| dockerfile | ||
| README.md | ||
ldapdock
a configurable container running openLDAP
Step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container
note about the dockerfile and running the generated image container on FG (foreground) or BG (background): by default the dockerfile generates an image to be run in FG, it expects to be run into it and launch slapd (openLDAP server) manually; to run the image container in BG and start slapd automatically without any user intervention, uncomment the line number 31 of the dockerfile.
Creating the ldapdock image container
build ldapdock
> docker build -t ldapdock /path/to/dockerfile
after build, check the docker image has been created properly with the given REPOSITORY name
> docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ldapdock latest 0e4a1521b346 6 hours ago 138MB
run into the container to setup openLDAP
> docker run -h example.com -i -t ldapdock /bin/bash
Inside the ldapdock image container
make sure to use the following command to start openLDAP
root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
test connectivity to slapd
root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope baseObject
...
Users administrative tasks
Add users
create a new LDAP directory called Supergirls (LDAP OU) with the following data
root@example:/# vim add_ou.ldif
dn: ou=Supergirls,dc=example,dc=com
objectClass: organizationalUnit
ou: Supergirls
create it in our LDAP server, when asked for the root password, remember in the dockerfile by default is admin
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_ou.ldif
Enter LDAP Password:
adding new entry "ou=Supergirls,dc=example,dc=com"
verify the entry in the LDAP server
root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(ou=Supergirls)" dn
dn: ou=Supergirls,dc=example,dc=com
create a new LDAP password to manage our new directory, annotate both the entered plain password and the result hashed password
root@example:/# slappasswd
New password:
Re-enter new password:
{SSHA}hashedpasswd
create a .ldif file with the necessary attributes to insert in our Supergirls directory
root@example:/# vim add_user_supergirls.ldif
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: Marisa
sn: Kirisame
givenName: Marisa
displayName: Marisa Kirisame
uid: marisa
uidNumber: 1001
gidNumber: 5000
homeDirectory: /home/marisa
loginShell: /bin/bash
userPassword: {SSHA}hashedpasswd
mail: marisa@example.com
insert the new user (marisa) in our Supergirls directory (LDAP OU), still using the root password admin
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f add_user_supergirls.ldif
Enter LDAP Password:
adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
verify the user (marisa) has been added to the Supergirls OU
root@example:/# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" dn
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
Modify users attributes
create a new .ldif file with the attributes we want to change
in this case we want to modify the mail marisa@example.com of the user (uid) marisa from the group (ou) Supergirls
root@example:/home# vim modify_user.ldif
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
changetype: modify
replace: mail
mail: marisa.kirisame@example.com
run the modify file, when asked for the root password, remember in the dockerfile by default is admin
root@example:/home# ldapmodify -x -D "cn=admin,dc=example,dc=com" -W -f modify_user.ldif
Enter LDAP Password:
modifying entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
verify the mail attribute of the user marisa has been changed to marisa.kirisame@example.com
root@example:/home# ldapsearch -x -LLL -b "dc=example,dc=com" "(uid=marisa)" mail
dn: uid=marisa,ou=Engineering,dc=example,dc=com
mail: marisa.kirisame@example.com
Modify user password
in order to change a user password we can run the following command, in this example we are changing user (uid) marisa password from the Organizational Unit (ou) Supergirls
root@example:/etc/ldap# ldappasswd -H ldap:/// -x -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -W -S "uid=marisa,ou=Supergirls,dc=example,dc=com"
New password: plainpasswd
Re-enter new password: plainpasswd
Enter LDAP Password: oldplainpasswd
plainpasswd being the new password we want to use, and oldplainpasswd, the last plain password we were using
Query as an specific user
we already created the user (uid) marisa, and established the user's own password using slappasswd
now we are gonna query our LDAP server using the user (uid) marisa credentials, and the password we entered during slappasswd, called plain password
root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: nodomain
dc: example
# Supergirls, example.com
dn: ou=Supergirls,dc=example,dc=com
...
we can narrow this search to get only specific attributes of the user marisa, remember we are using the plainpasswd when asked
root@example:/etc/ldap# ldapsearch -D uid=marisa,ou=Supergirls,dc=example,dc=com -b "dc=example,dc=com" -w plainpasswd givenName uidNumber gidNumber homeDirectory
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: givenName uidNumber gidNumber homeDirectory
#
# example.com
dn: dc=example,dc=com
# Supergirls, example.com
dn: ou=Supergirls,dc=example,dc=com
# marisa, Supergirls, example.com
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
givenName: Marisa
uidNumber: 1001
gidNumber: 5000
homeDirectory: /home/marisa