bresam/openldap

By bresam

Updated 9 months ago

An extended variant of bitnami/openldap - Easy configurable disable_anon_bind, memberOf, openssh-lpk

Image
Databases & Storage
Networking
Security
0

14

bitnami/openldap extended

An extended variant of bitnami/openldap | hub.docker.com | github.com

Easy configurable disable_anon_bind, memberOf and openssh-lpk

You can find this project on github and docker hub


Changes

ENV config

For general configurations and usage instructions have a look at the bitnami openldap documentation

  • LDAP_EXTRA_SCHEMAS:
    Bitnami's default config is: "cosine,inetorgperson,nis"
    • Disable anonymous bind disable-bind-anon
      LDAP_EXTRA_SCHEMAS="cosine,inetorgperson,nis,disable-bind-anon"
    • Add openssh-lpk
      LDAP_EXTRA_SCHEMAS="cosine,inetorgperson,nis,openssh-lpk"
    • Add memberof
      LDAP_EXTRA_SCHEMAS="cosine,inetorgperson,nis,memberof"
      Groups created before (like readers created by default schema) need to be deleted and recreated before the memberof overlay takes into action

Playground

By docker compose we start an openldap and phpldapadmin containers.
PhpLdapAdmin has a preconfigured connection to the ldap server, the default password is admin.
VIRTUAL_HOST is configured to http://ldap.test or just use the mapped port http://localhost:8080

Have a look or edit config in docker-compose.yaml

# start environment
docker compose up -d --build
# restart environment after config changes
docker compose down && docker compose up -d --build
PhpLdapAdmin

Preconfigured connections:

  • 1 openldap-extended (unsecure): non-tls connection
  • 2 openldap-extended (tls): not used yet, needs tls config on server
  • 3 openldap-bitnami (unsecure): non-tls connection
  • 4 openldap-bitnami (tls): not used yet, needs tls config on server
Connect with other ldap clients from localhost

Bind DN: cn=admin,dc=example,dc=com Password: admin

Container ports of ldap services are bound to localhost by default and can be accessed with any locally installed ldap client:

  • openldap-extended
    • unsecure: localhost:1389
    • secure (tls): localhost:1636 not used yet, needs tls config on server
  • openldap-bitnami
    • unsecure: localhost:2389
    • secure (tls): localhost:2636 not used yet, needs tls config on server

Notes

You don't need any of these, but possibly it could help on future debugging stuff

docker compose down && docker volume prune -f && docker compose up -d --build
ldapadd -Y EXTERNAL -H "ldapi:///" -f "/opt/bitnami/openldap/etc/schema/disable-bind-anon.ldif"
ldapadd -Y EXTERNAL -H "ldapi:///" -f "/opt/bitnami/openldap/etc/schema/openssh-lpk.ldif"
ldapadd -Y EXTERNAL -H "ldapi:///" -f "/opt/bitnami/openldap/etc/schema/memberof.ldif"
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn
memberOf

https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay/

https://www.adimian.com/blog/how-to-enable-memberof-using-openldap/

Docker Pull Command

docker pull bresam/openldap