initial version

2024-12-29 18:00:25 +01:00 · 2024-12-29 18:00:25 +01:00 · 5a92d6815c
commit 5a92d6815c
5 changed files with 182 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.env
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,5 @@
+{
+   "editor.fontSize": 13,
+   "terminal.integrated.fontSize": 13,
+   "window.zoomLevel": 1.4,
+}
--- a/README.md
+++ b/README.md
@ -0,0 +1,67 @@
+# Openldap
+
+## Description
+This docker compose install openldap container
+
+## Requierments
+### Folder
+```bash
+sudo mkdir -p /home/docker/openldap/certs
+```
+### Certificats
+Copy files `gmolab.net.crt`, `gmolab.net.key` and `gmolabCA.net` from `/home/docker/certs` folder to `/home/docker/openldap/certs`
+```bash
+sudo cp /home/docker/certs/gmolabCA.crt /home/docker/openldap/certs/
+sudo cp /home/docker/certs/gmolab.net.key /home/docker/openldap/certs/
+sudo cp /home/docker/certs/gmolab.net.crt /home/docker/openldap/certs/
+```
+
+### Group and Owner
+```bash
+sudo chown 1001 /home/docker/openldap -R
+```
+1001 is important because the container is running with user no-root
+
+## Delete Directory
+ATTENTION. The commands below delete the entire directory.
+This is useful when you want to test configs (problems with certificates)
+```bash
+sudo rm -rf /home/docker/openldap/data/*
+sudo rm -rf /home/docker/openldap/slapd.d/*
+```
+
+## Run
+```bash
+docker compose up -d
+```
+
+## Init ldap
+Initialize the openldap ditectory
+```bash
+./ldap-init.sh
+```
+## LDAP commands
+* Get all entry in directory
+```bash
+ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
+```
+* Get Config
+```bash
+docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)'"
+```
+* Get olcAccess
+```bash
+docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)' olcAccess"
+```
+* Get Modules
+```bash
+docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcModuleList)' "
+```
+
+## Sources
+[Bitnami Openldap](https://hub.docker.com/r/bitnami/openldap)
+
+## Changelog
+### v1.0 - 2024-12-29
+#### Added
+- initial version by [GMo](mailto:gilles.mouchet@gmail.com)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,25 @@
+networks:
+  my-network:
+    driver: bridge
+services:
+  openldap:
+    image: bitnami/openldap:latest
+    container_name: ldap
+    ports:
+      - '1389:1389'
+      - '1636:1636'
+    env_file: ".env"  
+#    environment:
+#      - LDAP_ADMIN_USERNAME=admin
+#      - LDAP_ADMIN_PASSWORD=password
+#      - LDAP_ROOT=dc=gmolab,dc=net
+#      - LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
+#      - LDAP_ENABLE_TLS=yes
+#      - LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
+#      - LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
+#      - LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt 
+    networks:
+      - my-network
+    volumes:
+      - /home/docker/openldap:/bitnami/openldap/
+      - /home/docker/openldap/certs:/opt/bitnami/openldap/certs
--- a/ldap-init.sh
+++ b/ldap-init.sh
@ -0,0 +1,84 @@
+#!/bin/bash
+source .env
+LDAP_SRV=ldaps://gmoadm.gmolab.net:1636
+
+echo "Delete from the box users"
+ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
+  "cn=user01,ou=people,$LDAP_ROOT" \
+  "cn=user02,ou=people,$LDAP_ROOT" \
+  "cn=readers,ou=people,$LDAP_ROOT" \
+  "ou=people,$LDAP_ROOT"
+
+echo "create OUs"
+ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
+dn: ou=people,$LDAP_ROOT
+objectClass: organizationalUnit
+ou: people
+EOF
+#dn: ou=groups,$LDAP_ROOT
+#objectClass: organizationalUnit
+#ou: groups
+#EOF
+
+echo "Create users"
+ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
+dn: cn=Admin LDAP,ou=people,$LDAP_ROOT
+cn: Admin LDAP
+displayName: Admin LDAP
+sn: LDAP
+givenName: Admin
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: pa55w0rd
+uid: adminldap
+uidNumber: 10001
+gidNumber: 10001
+homeDirectory: /home/adminldap
+mail: admin.ldap@gmolab.net
+
+dn: cn=Access LDAP,ou=people,$LDAP_ROOT
+cn: Access LDAP
+displayName: Access LDAP
+sn: LDAP
+givenName: Access
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+userPassword: pa55w0rd
+uid: accessldap
+uidNumber: 10002
+gidNumber: 10002
+homeDirectory: /home/accessldap
+mail: access.ldap@gmolab.net
+EOF
+
+echo "change ACL"
+docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
+dn: olcDatabase={2}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: to attrs=userPassword
+  by self write
+  by anonymous auth
+  by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
+  by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read
+  by anonymous  auth
+  by * none
+olcAccess: to dn.base=""
+  by * read
+olcAccess: to *
+  by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
+  by self write
+  by users read
+  by * none
+EOF
+'
+
+echo "Change organization name"
+ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
+dn: dc=gmolab,dc=net
+changetype: modify
+replace: o
+o: GMOLab (Gilles Mouchet Sandbox)
+EOF