docker/openldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial version

Browse Source
This commit is contained in:
Gilles Mouchet 2024-12-29 18:00:25 +01:00
commit 5a92d6815c
5 changed files with 182 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.env

5
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,5 @@
{
"editor.fontSize": 13,
"terminal.integrated.fontSize": 13,
"window.zoomLevel": 1.4,
}

67
README.md Normal file
View File

@ -0,0 +1,67 @@
# Openldap
## Description
This docker compose install openldap container
## Requierments
### Folder
```bash
sudo mkdir -p /home/docker/openldap/certs
```
### Certificats
Copy files `gmolab.net.crt`, `gmolab.net.key` and `gmolabCA.net` from `/home/docker/certs` folder to `/home/docker/openldap/certs`
```bash
sudo cp /home/docker/certs/gmolabCA.crt /home/docker/openldap/certs/
sudo cp /home/docker/certs/gmolab.net.key /home/docker/openldap/certs/
sudo cp /home/docker/certs/gmolab.net.crt /home/docker/openldap/certs/
```
### Group and Owner
```bash
sudo chown 1001 /home/docker/openldap -R
```
1001 is important because the container is running with user no-root
## Delete Directory
ATTENTION. The commands below delete the entire directory.
This is useful when you want to test configs (problems with certificates)
```bash
sudo rm -rf /home/docker/openldap/data/*
sudo rm -rf /home/docker/openldap/slapd.d/*
```
## Run
```bash
docker compose up -d
```
## Init ldap
Initialize the openldap ditectory
```bash
./ldap-init.sh
```
## LDAP commands
* Get all entry in directory
```bash
ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
```
* Get Config
```bash
docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)'"
```
* Get olcAccess
```bash
docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)' olcAccess"
```
* Get Modules
```bash
docker exec ldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcModuleList)' "
```
## Sources
[Bitnami Openldap](https://hub.docker.com/r/bitnami/openldap)
## Changelog
### v1.0 - 2024-12-29
#### Added
- initial version by [GMo](mailto:gilles.mouchet@gmail.com)

25
docker-compose.yml Normal file
View File

@ -0,0 +1,25 @@
networks:
my-network:
driver: bridge
services:
openldap:
image: bitnami/openldap:latest
container_name: ldap
ports:
- '1389:1389'
- '1636:1636'
env_file: ".env"
# environment:
# - LDAP_ADMIN_USERNAME=admin
# - LDAP_ADMIN_PASSWORD=password
# - LDAP_ROOT=dc=gmolab,dc=net
# - LDAP_ADMIN_DN=cn=admin,dc=gmolab,dc=net
# - LDAP_ENABLE_TLS=yes
# - LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs/gmolab.net.crt
# - LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs/gmolab.net.key
# - LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs/gmolabCA.crt
networks:
- my-network
volumes:
- /home/docker/openldap:/bitnami/openldap/
- /home/docker/openldap/certs:/opt/bitnami/openldap/certs

84
ldap-init.sh Executable file
View File

@ -0,0 +1,84 @@
#!/bin/bash
source .env
LDAP_SRV=ldaps://gmoadm.gmolab.net:1636
echo "Delete from the box users"
ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
"cn=user01,ou=people,$LDAP_ROOT" \
"cn=user02,ou=people,$LDAP_ROOT" \
"cn=readers,ou=people,$LDAP_ROOT" \
"ou=people,$LDAP_ROOT"
echo "create OUs"
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: ou=people,$LDAP_ROOT
objectClass: organizationalUnit
ou: people
EOF
#dn: ou=groups,$LDAP_ROOT
#objectClass: organizationalUnit
#ou: groups
#EOF
echo "Create users"
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: cn=Admin LDAP,ou=people,$LDAP_ROOT
cn: Admin LDAP
displayName: Admin LDAP
sn: LDAP
givenName: Admin
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: pa55w0rd
uid: adminldap
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/adminldap
mail: admin.ldap@gmolab.net
dn: cn=Access LDAP,ou=people,$LDAP_ROOT
cn: Access LDAP
displayName: Access LDAP
sn: LDAP
givenName: Access
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: pa55w0rd
uid: accessldap
uidNumber: 10002
gidNumber: 10002
homeDirectory: /home/accessldap
mail: access.ldap@gmolab.net
EOF
echo "change ACL"
docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read
by anonymous auth
by * none
olcAccess: to dn.base=""
by * read
olcAccess: to *
by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
by self write
by users read
by * none
EOF
'
echo "Change organization name"
ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: dc=gmolab,dc=net
changetype: modify
replace: o
o: GMOLab (Gilles Mouchet Sandbox)
EOF