An OpenLDAP-Server to provide user authentication including password policies for Linux.
The intention is to provide an auto-configured LDAP authentication-server for other containers.
Other containers should use nslcd for user-authentication.
NOTE: On purpose, there is no secured channel (TLS/SSL), because this service should never be exposed to the internet, but only be used directly
by other Docker containers using Docker's
- Docker (>= 1.9.0)
The service provides the following network ports and filesystems.
389: LDAP-Server (internal)
10389: LDAP-Server (external)
The image is build by executing the following Docker-Command in the project's root directory:
docker build -t openldap \ --build-arg='HTTP_PROXY=http://<proxy-hostname>:<port>' \ .
- This Web-Proxy is just required for the installation process. It is no more used afterwards.
Build Arguments can also be provided in the
The created container is configured automatically by the
entrypoint-script during the first run.
During this first run the following environment variables must be provided:
- LDAP-Domain for project-database
- Provide in dotted (
.) notation (i.e. domain.com)
- Administrator Password for Project- and Config-Database
- Defaults to
- Defaults to
- Configure N-Way Multi-Master Replication with other LDAP-Servers
Afterwards, the variables are no more used.
The container can be started directly (in background) by the following command-line:
docker run --name ldapauth -d \ -p 10389:389 \ -e SLAPD_PASSWORD=<secret> \ -e SLAPD_DOMAIN=<example.org> \ -e SLAPD_MULTIMASTER_HOSTS="ldap://<hostname-other-ldap>:<port>|<other-ldap-admin-password>,..." \ openldap
Alternatively it can be started in a
docker-compose context with the following configuration parameters:
ldap: image: openldap:latest container_name: ldapauth hostname: <hostname> domainname: <domain> ports: - 10389:389 environment: - SLAPD_DOMAIN=<ldap-domain> - SLAPD_PASSWORD=<secret> - SLAPD_MULTIMASTER_HOSTS="ldap://<hostname-other-ldap>:<port>|<other-ldap-admin-password>,..."
For debugging and maintenance purposes you may want access the containers shell. A running containers shell can be started as follows:
docker exec -it ldapauth bash
Logging is performed directly in the console.
With installed ldaputils the system can be debugged.
The image exposes two directories (
VOLUME ["/etc/ldap", "/var/lib/ldap"]).
The first holds the "static" configuration while the second holds the actual
database. Please make sure that these two directories are saved (in a data-only
container or alike) in order to make sure that everything is restored after a
restart of the container.