openldap/README.md

# Openldap

## Description
This docker compose install openldap and phpldadmin container

## Requierments
### Folder
```bash
sudo mkdir -p /home/docker/openldap/certs
```
### Certificats
Copy files `gmolab.net.crt`, `gmolab.net.key` and `gmolabCA.net` from `/home/docker/certs` folder to `/home/docker/openldap/certs`
```bash
sudo cp /home/docker/certs/gmolabCA.crt /home/docker/openldap/certs/
sudo cp /home/docker/certs/gmolab.net.key /home/docker/openldap/certs/
sudo cp /home/docker/certs/gmolab.net.crt /home/docker/openldap/certs/
```

### Group and Owner
```bash
sudo chown 1001 /home/docker/openldap -R
```
1001 is important because the container is running with user no-root

### Configuration
 - Copy `.openldap.env.dist` to `.openldap.env`. Edit the `.env` file and set the parameters according to your configuration.
- Copy `.phpldapadmin.env.dist` to `.phpldapadmin.env`. Edit the `.env` file and set the parameters according to your configuration.

## Delete Directory
ATTENTION. The command below delete the entire directory.
This is useful when you want to test configs (problems with certificates)
```bash
./reinit-ldap.sh
```

## Run
```bash
docker compose up -d
```

## Init ldap
Initialize the openldap ditectory
```bash
./ldap-init.sh
```

## PhpLdapAdmin
`https://<server_fqdn>:8443`

## LDAP commands
* Get all entry in directory
```bash
ldapsearch -H ldaps://gmoadm.gmolab.net:1636 -x -D 'cn=Access LDAP,ou=people,dc=gmolab,dc=net' -b 'dc=gmolab,dc=net' -w pa55w0rd
```
* Get Config
```bash
docker exec openldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)'"
```
* Get olcAccess
```bash
docker exec openldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcDatabaseConfig)' olcAccess"
```
* Get Modules
```bash
docker exec openldap /bin/bash -c "ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(objectClass=olcModuleList)' "
```

## Sources
- [Bitnami Openldap](https://hub.docker.com/r/bitnami/openldap)
- [Osixia PhpLdapAdmin](https://github.com/osixia/docker-phpLDAPadmin?tab=readme-ov-file#quick-start)

## Changelog
### v1.1 - 2024-12-30
#### Added
- phpldapadmin
### v1.0 - 2024-12-29
#### Added
- initial version by [GMo](mailto:gilles.mouchet@gmail.com)


dn: olcDatabase={-1}frontend,cn=config

dn: olcDatabase={0}config,cn=config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=1001,cn=peercred,cn=exter
 nal,cn=auth" manage by * none

dn: olcDatabase={1}monitor,cn=config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
 , cn=auth" read by dn.base="cn=admin,dc=gmolab,dc=net" read by * none

dn: olcDatabase={2}mdb,cn=config