commit 5a92d6815c59ffe0ed375bd773d8bc5401d7eebc Author: Gilles Mouchet Date: Sun Dec 29 18:00:25 2024 +0100 initial version diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2eea525 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..b3ee43d --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "editor.fontSize": 13, + "terminal.integrated.fontSize": 13, + "window.zoomLevel": 1.4, +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..8bbac4f --- /dev/null +++ b/README.md @@ -0,0 +1,67 @@ +# Openldap + +## Description +This docker compose install openldap container + +## Requierments +### Folder +```bash +sudo mkdir -p /home/docker/openldap/certs +``` +### Certificats +Copy files `gmolab.net.crt`, `gmolab.net.key` and `gmolabCA.net` from `/home/docker/certs` folder to `/home/docker/openldap/certs` +```bash +sudo cp /home/docker/certs/gmolabCA.crt /home/docker/openldap/certs/ +sudo cp /home/docker/certs/gmolab.net.key /home/docker/openldap/certs/ +sudo cp /home/docker/certs/gmolab.net.crt /home/docker/openldap/certs/ +``` + +### Group and Owner +```bash +sudo chown 1001 /home/docker/openldap -R +``` +1001 is important because the container is running with user no-root + +## Delete Directory +ATTENTION. The commands below delete the entire directory. +This is useful when you want to test configs (problems with certificates) +```bash +sudo rm -rf /home/docker/openldap/data/* +sudo rm -rf /home/docker/openldap/slapd.d/* +``` + +## Run +```bash +docker compose up -d +``` + +## Init ldap +Initialize the openldap ditectory +```bash +./ldap-init.sh +``` +## LDAP commands +* Get all entry in directory +```bash +ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd +``` +* Get Config +```bash +docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)'" +``` +* Get olcAccess +```bash +docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)' olcAccess" +``` +* Get Modules +```bash +docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcModuleList)' " +``` + +## Sources +[Bitnami Openldap](https://hub.docker.com/r/bitnami/openldap) + +## Changelog +### v1.0 - 2024-12-29 +#### Added +- initial version by [GMo](mailto:gilles.mouchet@gmail.com) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..08ad940 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,25 @@ +networks: + my-network: + driver: bridge +services: + openldap: + image: bitnami/openldap:latest + container_name: ldap + ports: + - '1389:1389' + - '1636:1636' + env_file: ".env" +# environment: +# - LDAP_ADMIN_USERNAME=admin +# - LDAP_ADMIN_PASSWORD=password +# - LDAP_ROOT=dc=gmolab,dc=net +# - LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net +# - LDAP_ENABLE_TLS=yes +# - LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt +# - LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key +# - LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt + networks: + - my-network + volumes: + - /home/docker/openldap:/bitnami/openldap/ + - /home/docker/openldap/certs:/opt/bitnami/openldap/certs diff --git a/ldap-init.sh b/ldap-init.sh new file mode 100755 index 0000000..a6b393d --- /dev/null +++ b/ldap-init.sh @@ -0,0 +1,84 @@ +#!/bin/bash +source .env +LDAP_SRV=ldaps://gmoadm.gmolab.net:1636 + +echo "Delete from the box users" +ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \ + "cn=user01,ou=people,$LDAP_ROOT" \ + "cn=user02,ou=people,$LDAP_ROOT" \ + "cn=readers,ou=people,$LDAP_ROOT" \ + "ou=people,$LDAP_ROOT" + +echo "create OUs" +ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF +dn: ou=people,$LDAP_ROOT +objectClass: organizationalUnit +ou: people +EOF +#dn: ou=groups,$LDAP_ROOT +#objectClass: organizationalUnit +#ou: groups +#EOF + +echo "Create users" +ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF +dn: cn=Admin LDAP,ou=people,$LDAP_ROOT +cn: Admin LDAP +displayName: Admin LDAP +sn: LDAP +givenName: Admin +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +userPassword: pa55w0rd +uid: adminldap +uidNumber: 10001 +gidNumber: 10001 +homeDirectory: /home/adminldap +mail: admin.ldap@gmolab.net + +dn: cn=Access LDAP,ou=people,$LDAP_ROOT +cn: Access LDAP +displayName: Access LDAP +sn: LDAP +givenName: Access +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +userPassword: pa55w0rd +uid: accessldap +uidNumber: 10002 +gidNumber: 10002 +homeDirectory: /home/accessldap +mail: access.ldap@gmolab.net +EOF + +echo "change ACL" +docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF +dn: olcDatabase={2}mdb,cn=config +changetype: modify +replace: olcAccess +olcAccess: to attrs=userPassword + by self write + by anonymous auth + by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write + by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read + by anonymous auth + by * none +olcAccess: to dn.base="" + by * read +olcAccess: to * + by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write + by self write + by users read + by * none +EOF +' + +echo "Change organization name" +ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF +dn: dc=gmolab,dc=net +changetype: modify +replace: o +o: GMOLab (Gilles Mouchet Sandbox) +EOF \ No newline at end of file