From c97083c9a890a814543e6381ea5df3491510ddec Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Tue, 30 Oct 2018 15:56:55 +0800
Subject: [PATCH] add openldap

---
 README.md                   |  1 +
 openldap/README.md          | 93 +++++++++++++++++++++++++++++++++++++
 openldap/docker-compose.yml | 28 +++++++++++
 3 files changed, 122 insertions(+)
 create mode 100644 openldap/README.md
 create mode 100644 openldap/docker-compose.yml

diff --git a/README.md b/README.md
index 61ebda4..7e9f5c2 100644
--- a/README.md
+++ b/README.md
@@ -280,6 +280,7 @@ A collection of delicious docker recipes.
 - [x] mongo
 - [x] neo4j
 - [x] odoo
+- [x] osixia/openldap
 - [x] owncloud
 - [x] phpmyadmin
 - [x] pihole/pihole
diff --git a/openldap/README.md b/openldap/README.md
new file mode 100644
index 0000000..9ca9e96
--- /dev/null
+++ b/openldap/README.md
@@ -0,0 +1,93 @@
+OpenLDAP
+========
+
+[![](https://www.openldap.org/images/headers/LDAPworm.gif)](https://www.openldap.org/)
+
+OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.
+
+## Directory Tree
+
+```
+├── data
+│   ├── certs
+│   │   ├── ca.crt
+│   │   ├── ca.key
+│   │   ├── ca.srl
+│   │   ├── ldap.crt
+│   │   ├── ldap.csr
+│   │   └── ldap.key
+│   ├── conf (auto generated)
+│   │   ├── cn=config
+│   │   ├── cn=config.ldif
+│   │   └── docker-openldap-was-started-with-tls
+│   └── data (auto generated)
+│       ├── data.mdb
+│       └── lock.mdb
+└── docker-compose.yml
+```
+
+## docker-compose.yml
+
+```yaml
+openldap:
+  image: osixia/openldap
+  ports:
+    - "389:389"
+  volumes:
+    - ./data/certs:/container/service/slapd/assets/certs
+    - ./data/conf:/etc/ldap/slapd.d
+    - ./data/data:/var/lib/ldap
+  environment:
+    - LDAP_ORGANISATION=EasyPi
+    - LDAP_DOMAIN=ldap.easypi.pro
+    - LDAP_ADMIN_PASSWORD=admin
+    - LDAP_CONFIG_PASSWORD=config
+    - LDAP_TLS_CA_CRT_FILENAME=ca.crt
+    - LDAP_TLS_CRT_FILENAME=ldap.crt
+    - LDAP_TLS_KEY_FILENAME=ldap.key
+  restart: always
+
+phpldapadmin:
+  image: osixia/phpldapadmin
+  ports:
+    - "8080:80"
+  environment:
+    - PHPLDAPADMIN_LDAP_HOSTS=openldap
+    - PHPLDAPADMIN_HTTPS=false
+  links:
+    - openldap
+  restart: always
+```
+
+## Create Keys and Certificates
+
+```bash
+openssl req \
+  -x509 -nodes -days 3650 -sha256 \
+  -subj '/C=US/ST=Oregon/L=Portland/CN=easypi.pro' \
+  -newkey rsa:2048 -keyout ca.key -out ca.crt
+
+openssl req \
+  -new -sha256 -newkey rsa:2048 -nodes \
+  -subj '/CN=ldap.easypi.pro/O=EasyPi/C=US/ST=Oregon/L=Portland' \
+  -keyout ldap.key -out ldap.csr
+
+openssl x509 \
+  -req -days 3650 -sha256 \
+  -in ldap.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
+  -out ldap.crt
+```
+
+## Test the STARTTLS upgrade
+
+```bash
+$ docker-compose exec openldap bash
+>>> ldapwhoami -H ldap://ldap.easypi.pro -x -ZZ
+anonymous
+>>> exit
+exit
+```
+
+## References
+
+- https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls
diff --git a/openldap/docker-compose.yml b/openldap/docker-compose.yml
new file mode 100644
index 0000000..c7c9a4d
--- /dev/null
+++ b/openldap/docker-compose.yml
@@ -0,0 +1,28 @@
+openldap:
+  image: osixia/openldap
+  ports:
+    - "389:389"
+  volumes:
+    - ./data/certs:/container/service/slapd/assets/certs
+    - ./data/conf:/etc/ldap/slapd.d
+    - ./data/data:/var/lib/ldap
+  environment:
+    - LDAP_ORGANISATION=EasyPi
+    - LDAP_DOMAIN=ldap.easypi.pro
+    - LDAP_ADMIN_PASSWORD=admin
+    - LDAP_CONFIG_PASSWORD=config
+    - LDAP_TLS_CA_CRT_FILENAME=ca.crt
+    - LDAP_TLS_CRT_FILENAME=ldap.crt
+    - LDAP_TLS_KEY_FILENAME=ldap.key
+  restart: always
+
+phpldapadmin:
+  image: osixia/phpldapadmin
+  ports:
+    - "8080:80"
+  environment:
+    - PHPLDAPADMIN_LDAP_HOSTS=openldap
+    - PHPLDAPADMIN_HTTPS=false
+  links:
+    - openldap
+  restart: always