4.1 KiB
ldapdock
a configurable container running openLDAP
A step by step approach on how to setup and run the openLDAP server on a classic systemd-less Docker image container, optional steps are marked with *
Creating the ldapdock container
build ldapdock
> docker build -t ldapdock /path/to/dockerfile
* after build, check the docker image has been created properly with the given REPOSITORY name
> docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ldapdock latest 0e4a1521b346 6 hours ago 138MB
run into the container to setup openLDAP
> docker run -h example.com -i -t ldapdock /bin/bash
make sure to use the following command to start openLDAP
root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
test connectivity to slapd
root@example:/# ldapsearch -x -H ldap://localhost -b "dc=example,dc=com" -s base "(objectclass=*)"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope baseObject
...
make a new test directory and create two attributes/branches with People and Group
root@example:/# vim base.ldif
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
create the test directory on our LDAP server, the password in the dockerfile by default is admin
root@example:/# ldapadd -x -D cn=admin,dc=example,dc=com -W -f base.ldif
Enter LDAP Password:
adding new entry "ou=People,dc=example,dc=com"
adding new entry "ou=Groups,dc=example,dc=com"
now we have an Organizational Unit (ou=People, ou=Group, etc.) prepared to deal with users and groups, with a directory structure we can begin managing users
###################################################
run into the container setting up the LDAP server and the hostname
> docker run -h example.com -i -t ldapdock /bin/bash
Inside the ldapdock image
start the openLDAP daemon server
> service slapd start
* Starting OpenLDAP slapd [ OK ]
* edit base configuration of openLDAP server
> vim /etc/ldap/ldap.conf
* check basic LDAP schemas are loaded
# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
* load basic LDAP schemas in case the base config didn't
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=core,cn=schema,cn=config"
create a password for openLDAP root user
> slappasswd
New password:
Re-enter new password:
{SSHA}hashpwd
* checkout the root DN configuration, the oldRootDN that we will setup later
> ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(olcRootDN=*)" olcRootDN
dn: olcDatabase={0}config,cn=config
olcRootDN: cn=admin,cn=config
dn: olcDatabase={1}mdb,cn=config
olcRootDN: cn=admin,dc=example,dc=com
Base administrative Tasks for openLDAP
create a file setting up our default root DN and our hostname (change dc=example,dc=com as needed)
> vim change_root.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=com
now save this changes in the main database
> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_root.ldif
create a file setting up our default rootPW (change {SSHA}hashpwd with our previous password)
> vim change_password.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}hashpwd
now apply our new password for the main database
> ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f change_password.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
we are done with our openLDAP root configuration and can begin creating new LDAP directories (.ldif files)