update openldap

2024-06-20 13:58:42 +00:00 · 2021-03-11 15:54:47 +08:00 · 2021-03-11 15:54:47 +08:00 · 3eaf4acf0a
commit 3eaf4acf0a
parent 5840efd29b
3 changed files with 48 additions and 48 deletions
--- a/openldap/README.md
+++ b/openldap/README.md
@ -29,14 +29,14 @@ OpenLDAP Software is an open source implementation of the Lightweight Directory
 ## docker-compose.yml
 ```yaml
-version: "3.7"
+version: "3.8"
 services:
  openldap:
    image: osixia/openldap
    command: "--loglevel debug"
-    hostname: ldap.easypi.pro
+    hostname: ldap.easypi.duckdns.org
    ports:
      - "389:389"
      - "636:636"
@ -47,7 +47,7 @@ services:
      - ./data/run:/container/run
    environment:
      - LDAP_ORGANISATION=EasyPi
-      - LDAP_DOMAIN=ldap.easypi.pro
+      - LDAP_DOMAIN=ldap.easypi.duckdns.org
      - LDAP_ADMIN_PASSWORD=admin
      - LDAP_CONFIG_PASSWORD=config
      - LDAP_TLS=true
@ -56,23 +56,23 @@ services:
      - LDAP_TLS_KEY_FILENAME=ldap.key
      - LDAP_TLS_VERIFY_CLIENT=try
      - LDAP_TLS_ENFORCE=true
-    restart: always
+    restart: unless-stopped
-  phpldapadmin:
+# phpldapadmin:
-    image: osixia/phpldapadmin
+#   image: osixia/phpldapadmin
-    command: "--loglevel debug"
+#   command: "--loglevel debug"
-    ports:
+#   ports:
-      - "8080:80"
+#     - "8080:80"
-    environment:
+#   environment:
-      # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
+#     # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
-      - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
+#     - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
-      - PHPLDAPADMIN_HTTPS=false
+#     - PHPLDAPADMIN_HTTPS=false
-      - PHPLDAPADMIN_TRUST_PROXY_SSL=true
+#     - PHPLDAPADMIN_TRUST_PROXY_SSL=true
-    extra_hosts:
+#   extra_hosts:
-      - ldap.easypi.pro:x.x.x.x
+#     - ldap.easypi.duckdns.org:x.x.x.x
-    depends_on:
+#   depends_on:
-      - openldap
+#     - openldap
-    restart: always
+#   restart: unless-stopped
 ```
 > :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS:
@ -88,12 +88,12 @@ services:
 ```bash
 openssl req \
  -x509 -nodes -days 3650 -sha256 \
-  -subj '/C=US/ST=Oregon/L=Portland/CN=easypi.pro' \
+  -subj '/C=US/ST=Oregon/L=Portland/CN=easypi.duckdns.org' \
  -newkey rsa:2048 -keyout ca.key -out ca.crt
 openssl req \
  -new -sha256 -newkey rsa:2048 -nodes \
-  -subj '/CN=ldap.easypi.pro/O=EasyPi/C=US/ST=Oregon/L=Portland' \
+  -subj '/CN=ldap.easypi.duckdns.org/O=EasyPi/C=US/ST=Oregon/L=Portland' \
  -keyout ldap.key -out ldap.csr
 openssl x509 \
@ -106,11 +106,11 @@ openssl x509 \
 ```bash
 $ docker-compose exec openldap bash
->>> ldapwhoami -H ldap://ldap.easypi.pro -x -ZZ
+>>> ldapwhoami -H ldap://ldap.easypi.duckdns.org -x -ZZ
 anonymous
->>> ldapwhoami -H ldaps://ldap.easypi.pro -x -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
+>>> ldapwhoami -H ldaps://ldap.easypi.duckdns.org -x -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
-dn:cn=admin,dc=ldap,dc=easypi,dc=pro
+dn:cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org
->>> ldapsearch -H ldaps://ldap.easypi.pro -b dc=ldap,dc=easypi,dc=pro -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
+>>> ldapsearch -H ldaps://ldap.easypi.duckdns.org -b dc=ldap,dc=easypi,dc=duckdns,dc=org -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
 ...
 ```
--- a/openldap/docker-compose.yml
+++ b/openldap/docker-compose.yml
@ -1,11 +1,11 @@
-version: "3.7"
+version: "3.8"
 services:
  openldap:
    image: osixia/openldap
    command: "--loglevel debug"
-    hostname: ldap.easypi.pro
+    hostname: ldap.easypi.duckdns.org
    ports:
      - "389:389"
      - "636:636"
@ -16,7 +16,7 @@ services:
      - ./data/run:/container/run
    environment:
      - LDAP_ORGANISATION=EasyPi
-      - LDAP_DOMAIN=ldap.easypi.pro
+      - LDAP_DOMAIN=ldap.easypi.duckdns.org
      - LDAP_ADMIN_PASSWORD=admin
      - LDAP_CONFIG_PASSWORD=config
      - LDAP_TLS=true
@ -25,20 +25,20 @@ services:
      - LDAP_TLS_KEY_FILENAME=ldap.key
      - LDAP_TLS_VERIFY_CLIENT=try
      - LDAP_TLS_ENFORCE=true
-    restart: always
+    restart: unless-stopped
-  phpldapadmin:
+# phpldapadmin:
-    image: osixia/phpldapadmin
+#   image: osixia/phpldapadmin
-    command: "--loglevel debug"
+#   command: "--loglevel debug"
-    ports:
+#   ports:
-      - "8080:80"
+#     - "8080:80"
-    environment:
+#   environment:
-      # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
+#     # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
-      - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
+#     - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
-      - PHPLDAPADMIN_HTTPS=false
+#     - PHPLDAPADMIN_HTTPS=false
-      - PHPLDAPADMIN_TRUST_PROXY_SSL=true
+#     - PHPLDAPADMIN_TRUST_PROXY_SSL=true
-    extra_hosts:
+#   extra_hosts:
-      - ldap.easypi.pro:x.x.x.x
+#     - ldap.easypi.duckdns.org:x.x.x.x
-    depends_on:
+#   depends_on:
-      - openldap
+#     - openldap
-    restart: always
+#   restart: unless-stopped
--- a/openldap/nginx.conf
+++ b/openldap/nginx.conf
@ -1,14 +1,14 @@
 server {
    listen              80;
-    server_name         ldap.easypi.pro;
+    server_name         ldap.easypi.duckdns.org;
    return 302          https://$host$request_uri;
 }
 server {
    listen                 443 ssl;
-    server_name            ldap.easypi.pro;
+    server_name            ldap.easypi.duckdns.org;
-    ssl_certificate        ssl/easypi.pro/fullchain.pem;
+    ssl_certificate        ssl/easypi.duckdns.org/fullchain.pem;
-    ssl_certificate_key    ssl/easypi.pro/privkey.pem;
+    ssl_certificate_key    ssl/easypi.duckdns.org/privkey.pem;
    ssl_protocols          TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers            HIGH:!aNULL:!MD5;
    location / {