add phpldapadmin

.gitignore

@@ -1 +1 @@
-.env
+*.env

.phpldapadmin.env.dist

@@ -0,0 +1,8 @@
+PHPLDAPADMIN_HTTPS=true
+PHPLDAPADMIN_HTTPS_CRT_FILENAME=gmolab.net.crt 
+PHPLDAPADMIN_HTTPS_KEY_FILENAME=gmolab.net.key
+PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=gmolabCA.net
+# Internal connection. 
+# Not need ldaps between phpladpadmin and openldap
+PHPLDAPADMIN_LDAP_CLIENT_TLS=false
+PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{"gmoadm.gmolab.net":[{"server":[{"port":1389}]}]}]

docker-compose.yml

@@ -1,12 +1,105 @@
 services:
   openldap:
     image: bitnami/openldap:latest
-    restart: always
-    container_name: ldap
+    container_name: openldap
+    env_file: ".openldap.env"
     ports:
-      - '1389:1389'
-      - '1636:1636'
-    env_file: ".env"  
+      - "1389:1389" # OpenLDAP default LDAP port
+      - "1636:1636" # OpenLDAP default LDAPS port
     volumes:
-      - /home/docker/openldap:/bitnami/openldap/
+      - /home/docker/openldap:/bitnami/openldap
       - /home/docker/openldap/certs:/opt/bitnami/openldap/certs
+
+# phpldapadmin
+  phpldapadmin:
+    image: osixia/phpldapadmin:latest
+    container_name: phpldapadmin
+    env_file: ".phpldapadmin.env"
+    ports:
+      - "8080:80" # phpLDAPadmin web interface
+      - "8443:443" # phpLDAPadmin web interface"
+    volumes:
+      - /home/docker/certs:/container/service/phpldapadmin/assets/apache2/certs 
+    depends_on:
+      - openldap
+
+
+
+#### IT'Running
+#services:
+#  openldap:
+#    image: bitnami/openldap:latest
+#    container_name: openldap
+#    environment:
+#      - LDAP_ROOT=dc=example,dc=org
+#      - LDAP_ADMIN_USERNAME=admin
+#      - LDAP_ADMIN_PASSWORD=adminpassword
+#      - LDAP_ENABLE_TLS=no
+#    ports:
+#      - "389:1389" # OpenLDAP default LDAP port
+#      - "636:1636" # OpenLDAP default LDAPS port
+#    volumes:
+#      - /home/docker/openldap:/bitnami/openldap
+#    networks:
+#      - ldap_network
+#
+#  phpldapadmin:
+#    image: osixia/phpldapadmin:latest
+#    container_name: phpldapadmin
+#    environment:
+#      - PHPLDAPADMIN_HTTPS=false
+#      - PHPLDAPADMIN_LDAP_CLIENT_TLS=false
+#      - PHPLDAPADMIN_LDAP_HOSTS=gmoadm.gmolab.net
+#    ports:
+#      - "8080:80" # phpLDAPadmin web interface
+#    depends_on:
+#      - openldap
+#    networks:
+#      - ldap_network
+#
+#volumes:
+#  openldap_data:
+#    driver: local
+#
+#networks:
+#  ldap_network:
+#    driver: bridge
+
+
+#services:
+#  openldap:
+#    hostname: "gmoldap"
+#    image: bitnami/openldap:latest
+#    restart: always
+#    container_name: ldap
+#    ports:
+#      - '1389:1389'
+#      - '1636:1636'
+#    env_file: ".env"  
+#    volumes:
+#      - /home/docker/openldap:/bitnami/openldap/
+#      - /home/docker/openldap/certs:/opt/bitnami/openldap/certs
+#    networks:
+#      - ldap_network
+#  phpldapadmin:
+#    image: osixia/phpldapadmin:latest
+#    restart: always
+#    container_name: admin-ldap
+#    ports:
+#      - '6443:443'
+#      - '6080:80'
+#    environment:
+#      #- LDAP_PORT_NUMBER=389
+#      #- LDAP_LDAPS_PORT_NUMBER=636
+#      - PHPLDAPADMIN_HTTPS=false
+#      #- PHPLDAPADMIN_LDAP_HOSTS=gmoldap
+#      - PHPLDAPADMIN_LDAP_CLIENT_TLS=false
+#    depends_on:
+#      - openldap
+#    networks:
+#      - ldap_network
+#
+#networks:
+#  ldap_network:
+#    driver: bridge
+         

ldap-init.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
-source .env
+source .openldap.env
 LDAP_SRV=ldaps://gmoadm.gmolab.net:1636
-
+#LDAP_SRV=ldap://gmoadm.gmolab.net:1389
 #echo "Delete from the box users"
 #ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
 #  "cn=user01,ou=people,$LDAP_ROOT" \
@@ -39,8 +39,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: adminldap
-uidNumber: 10001
-gidNumber: 10001
+uidNumber: 1000
+gidNumber: 500
 homeDirectory: /home/adminldap
 mail: admin.ldap@gmolab.net
 
@@ -54,8 +54,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: accessldap
-uidNumber: 10002
-gidNumber: 10002
+uidNumber: 1001
+gidNumber: 500
 homeDirectory: /home/accessldap
 mail: access.ldap@gmolab.net
 
@@ -69,8 +69,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: gilles.mouchet
-uidNumber: 10003
-gidNumber: 10003
+uidNumber: 1002
+gidNumber: 500
 homeDirectory: /home/gilmouchet
 mail: gilles.mouchet@gmolab.net
 
@@ -84,8 +84,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: christine.mouchet
-uidNumber: 10004
-gidNumber: 10004
+uidNumber: 1003
+gidNumber: 500
 homeDirectory: /home/chrmouchet
 mail: christine.mouchet@gmolab.net
 
@@ -99,8 +99,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: bryan.mouchet
-uidNumber: 10005
-gidNumber: 10005
+uidNumber: 1004
+gidNumber: 500
 homeDirectory: /home/brymouchet
 mail: bryan.mouchet@gmolab.net
 
@@ -114,8 +114,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: aurelie.mouchet
-uidNumber: 10006
-gidNumber: 10006
+uidNumber: 1005
+gidNumber: 500
 homeDirectory: /home/aurmouchet
 mail: aurelie.mouchet@gmolab.net
 
@@ -129,8 +129,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: sarah.mouchet
-uidNumber: 10006
-gidNumber: 10006
+uidNumber: 1006
+gidNumber: 500
 homeDirectory: /home/sarmouchet
 mail: sarah.mouchet@gmolab.net
 
@@ -143,12 +143,20 @@ member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
 member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
 member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
 
+dn: cn=all-users,ou=groups,dc=gmolab,dc=net
+cn: all-users
+objectclass: posixGroup
+objectclass: top
+gidnumber: 500
+memberuid: accessldap
+memberuid: adminldap
+memberuid: aurelie.mouchet
+memberuid: bryan.mouchet
+memberuid: christine.mouchet
+memberuid: gilles.mouchet
+memberuid: sarah.mouchet
 EOF
 
-
-
-
-
 echo "change ACL"
 docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
 dn: olcDatabase={2}mdb,cn=config
@@ -157,6 +165,7 @@ replace: olcAccess
 olcAccess: to attrs=userPassword
   by self write
   by anonymous auth
+  by dn.base="cn=admin,$LDAP_ROOT" write
   by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
   by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read
   by anonymous  auth

reinit-ldap.sh

@@ -11,4 +11,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
     sleep 5
     ./ldap-init.sh
     ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
+    #ldapsearch -H ldap://gmoadm.gmolab.net -x -D 'cn=admin,dc=example,dc=org' -b 'dc=example,dc=org' -w adminpassword
+    #ldapsearch -H ldap://gmoadm.gmolab.net:1389 -x -D 'cn=admin,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
+
 fi