2.6 KiB
Openldap
Description
This docker compose install openldap and phpldadmin container
Requierments
Folder
sudo mkdir -p /home/docker/openldap/certs
Certificats
Copy files gmolab.net.crt, gmolab.net.key and gmolabCA.net from /home/docker/certs folder to /home/docker/openldap/certs
sudo cp /home/docker/certs/gmolabCA.crt /home/docker/openldap/certs/
sudo cp /home/docker/certs/gmolab.net.key /home/docker/openldap/certs/
sudo cp /home/docker/certs/gmolab.net.crt /home/docker/openldap/certs/
Group and Owner
sudo chown 1001 /home/docker/openldap -R
1001 is important because the container is running with user no-root
Configuration
- Copy
.openldap.env.distto.openldap.env. Edit the.envfile and set the parameters according to your configuration. - Copy
.phpldapadmin.env.distto.phpldapadmin.env. Edit the.envfile and set the parameters according to your configuration.
Delete Directory
ATTENTION. The command below delete the entire directory. This is useful when you want to test configs (problems with certificates)
./reinit-ldap.sh
Run
docker compose up -d
Init ldap
Initialize the openldap ditectory
./ldap-init.sh
PhpLdapAdmin
https://<server_fqdn>:8443
LDAP commands
- Get all entry in directory
ldapsearch -H ldaps://ldap-qual.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
- Get Config
docker exec openldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)'"
- Get olcAccess
docker exec openldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)' olcAccess"
- Get Modules
docker exec openldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcModuleList)' "
Sources
Changelog
v1.1 - 2024-12-30
Added
- phpldapadmin
v1.0 - 2024-12-29
Added
- initial version by GMo
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=1001,cn=peercred,cn=exter nal,cn=auth" manage by * none
dn: olcDatabase={1}monitor,cn=config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external , cn=auth" read by dn.base="cn=admin,dc=gmolab,dc=net" read by * none
dn: olcDatabase={2}mdb,cn=config