From 9516e34a4f5df2917d8d4b156acceed5ec72098c Mon Sep 17 00:00:00 2001 From: Gilles Mouchet Date: Wed, 1 Jan 2025 10:48:08 +0100 Subject: [PATCH] add phpldapadmin --- .gitignore | 2 +- .env.dist => .openldap.env.dist | 0 .phpldapadmin.env.dist | 8 +++ docker-compose.yml | 105 ++++++++++++++++++++++++++++++-- ldap-init.sh | 49 +++++++++------ reinit-ldap.sh | 3 + 6 files changed, 140 insertions(+), 27 deletions(-) rename .env.dist => .openldap.env.dist (100%) create mode 100644 .phpldapadmin.env.dist diff --git a/.gitignore b/.gitignore index 2eea525..4f509e5 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.env \ No newline at end of file +*.env \ No newline at end of file diff --git a/.env.dist b/.openldap.env.dist similarity index 100% rename from .env.dist rename to .openldap.env.dist diff --git a/.phpldapadmin.env.dist b/.phpldapadmin.env.dist new file mode 100644 index 0000000..68dd74e --- /dev/null +++ b/.phpldapadmin.env.dist @@ -0,0 +1,8 @@ +PHPLDAPADMIN_HTTPS=true +PHPLDAPADMIN_HTTPS_CRT_FILENAME=gmolab.net.crt +PHPLDAPADMIN_HTTPS_KEY_FILENAME=gmolab.net.key +PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=gmolabCA.net +# Internal connection. +# Not need ldaps between phpladpadmin and openldap +PHPLDAPADMIN_LDAP_CLIENT_TLS=false +PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{"gmoadm.gmolab.net":[{"server":[{"port":1389}]}]}] diff --git a/docker-compose.yml b/docker-compose.yml index 21baf5a..d078707 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,12 +1,105 @@ services: openldap: image: bitnami/openldap:latest - restart: always - container_name: ldap + container_name: openldap + env_file: ".openldap.env" ports: - - '1389:1389' - - '1636:1636' - env_file: ".env" + - "1389:1389" # OpenLDAP default LDAP port + - "1636:1636" # OpenLDAP default LDAPS port volumes: - - /home/docker/openldap:/bitnami/openldap/ + - /home/docker/openldap:/bitnami/openldap - /home/docker/openldap/certs:/opt/bitnami/openldap/certs + +# phpldapadmin + phpldapadmin: + image: osixia/phpldapadmin:latest + container_name: phpldapadmin + env_file: ".phpldapadmin.env" + ports: + - "8080:80" # phpLDAPadmin web interface + - "8443:443" # phpLDAPadmin web interface" + volumes: + - /home/docker/certs:/container/service/phpldapadmin/assets/apache2/certs + depends_on: + - openldap + + + +#### IT'Running +#services: +# openldap: +# image: bitnami/openldap:latest +# container_name: openldap +# environment: +# - LDAP_ROOT=dc=example,dc=org +# - LDAP_ADMIN_USERNAME=admin +# - LDAP_ADMIN_PASSWORD=adminpassword +# - LDAP_ENABLE_TLS=no +# ports: +# - "389:1389" # OpenLDAP default LDAP port +# - "636:1636" # OpenLDAP default LDAPS port +# volumes: +# - /home/docker/openldap:/bitnami/openldap +# networks: +# - ldap_network +# +# phpldapadmin: +# image: osixia/phpldapadmin:latest +# container_name: phpldapadmin +# environment: +# - PHPLDAPADMIN_HTTPS=false +# - PHPLDAPADMIN_LDAP_CLIENT_TLS=false +# - PHPLDAPADMIN_LDAP_HOSTS=gmoadm.gmolab.net +# ports: +# - "8080:80" # phpLDAPadmin web interface +# depends_on: +# - openldap +# networks: +# - ldap_network +# +#volumes: +# openldap_data: +# driver: local +# +#networks: +# ldap_network: +# driver: bridge + + +#services: +# openldap: +# hostname: "gmoldap" +# image: bitnami/openldap:latest +# restart: always +# container_name: ldap +# ports: +# - '1389:1389' +# - '1636:1636' +# env_file: ".env" +# volumes: +# - /home/docker/openldap:/bitnami/openldap/ +# - /home/docker/openldap/certs:/opt/bitnami/openldap/certs +# networks: +# - ldap_network +# phpldapadmin: +# image: osixia/phpldapadmin:latest +# restart: always +# container_name: admin-ldap +# ports: +# - '6443:443' +# - '6080:80' +# environment: +# #- LDAP_PORT_NUMBER=389 +# #- LDAP_LDAPS_PORT_NUMBER=636 +# - PHPLDAPADMIN_HTTPS=false +# #- PHPLDAPADMIN_LDAP_HOSTS=gmoldap +# - PHPLDAPADMIN_LDAP_CLIENT_TLS=false +# depends_on: +# - openldap +# networks: +# - ldap_network +# +#networks: +# ldap_network: +# driver: bridge + diff --git a/ldap-init.sh b/ldap-init.sh index 8cd06f5..4713b25 100755 --- a/ldap-init.sh +++ b/ldap-init.sh @@ -1,7 +1,7 @@ #!/bin/bash -source .env +source .openldap.env LDAP_SRV=ldaps://gmoadm.gmolab.net:1636 - +#LDAP_SRV=ldap://gmoadm.gmolab.net:1389 #echo "Delete from the box users" #ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \ # "cn=user01,ou=people,$LDAP_ROOT" \ @@ -39,8 +39,8 @@ objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: adminldap -uidNumber: 10001 -gidNumber: 10001 +uidNumber: 1000 +gidNumber: 500 homeDirectory: /home/adminldap mail: admin.ldap@gmolab.net @@ -54,8 +54,8 @@ objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: accessldap -uidNumber: 10002 -gidNumber: 10002 +uidNumber: 1001 +gidNumber: 500 homeDirectory: /home/accessldap mail: access.ldap@gmolab.net @@ -69,8 +69,8 @@ objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: gilles.mouchet -uidNumber: 10003 -gidNumber: 10003 +uidNumber: 1002 +gidNumber: 500 homeDirectory: /home/gilmouchet mail: gilles.mouchet@gmolab.net @@ -84,8 +84,8 @@ objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: christine.mouchet -uidNumber: 10004 -gidNumber: 10004 +uidNumber: 1003 +gidNumber: 500 homeDirectory: /home/chrmouchet mail: christine.mouchet@gmolab.net @@ -99,8 +99,8 @@ objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: bryan.mouchet -uidNumber: 10005 -gidNumber: 10005 +uidNumber: 1004 +gidNumber: 500 homeDirectory: /home/brymouchet mail: bryan.mouchet@gmolab.net @@ -114,8 +114,8 @@ objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: aurelie.mouchet -uidNumber: 10006 -gidNumber: 10006 +uidNumber: 1005 +gidNumber: 500 homeDirectory: /home/aurmouchet mail: aurelie.mouchet@gmolab.net @@ -129,8 +129,8 @@ objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: sarah.mouchet -uidNumber: 10006 -gidNumber: 10006 +uidNumber: 1006 +gidNumber: 500 homeDirectory: /home/sarmouchet mail: sarah.mouchet@gmolab.net @@ -143,12 +143,20 @@ member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT +dn: cn=all-users,ou=groups,dc=gmolab,dc=net +cn: all-users +objectclass: posixGroup +objectclass: top +gidnumber: 500 +memberuid: accessldap +memberuid: adminldap +memberuid: aurelie.mouchet +memberuid: bryan.mouchet +memberuid: christine.mouchet +memberuid: gilles.mouchet +memberuid: sarah.mouchet EOF - - - - echo "change ACL" docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF dn: olcDatabase={2}mdb,cn=config @@ -157,6 +165,7 @@ replace: olcAccess olcAccess: to attrs=userPassword by self write by anonymous auth + by dn.base="cn=admin,$LDAP_ROOT" write by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read by anonymous auth diff --git a/reinit-ldap.sh b/reinit-ldap.sh index d621c32..ee2476b 100755 --- a/reinit-ldap.sh +++ b/reinit-ldap.sh @@ -11,4 +11,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then sleep 5 ./ldap-init.sh ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd + #ldapsearch -H ldap://gmoadm.gmolab.net -x -D 'cn=admin,dc=example,dc=org' -b 'dc=example,dc=org' -w adminpassword + #ldapsearch -H ldap://gmoadm.gmolab.net:1389 -x -D 'cn=admin,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd + fi