okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d78813f499
ldapdock/INSTALL.md
Marisa d78813f499 Update INSTALL.md
2025-10-11 14:54:02 -04:00

84 lines
2.8 KiB
Markdown
Raw Blame History

# ldapdock
*_a configurable container running openLDAP_*
Step by step approach on how to setup and run an openLDAP server on a systemd-less docker image container
## _1- Creating the ldapdock image container_
build ldapdock from the dockerfile and run into it
```
> docker build -t ldapdock /path/to/dockerfile
```
```
> docker run -h example.com -i -t -v ldap_data:/var/lib/ldap -v ldap_config:/etc/ldap/slapd.d ldapdock /bin/bash
```
## _2- Run the openLDAP server and create an admin user_
Use the following command to start openLDAP
```
root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
```
Generate a password hash for our administrator user, 1234 here being the password
```
root@example:/# slappasswd -s 1234
{SSHA}yxIgYTzcuRRdlesjfWkIN6K97/8jOrZF
```
Create the .ldif file that will create the admin user, edit the _userPassword_ attribute with our password hash\
(you can copy & paste the entire command until userPassword, copy your password hash with the mouse, and paste it directly)
```
root@example:/# cat > create_admin.ldif << EOL
dn: cn=admin,dc=example,dc=com
changetype: add
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword: {SSHA}yxIgYTzcuRRdlesjfWkIN6K97/8jOrZF # Replace with the hash of your password
EOL
```
```
root@example:/# ldapadd -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w admin -f create_admin.ldif
adding new entry "cn=admin,dc=example,dc=com"
```
That's all, our administrator user was properly done.
## _3- Load and enable policy modules_
We need to make use of new schemas and **policies**, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it:
```
root@example:/# cat > modify_ppolicy_module.ldif << EOL
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: ppolicy.so
EOL
```
```
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif
modifying entry "cn=module{0},cn=config"
```
Reset slapd (openLDAP server)
```
root@example:/# kill $(pidof slapd)
root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
```
Now that we restarted our openLDAP server, we can load the new module, so we create the following .ldif file:
```
root@example:/# cat > enable_ppolicy.ldif << EOL
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
EOL
```
```
root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
adding new entry "olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config"
```
The policies module has been loaded and we can begin to configure password schemas and ACLs.
Reference in New Issue View Git Blame Copy Permalink