add phpldapadmin

2025-01-01 10:48:08 +01:00 · 2025-01-01 10:48:08 +01:00 · 9516e34a4f
commit 9516e34a4f
parent 7ef8b350c9
6 changed files with 140 additions and 27 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-.env
+*.env
--- a/.openldap.env.dist
+++ b/.openldap.env.dist
--- a/.phpldapadmin.env.dist
+++ b/.phpldapadmin.env.dist
@ -0,0 +1,8 @@
 PHPLDAPADMIN_HTTPS=true
 PHPLDAPADMIN_HTTPS_CRT_FILENAME=gmolab.net.crt 
 PHPLDAPADMIN_HTTPS_KEY_FILENAME=gmolab.net.key
 PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=gmolabCA.net
 # Internal connection. 
 # Not need ldaps between phpladpadmin and openldap
 PHPLDAPADMIN_LDAP_CLIENT_TLS=false
 PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{"gmoadm.gmolab.net":[{"server":[{"port":1389}]}]}]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,12 +1,105 @@
 services:
  openldap:
    image: bitnami/openldap:latest
-    restart: always
+    container_name: openldap
-    container_name: ldap
+    env_file: ".openldap.env"
    ports:
-      - '1389:1389'
+      - "1389:1389" # OpenLDAP default LDAP port
-      - '1636:1636'
+      - "1636:1636" # OpenLDAP default LDAPS port
    env_file: ".env"  
    volumes:
-      - /home/docker/openldap:/bitnami/openldap/
+      - /home/docker/openldap:/bitnami/openldap
      - /home/docker/openldap/certs:/opt/bitnami/openldap/certs
 # phpldapadmin
  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    env_file: ".phpldapadmin.env"
    ports:
      - "8080:80" # phpLDAPadmin web interface
      - "8443:443" # phpLDAPadmin web interface"
    volumes:
      - /home/docker/certs:/container/service/phpldapadmin/assets/apache2/certs 
    depends_on:
      - openldap
 #### IT'Running
 #services:
 #  openldap:
 #    image: bitnami/openldap:latest
 #    container_name: openldap
 #    environment:
 #      - LDAP_ROOT=dc=example,dc=org
 #      - LDAP_ADMIN_USERNAME=admin
 #      - LDAP_ADMIN_PASSWORD=adminpassword
 #      - LDAP_ENABLE_TLS=no
 #    ports:
 #      - "389:1389" # OpenLDAP default LDAP port
 #      - "636:1636" # OpenLDAP default LDAPS port
 #    volumes:
 #      - /home/docker/openldap:/bitnami/openldap
 #    networks:
 #      - ldap_network
 #
 #  phpldapadmin:
 #    image: osixia/phpldapadmin:latest
 #    container_name: phpldapadmin
 #    environment:
 #      - PHPLDAPADMIN_HTTPS=false
 #      - PHPLDAPADMIN_LDAP_CLIENT_TLS=false
 #      - PHPLDAPADMIN_LDAP_HOSTS=gmoadm.gmolab.net
 #    ports:
 #      - "8080:80" # phpLDAPadmin web interface
 #    depends_on:
 #      - openldap
 #    networks:
 #      - ldap_network
 #
 #volumes:
 #  openldap_data:
 #    driver: local
 #
 #networks:
 #  ldap_network:
 #    driver: bridge
 #services:
 #  openldap:
 #    hostname: "gmoldap"
 #    image: bitnami/openldap:latest
 #    restart: always
 #    container_name: ldap
 #    ports:
 #      - '1389:1389'
 #      - '1636:1636'
 #    env_file: ".env"  
 #    volumes:
 #      - /home/docker/openldap:/bitnami/openldap/
 #      - /home/docker/openldap/certs:/opt/bitnami/openldap/certs
 #    networks:
 #      - ldap_network
 #  phpldapadmin:
 #    image: osixia/phpldapadmin:latest
 #    restart: always
 #    container_name: admin-ldap
 #    ports:
 #      - '6443:443'
 #      - '6080:80'
 #    environment:
 #      #- LDAP_PORT_NUMBER=389
 #      #- LDAP_LDAPS_PORT_NUMBER=636
 #      - PHPLDAPADMIN_HTTPS=false
 #      #- PHPLDAPADMIN_LDAP_HOSTS=gmoldap
 #      - PHPLDAPADMIN_LDAP_CLIENT_TLS=false
 #    depends_on:
 #      - openldap
 #    networks:
 #      - ldap_network
 #
 #networks:
 #  ldap_network:
 #    driver: bridge
--- a/ldap-init.sh
+++ b/ldap-init.sh
@ -1,7 +1,7 @@
 #!/bin/bash
-source .env
+source .openldap.env
 LDAP_SRV=ldaps://gmoadm.gmolab.net:1636
-
+#LDAP_SRV=ldap://gmoadm.gmolab.net:1389
 #echo "Delete from the box users"
 #ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
 #  "cn=user01,ou=people,$LDAP_ROOT" \
@ -39,8 +39,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: adminldap
-uidNumber: 10001
+uidNumber: 1000
-gidNumber: 10001
+gidNumber: 500
 homeDirectory: /home/adminldap
 mail: admin.ldap@gmolab.net
@ -54,8 +54,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: accessldap
-uidNumber: 10002
+uidNumber: 1001
-gidNumber: 10002
+gidNumber: 500
 homeDirectory: /home/accessldap
 mail: access.ldap@gmolab.net
@ -69,8 +69,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: gilles.mouchet
-uidNumber: 10003
+uidNumber: 1002
-gidNumber: 10003
+gidNumber: 500
 homeDirectory: /home/gilmouchet
 mail: gilles.mouchet@gmolab.net
@ -84,8 +84,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: christine.mouchet
-uidNumber: 10004
+uidNumber: 1003
-gidNumber: 10004
+gidNumber: 500
 homeDirectory: /home/chrmouchet
 mail: christine.mouchet@gmolab.net
@ -99,8 +99,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: bryan.mouchet
-uidNumber: 10005
+uidNumber: 1004
-gidNumber: 10005
+gidNumber: 500
 homeDirectory: /home/brymouchet
 mail: bryan.mouchet@gmolab.net
@ -114,8 +114,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: aurelie.mouchet
-uidNumber: 10006
+uidNumber: 1005
-gidNumber: 10006
+gidNumber: 500
 homeDirectory: /home/aurmouchet
 mail: aurelie.mouchet@gmolab.net
@ -129,8 +129,8 @@ objectClass: posixAccount
 objectClass: shadowAccount
 userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
 uid: sarah.mouchet
-uidNumber: 10006
+uidNumber: 1006
-gidNumber: 10006
+gidNumber: 500
 homeDirectory: /home/sarmouchet
 mail: sarah.mouchet@gmolab.net
@ -143,12 +143,20 @@ member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
 member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
 member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
 dn: cn=all-users,ou=groups,dc=gmolab,dc=net
 cn: all-users
 objectclass: posixGroup
 objectclass: top
 gidnumber: 500
 memberuid: accessldap
 memberuid: adminldap
 memberuid: aurelie.mouchet
 memberuid: bryan.mouchet
 memberuid: christine.mouchet
 memberuid: gilles.mouchet
 memberuid: sarah.mouchet
 EOF
 echo "change ACL"
 docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
 dn: olcDatabase={2}mdb,cn=config
@ -157,6 +165,7 @@ replace: olcAccess
 olcAccess: to attrs=userPassword
  by self write
  by anonymous auth
  by dn.base="cn=admin,$LDAP_ROOT" write
  by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
  by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read
  by anonymous  auth
--- a/reinit-ldap.sh
+++ b/reinit-ldap.sh
@ -11,4 +11,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
    sleep 5
    ./ldap-init.sh
    ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
    #ldapsearch -H ldap://gmoadm.gmolab.net -x -D 'cn=admin,dc=example,dc=org' -b 'dc=example,dc=org' -w adminpassword
    #ldapsearch -H ldap://gmoadm.gmolab.net:1389 -x -D 'cn=admin,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
 fi