docker/openldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial version

Browse Source
This commit is contained in:
Gilles Mouchet 2024-12-29 21:01:11 +01:00
parent 5a92d6815c
commit 05bfb1daa5
5 changed files with 144 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.env.dist Normal file
View File

@ -0,0 +1,10 @@
LDAP_ADMIN_USERNAME=admin
LDAP_ADMIN_PASSWORD=CHANGE_ASAP
LDAP_ROOT=dc=gmolab,dc=net
LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
LDAP_ALLOW_ANON_BINDING=no
LDAP_ENABLE_TLS=yes
LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt
LDAP_SKIP_DEFAULT_TREE=yes

5
README.md
View File

@ -23,11 +23,10 @@ sudo chown 1001 /home/docker/openldap -R
1001 is important because the container is running with user no-root 1001 is important because the container is running with user no-root
## Delete Directory ## Delete Directory
ATTENTION. The commands below delete the entire directory. ATTENTION. The command below delete the entire directory.
This is useful when you want to test configs (problems with certificates) This is useful when you want to test configs (problems with certificates)
```bash ```bash
sudo rm -rf /home/docker/openldap/data/* ./reinit-ldap.sh
sudo rm -rf /home/docker/openldap/slapd.d/*
``` ```
## Run ## Run

15
docker-compose.yml
View File

@ -1,25 +1,12 @@
networks:
my-network:
driver: bridge
services: services:
openldap: openldap:
image: bitnami/openldap:latest image: bitnami/openldap:latest
restart: always
container_name: ldap container_name: ldap
ports: ports:
- '1389:1389' - '1389:1389'
- '1636:1636' - '1636:1636'
env_file: ".env" env_file: ".env"
# environment:
# - LDAP_ADMIN_USERNAME=admin
# - LDAP_ADMIN_PASSWORD=password
# - LDAP_ROOT=dc=gmolab,dc=net
# - LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
# - LDAP_ENABLE_TLS=yes
# - LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
# - LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
# - LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt
networks:
- my-network
volumes: volumes:
- /home/docker/openldap:/bitnami/openldap/ - /home/docker/openldap:/bitnami/openldap/
- /home/docker/openldap/certs:/opt/bitnami/openldap/certs - /home/docker/openldap/certs:/opt/bitnami/openldap/certs

138
ldap-init.sh
View File

@ -2,25 +2,32 @@
source .env source .env
LDAP_SRV=ldaps://gmoadm.gmolab.net:1636 LDAP_SRV=ldaps://gmoadm.gmolab.net:1636
echo "Delete from the box users" #echo "Delete from the box users"
ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \ #ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
"cn=user01,ou=people,$LDAP_ROOT" \ # "cn=user01,ou=people,$LDAP_ROOT" \
"cn=user02,ou=people,$LDAP_ROOT" \ # "cn=user02,ou=people,$LDAP_ROOT" \
"cn=readers,ou=people,$LDAP_ROOT" \ # "cn=readers,ou=people,$LDAP_ROOT" \
"ou=people,$LDAP_ROOT" # "ou=people,$LDAP_ROOT"
echo "create OUs" echo "create OUs"
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: $LDAP_ROOT
objectClass: top
objectClass: dcObject
objectclass: organization
o: GMoLab Directory
dc: gmolab
dn: ou=people,$LDAP_ROOT dn: ou=people,$LDAP_ROOT
objectClass: organizationalUnit objectClass: organizationalUnit
ou: people ou: people
EOF
#dn: ou=groups,$LDAP_ROOT
#objectClass: organizationalUnit
#ou: groups
#EOF
echo "Create users" dn: ou=groups,$LDAP_ROOT
objectClass: organizationalUnit
ou: groups
EOF
echo "Populate the directory"
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: cn=Admin LDAP,ou=people,$LDAP_ROOT dn: cn=Admin LDAP,ou=people,$LDAP_ROOT
cn: Admin LDAP cn: Admin LDAP
@ -30,7 +37,7 @@ givenName: Admin
objectClass: inetOrgPerson objectClass: inetOrgPerson
objectClass: posixAccount objectClass: posixAccount
objectClass: shadowAccount objectClass: shadowAccount
userPassword: pa55w0rd userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
uid: adminldap uid: adminldap
uidNumber: 10001 uidNumber: 10001
gidNumber: 10001 gidNumber: 10001
@ -45,14 +52,103 @@ givenName: Access
objectClass: inetOrgPerson objectClass: inetOrgPerson
objectClass: posixAccount objectClass: posixAccount
objectClass: shadowAccount objectClass: shadowAccount
userPassword: pa55w0rd userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
uid: accessldap uid: accessldap
uidNumber: 10002 uidNumber: 10002
gidNumber: 10002 gidNumber: 10002
homeDirectory: /home/accessldap homeDirectory: /home/accessldap
mail: access.ldap@gmolab.net mail: access.ldap@gmolab.net
dn: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
cn: Gilles Mouchet
displayName: Gilles Mouchet
sn: Mouchet
givenName: Gilles
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
uid: gilles.mouchet
uidNumber: 10003
gidNumber: 10003
homeDirectory: /home/gilmouchet
mail: gilles.mouchet@gmolab.net
dn: cn=Christine Mouchet,ou=people,$LDAP_ROOT
cn: Christine Mouchet
displayName: Christine Mouchet
sn: Mouchet
givenName: Christine
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
uid: christine.mouchet
uidNumber: 10004
gidNumber: 10004
homeDirectory: /home/chrmouchet
mail: christine.mouchet@gmolab.net
dn: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
cn: Bryan Mouchet
displayName: Bryan Mouchet
sn: Mouchet
givenName: Bryan
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
uid: bryan.mouchet
uidNumber: 10005
gidNumber: 10005
homeDirectory: /home/brymouchet
mail: bryan.mouchet@gmolab.net
dn: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
cn: Aurelie Mouchet
displayName: Aurelie Mouchet
sn: Mouchet
givenName: Aurelie
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
uid: aurelie.mouchet
uidNumber: 10006
gidNumber: 10006
homeDirectory: /home/aurmouchet
mail: aurelie.mouchet@gmolab.net
dn: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
cn: Sarah Mouchet
displayName: Sarah Mouchet
sn: Mouchet
givenName: Sarah
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
uid: sarah.mouchet
uidNumber: 10006
gidNumber: 10006
homeDirectory: /home/sarmouchet
mail: sarah.mouchet@gmolab.net
dn: cn=Mouchet Family,ou=groups,$LDAP_ROOT
objectClass: groupOfNames
cn: Mouchet Family
member: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
member: cn=Christine Mouchet,ou=people,$LDAP_ROOT
member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
EOF EOF
echo "change ACL" echo "change ACL"
docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
dn: olcDatabase={2}mdb,cn=config dn: olcDatabase={2}mdb,cn=config
@ -75,10 +171,10 @@ olcAccess: to *
EOF EOF
' '
echo "Change organization name" #echo "Change organization name"
ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF #ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: dc=gmolab,dc=net #dn: dc=gmolab,dc=net
changetype: modify #changetype: modify
replace: o #replace: o
o: GMOLab (Gilles Mouchet Sandbox) #o: GMOLab (Gilles Mouchet Sandbox)
EOF #EOF

14
reinit-ldap.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
# DELETE ALL DIRECTORY DATA
echo "You will DELETE ALL DATA from the directory!!"
read -p "Are you sure? " -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]; then
docker compose down
sudo rm -rf /home/docker/openldap/data/*
sudo rm -rf /home/docker/openldap/slapd.d/*
docker compose up -d
sleep 5
./ldap-init.sh
ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
fi