"
|
|
ldap_add: Already exists (68)
|
|
|
|
--> Setting Marisa password to 'MarisaNewPass2025'
|
|
--> No CA found → generating certificates...
|
|
** Note: You may use '--sec-param High' instead of '--bits 4096'
|
|
Generating a 4096 bit RSA private key...
|
|
Generating a self signed certificate...
|
|
X.509 Certificate Information:
|
|
Version: 3
|
|
Serial Number (hex): 1c24ac6bee33a476b7a7a3a3932a6dfa740bf61c
|
|
Validity:
|
|
Not Before: Sat Nov 29 20:53:35 UTC 2025
|
|
Not After: Tue Nov 27 20:53:35 UTC 2035
|
|
Subject: CN=Example Company CA
|
|
Subject Public Key Algorithm: RSA
|
|
Algorithm Security Level: High (4096 bits)
|
|
Modulus (bits 4096):
|
|
00:ce:57:be:00:6b:51:34:44:9b:66:ad:f2:b0:b8:8e
|
|
c8:84:c4:4f:97:b9:25:fa:e1:f6:38:9f:46:4c:ae:53
|
|
26:09:ce:0b:1d:20:1e:be:cc:ec:e4:ef:d6:16:02:e4
|
|
c5:53:fd:05:18:56:ff:3f:c0:1b:33:3d:00:75:9e:4b
|
|
ab:79:17:ff:37:5f:de:a2:5a:cb:59:d2:c4:7a:98:aa
|
|
08:a5:b8:c2:fa:96:ea:4e:18:3e:0c:30:6d:b9:e8:71
|
|
91:4b:30:1a:b1:27:f3:10:e9:f4:0f:dd:ff:da:ec:3f
|
|
0c:31:2b:48:73:59:4f:f5:6a:ab:9e:a5:20:76:1a:51
|
|
b3:ec:81:5d:cf:9d:b3:bb:f0:8c:19:a2:18:03:f3:93
|
|
db:31:26:c6:60:bf:4e:5e:8e:6b:2c:24:b5:8c:33:24
|
|
3a:58:c3:56:aa:3d:da:67:95:8c:33:06:92:fb:58:a1
|
|
a9:a2:58:d8:96:bf:a2:4e:60:92:a7:f8:95:7e:0a:c6
|
|
bb:a3:96:d7:87:08:ae:52:74:b3:f9:7e:d8:d7:af:b1
|
|
a5:04:fa:59:d7:2a:be:e3:d6:b2:61:49:5d:94:a6:7b
|
|
4a:52:25:1c:34:1d:05:28:48:cb:aa:c5:e7:d5:1d:c8
|
|
8b:44:80:14:e9:4f:9f:11:02:d7:0e:62:34:69:b0:c4
|
|
d9:24:b9:12:5a:a9:a3:fd:8a:1e:77:37:90:9d:12:a4
|
|
ba:5d:ef:09:eb:4d:cf:c7:a5:14:d0:c9:fb:c2:25:8b
|
|
14:d2:b8:ba:32:a1:51:cd:41:21:37:a5:d2:b4:bd:08
|
|
59:91:d4:72:70:95:6f:65:95:14:63:bd:8d:da:7c:48
|
|
c3:0a:d7:c2:db:5a:41:25:d4:97:59:d7:6b:42:9f:db
|
|
1f:85:7f:b9:ac:f4:fc:4e:d1:00:d6:cd:ca:e5:f3:05
|
|
ca:c0:87:8a:a3:fb:90:49:9a:17:18:80:a6:cf:5c:dc
|
|
84:94:56:aa:a7:70:f3:80:73:2d:55:fa:e6:9d:bb:04
|
|
b5:f7:4d:df:b5:cf:8d:c7:6f:b0:93:d7:43:b4:77:5b
|
|
a5:3c:dc:e5:2e:49:96:77:14:96:e0:bd:46:ba:07:14
|
|
a5:0c:b7:95:00:2d:78:17:97:24:4e:08:f5:67:3f:e6
|
|
94:29:f0:2c:b8:70:9a:76:d2:e7:e5:e2:dd:e3:2b:21
|
|
ba:b4:aa:a9:a2:2a:45:55:9f:0b:b1:0e:00:7a:70:bd
|
|
2b:ac:b6:ef:0f:7a:a2:5f:ef:e1:a3:77:01:c4:0c:d2
|
|
e4:12:f3:2e:23:e4:ae:84:9e:b1:3b:b0:54:57:83:83
|
|
71:b5:91:4a:cc:48:d0:df:79:d3:12:9d:1b:c1:6f:42
|
|
23
|
|
Exponent (bits 24):
|
|
01:00:01
|
|
Extensions:
|
|
Basic Constraints (critical):
|
|
Certificate Authority (CA): TRUE
|
|
Key Usage (critical):
|
|
Certificate signing.
|
|
Subject Key Identifier (not critical):
|
|
26c5266d6d2a5d7c89f2ad867b1ab85895130242
|
|
Other Information:
|
|
Public Key ID:
|
|
sha1:26c5266d6d2a5d7c89f2ad867b1ab85895130242
|
|
sha256:0d03842e53daddda3508273a1e6f187f6208c88f00bd2f26e328f3477fbdfcf0
|
|
Public Key PIN:
|
|
pin-sha256:DQOELlPa3do1CCc6Hm8Yf2IIyI8AvS8m4yjzR3+9/PA=
|
|
|
|
|
|
|
|
Signing certificate...
|
|
** Note: You may use '--sec-param Medium' instead of '--bits 2048'
|
|
Generating a 2048 bit RSA private key...
|
|
Generating a signed certificate...
|
|
X.509 Certificate Information:
|
|
Version: 3
|
|
Serial Number (hex): 72056f5c71a405ec4e4e116591ccad1927b678ff
|
|
Validity:
|
|
Not Before: Sat Nov 29 20:53:35 UTC 2025
|
|
Not After: Sun Nov 29 20:53:35 UTC 2026
|
|
Subject: CN=example.com,O=Example Company
|
|
Subject Public Key Algorithm: RSA
|
|
Algorithm Security Level: Medium (2048 bits)
|
|
Modulus (bits 2048):
|
|
00:bc:c4:c1:e4:86:8d:84:3f:23:23:48:8c:f9:38:f9
|
|
9b:7d:db:27:71:ee:d4:31:35:98:a0:25:de:d2:82:b7
|
|
6d:5c:14:7b:b9:33:a4:74:29:53:a5:9c:55:ed:45:f2
|
|
2f:41:f3:78:43:82:47:7c:63:ed:41:9b:9a:e5:63:cf
|
|
92:dd:b9:ea:63:2c:e0:8f:bd:3b:bf:a3:d3:45:b6:02
|
|
a4:7e:b8:df:60:74:dc:fe:98:8c:8e:09:91:96:fe:bb
|
|
ff:c2:4f:f5:41:ce:16:e4:98:b2:01:b6:53:5b:fb:36
|
|
9b:04:ab:d4:8f:b8:44:e9:09:48:dc:19:62:52:7f:91
|
|
3c:9c:3c:5f:03:e5:6a:89:0b:ca:27:75:7c:e6:ff:87
|
|
b0:25:eb:ce:9e:f3:b3:b3:a2:0d:55:96:73:7b:50:da
|
|
4e:48:85:83:e0:9a:74:50:a2:53:e3:95:a0:94:ef:c1
|
|
18:cc:03:30:07:6e:86:57:51:13:c3:ed:aa:fe:9e:ed
|
|
d8:07:23:cd:2f:a4:8e:56:37:74:a6:81:b0:9e:1e:51
|
|
f2:1d:a6:8e:62:a6:ad:69:a2:5c:b9:4b:cf:07:6a:d4
|
|
85:f7:ef:8e:0a:a1:46:67:16:52:8c:9c:e1:dc:07:b0
|
|
77:20:fb:fa:8f:0b:d5:7d:55:21:94:8d:80:22:d9:b9
|
|
e3
|
|
Exponent (bits 24):
|
|
01:00:01
|
|
Extensions:
|
|
Basic Constraints (critical):
|
|
Certificate Authority (CA): FALSE
|
|
Key Purpose (not critical):
|
|
TLS WWW Server.
|
|
Key Usage (critical):
|
|
Digital signature.
|
|
Key encipherment.
|
|
Subject Key Identifier (not critical):
|
|
86037ea8ffac7903da768321f2f2a2450fc77e48
|
|
Authority Key Identifier (not critical):
|
|
26c5266d6d2a5d7c89f2ad867b1ab85895130242
|
|
Other Information:
|
|
Public Key ID:
|
|
sha1:86037ea8ffac7903da768321f2f2a2450fc77e48
|
|
sha256:5701dd907fa34b802152712ec801da0640b5baea979eb2cbbf4dea1abb628be3
|
|
Public Key PIN:
|
|
pin-sha256:VwHdkH+jS4AhUnEuyAHaBkC1uuqXnrLLv03qGrtii+M=
|
|
|
|
|
|
|
|
Signing certificate...
|
|
--> Starting second temporary slapd to apply TLS config
|
|
SASL/EXTERNAL authentication started
|
|
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
|
|
SASL SSF: 0
|
|
modifying entry "cn=config"
|
|
|
|
Updating certificates in /etc/ssl/certs...
|
|
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
|
|
1 added, 0 removed; done.
|
|
Running hooks in /etc/ca-certificates/update.d...
|
|
done.
|
|
--> Exporting certificates to host volume...
|
|
--> Starting final strict slapd — you keep your shell
|
|
--> ldapdock ready — marisa password = MarisaNewPass2025
|
|
root@example:/etc/ldap/certs# ldapsearch -x -D "cn=admin,dc=example,dc=com" -w admin -b "dc=example,dc=com" "(uid=marisa)" dn
|
|
# extended LDIF
|
|
#
|
|
# LDAPv3
|
|
# base <dc=example,dc=com> with scope subtree
|
|
# filter: (uid=marisa)
|
|
# requesting: dn
|
|
#
|
|
|
|
# marisa, People, example.com
|
|
dn: uid=marisa,ou=People,dc=example,dc=com
|
|
|
|
# search result
|
|
search: 2
|
|
result: 0 Success
|
|
|
|
# numResponses: 2
|
|
# numEntries: 1
|