mirror of https://github.com/vimagick/dockerfiles
70c4e53571
|
||
|---|---|---|
| .. | ||
| README.md | ||
| docker-compose.yml | ||
| nginx.conf | ||
OpenLDAP
OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.
Directory Tree
├── data
│ ├── certs
│ │ ├── ca.crt
│ │ ├── ca.key
│ │ ├── ca.srl
│ │ ├── ldap.crt
│ │ ├── ldap.csr
│ │ └── ldap.key
│ ├── conf (auto generated)
│ │ ├── cn=config
│ │ ├── cn=config.ldif
│ │ └── docker-openldap-was-started-with-tls
│ └── data (auto generated)
│ ├── data.mdb
│ └── lock.mdb
└── docker-compose.yml
docker-compose.yml
version: "3.7"
services:
openldap:
image: osixia/openldap
command: "--loglevel debug"
hostname: ldap.easypi.pro
ports:
- "389:389"
- "636:636"
volumes:
- ./data/certs:/container/service/slapd/assets/certs
- ./data/etc:/etc/ldap/slapd.d
- ./data/var:/var/lib/ldap
- ./data/run:/container/run
environment:
- LDAP_ORGANISATION=EasyPi
- LDAP_DOMAIN=ldap.easypi.pro
- LDAP_ADMIN_PASSWORD=admin
- LDAP_CONFIG_PASSWORD=config
- LDAP_TLS=true
- LDAP_TLS_CA_CRT_FILENAME=ca.crt
- LDAP_TLS_CRT_FILENAME=ldap.crt
- LDAP_TLS_KEY_FILENAME=ldap.key
- LDAP_TLS_VERIFY_CLIENT=try
- LDAP_TLS_ENFORCE=true
restart: always
phpldapadmin:
image: osixia/phpldapadmin
command: "--loglevel debug"
ports:
- "8080:80"
environment:
# PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
- PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
extra_hosts:
- ldap.easypi.pro:x.x.x.x
depends_on:
- openldap
restart: always
:warnning: I haven't figured out how to connect phpldapadmin to openladp via STARTTLS:
openldap_1 | 5d8a7abe conn=1023 fd=12 ACCEPT from IP=172.29.0.1:59342 (IP=0.0.0.0:389) openldap_1 | 5d8a7abe conn=1023 op=0 EXT oid=1.3.6.1.4.1.1466.20037 openldap_1 | 5d8a7abe conn=1023 op=0 STARTTLS openldap_1 | 5d8a7abe conn=1023 op=0 RESULT oid= err=0 text= openldap_1 | 5d8a7abe conn=1023 fd=12 TLS established tls_ssf=256 ssf=256 openldap_1 | 5d8a7abe conn=1023 fd=12 closed (connection lost)
Create Keys and Certificates
openssl req \
-x509 -nodes -days 3650 -sha256 \
-subj '/C=US/ST=Oregon/L=Portland/CN=easypi.pro' \
-newkey rsa:2048 -keyout ca.key -out ca.crt
openssl req \
-new -sha256 -newkey rsa:2048 -nodes \
-subj '/CN=ldap.easypi.pro/O=EasyPi/C=US/ST=Oregon/L=Portland' \
-keyout ldap.key -out ldap.csr
openssl x509 \
-req -days 3650 -sha256 \
-in ldap.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
-out ldap.crt
Test the STARTTLS & SSL connections
$ docker-compose exec openldap bash
>>> ldapwhoami -H ldap://ldap.easypi.pro -x -ZZ
anonymous
>>> ldapwhoami -H ldaps://ldap.easypi.pro -x -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
dn:cn=admin,dc=ldap,dc=easypi,dc=pro
>>> ldapsearch -H ldaps://ldap.easypi.pro -b dc=ldap,dc=easypi,dc=pro -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
...