theanurin/openldap
OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol.
10K+
OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol.
SLAPD_DEBUG_LEVEL
- slapd debug level (-1
enable all debugging). See Debugging Levels table.SSL_CERT_EXPIRE_TIMEOUT
- Timeout in seconds to check certificate expiration. Default: 86400
CONFIG_LEGO_DOMAIN
- Enable Lego and define domain of your OpenLDAP server
CONFIG_LEGO_DOMAIN_2
, CONFIG_LEGO_DOMAIN_3
, CONFIG_LEGO_DOMAIN_4
, CONFIG_LEGO_DOMAIN_5
- Additional domains.CONFIG_LEGO_EMAIL
- An email for LEGO accountCONFIG_LEGO_CHALLENGE_HTTP_01
- Set to true
to enable HTTP-01 challenge solver. Make sure that your container will be available from Internet on port 80 and binds to domain defined in CONFIG_LEGO_DOMAINCONFIG_LEGO_CHALLENGE_TLS_ALPN_01
- Set to true
to enable TLS-ALPN-01 challenge solver. Make sure that your container will be available from Internet on port 443 and binds to domain defined in CONFIG_LEGO_DOMAINCONFIG_LEGO_CHALLENGE_DNS_01_PROVIDER
- Set to one of following values to enable DNS-01 challenge solver.DNS-01 challenge solvers: exec
CONFIG_LEGO_CHALLENGE_DNS_01_PROVIDER="exec"
CONFIG_LEGO_CHALLENGE_DNS_01_RESOLVERS="ns313.inhostedns.org,ns213.inhostedns.net,ns113.inhostedns.com"
EXEC_PATH="/opt/dns-01-solvers/tools.adm.py"
EXEC_POLLING_INTERVAL=30
EXEC_PROPAGATION_TIMEOUT=600
ADM_TOOLS_API_LOGIN="admins@example.org"
ADM_TOOLS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ADM_TOOLS_ROOT_DOMAINS="example.org"
DNS-01 challenge solvers: cloudflare
CONFIG_LEGO_CHALLENGE_DNS_01_PROVIDER="cloudflare"
CONFIG_LEGO_CHALLENGE_DNS_01_RESOLVERS="arely.ns.cloudflare.com,cameron.ns.cloudflare.com"
CLOUDFLARE_DNS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
CLOUDFLARE_ZONE_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
tcp/80
- insecure HTTP endpoint for ACME challenge (use http://)tcp/389
- insecure LDAP endpoint (use ldap://)tcp/443
- secured HTTP endpoint for ACME challenge (use https://)tcp/636
- secured LDAP endpoint (use ldaps://)/data/etc
- Configuration stuff/data/etc/slapd-init.d
- Place here LDIF files that will deployed (one time) into new instance via slapadd
. Probably good place to configure OpenLDAP modules, schemas, etc. But you unable to setup database here (due to slapadd
is not intended for incremental use, see thread...)/data/db
- LDAP databasescn=config
openldap
tools.adm.py
for Hosting Ukrainedocker run --rm --interactive --tty \
--publish 389:389 \
--ulimit nofile=1024:1024 \
--env SLAPD_DEBUG_LEVEL=-1 \
theanurin/openldap
See Quick Start guide for details.
NOTE: The container's port 80 should be public available on your domain defined in CONFIG_LEGO_DOMAIN variable.
export CONFIG_LEGO_OPTS="--server=https://acme-staging-v02.api.letsencrypt.org/directory" # Skip this for ACME production environment
export CONFIG_LEGO_DOMAIN="ldap.example.org"
export CONFIG_LEGO_EMAIL="admin@example.org"
export CONFIG_LEGO_CHALLENGE_HTTP_01="true"
mkdir ldap-etc.local ldap-db.local
docker run --rm --interactive --tty \
--env CONFIG_LEGO_OPTS --env CONFIG_LEGO_DOMAIN --env CONFIG_LEGO_EMAIL \
--env CONFIG_LEGO_CHALLENGE_HTTP_01 \
--ulimit nofile=1024:1024 \
--mount "type=bind,source=$PWD/ldap-etc.local,target=/data/etc" \
--mount "type=bind,source=$PWD/ldap-db.local,target=/data/db" \
--publish 0.0.0.0:80:80 \
--publish 127.0.0.1:389:389 \
--publish 0.0.0.0:636:636 \
theanurin/openldap
NOTE: The container's port 443 should be public available on your domain defined in CONFIG_LEGO_DOMAIN variable.
export CONFIG_LEGO_OPTS="--server=https://acme-staging-v02.api.letsencrypt.org/directory" # Skip this for ACME production environment
export CONFIG_LEGO_DOMAIN="ldap.example.org"
export CONFIG_LEGO_EMAIL="admin@example.org"
export CONFIG_LEGO_CHALLENGE_TLS_ALPN_01="true"
mkdir ldap-etc.local ldap-db.local
docker run --rm --interactive --tty \
--env CONFIG_LEGO_OPTS --env CONFIG_LEGO_DOMAIN --env CONFIG_LEGO_EMAIL \
--env CONFIG_LEGO_CHALLENGE_TLS_ALPN_01 \
--ulimit nofile=1024:1024 \
--mount "type=bind,source=$PWD/ldap-etc.local,target=/data/etc" \
--mount "type=bind,source=$PWD/ldap-db.local,target=/data/db" \
--publish 127.0.0.1:389:389 \
--publish 0.0.0.0:443:443 \
--publish 0.0.0.0:636:636 \
theanurin/openldap
NOTE: DNS_01 is perfect when you are not able to expose ACME web server ports. But you have to write own solver script if you use no-name DNS provider. See LEGO's ready to use DNS Providers.
Cloudflare
export CONFIG_LEGO_OPTS="--server=https://acme-staging-v02.api.letsencrypt.org/directory" # Skip this for ACME production environment
export CONFIG_LEGO_DOMAIN="ldap.example.org"
export CONFIG_LEGO_EMAIL="admins@example.org"
export CONFIG_LEGO_CHALLENGE_DNS_01_PROVIDER="cloudflare"
export CONFIG_LEGO_CHALLENGE_DNS_01_RESOLVERS="arely.ns.cloudflare.com,cameron.ns.cloudflare.com"
export CLOUDFLARE_DNS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
export CLOUDFLARE_ZONE_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
mkdir openldap-etc.local openldap-db.local
docker run --rm --interactive --tty \
--env CONFIG_LEGO_OPTS --env CONFIG_LEGO_DOMAIN --env CONFIG_LEGO_EMAIL \
--env CONFIG_LEGO_CHALLENGE_DNS_01_PROVIDER --env CONFIG_LEGO_CHALLENGE_DNS_01_RESOLVERS \
--env CLOUDFLARE_EMAIL --env CLOUDFLARE_DNS_API_TOKEN --env CLOUDFLARE_ZONE_API_TOKEN \
--ulimit nofile=1024:1024 \
--mount "type=bind,source=$PWD/openldap-etc.local,target=/data/etc" \
--mount "type=bind,source=$PWD/openldap-db.local,target=/data/db" \
--publish 127.0.0.1:389:389 \
--publish 0.0.0.0:636:636 \
theanurin/openldap
Custom solver tools.adm.py
export CONFIG_LEGO_OPTS="--server=https://acme-staging-v02.api.letsencrypt.org/directory" # Skip this for ACME production environment
export CONFIG_LEGO_DOMAIN="ldap.example.org"
export CONFIG_LEGO_EMAIL="admin@example.org"
export CONFIG_LEGO_CHALLENGE_DNS_01_PROVIDER="exec"
export CONFIG_LEGO_CHALLENGE_DNS_01_RESOLVERS="ns313.inhostedns.org,ns213.inhostedns.net,ns113.inhostedns.com"
export EXEC_POLLING_INTERVAL=30
export EXEC_PROPAGATION_TIMEOUT=600
export EXEC_PATH="/opt/dns-01-solvers/tools.adm.py"
export ADM_TOOLS_ROOT_DOMAINS="example.org"
export ADM_TOOLS_API_TOKEN_FILE=/run/secrets/admtools_token
mkdir ldap-etc.local ldap-db.local
docker run --rm --interactive --tty \
--env CONFIG_LEGO_OPTS --env CONFIG_LEGO_DOMAIN --env CONFIG_LEGO_EMAIL \
--env CONFIG_LEGO_CHALLENGE_DNS_01_PROVIDER --env CONFIG_LEGO_CHALLENGE_DNS_01_RESOLVERS \
--env EXEC_PATH --env EXEC_POLLING_INTERVAL --env EXEC_PROPAGATION_TIMEOUT \
--env ADM_TOOLS_ROOT_DOMAINS --env ADM_TOOLS_API_TOKEN_FILE \
--ulimit nofile=1024:1024 \
--mount "type=bind,source=$PWD/ldap-etc.local,target=/data/etc" \
--mount "type=bind,source=$PWD/ldap-db.local,target=/data/db" \
--mount "type=bind,source=/path/to/admtools_token,target=/run/secrets/admtools_token" \
--publish 127.0.0.1:389:389 \
--publish 0.0.0.0:636:636 \
theanurin/openldap
docker pull theanurin/openldap