You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Docker Engine doesn't work well with firewall-cmd and can cause issues if you're connecting to the LDAP server from another container on the same machine. You can fix this by running:
126
-
```
142
+
```sh
127
143
$ firewall-cmd --add-port=389/tcp --permanent
128
144
$ firewall-cmd --add-port=636/tcp --permanent
129
145
$ firewall-cmd --reload
@@ -154,34 +170,37 @@ Other `{{ * }}` substitutions are left unchanged.
154
170
Since startup script modifies `ldif` files, you **must** add `--copy-service`
155
171
argument to entrypoint if you don't want to overwrite them.
This image can load ldif and schema files at startup from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.
171
188
172
-
For example: Gitlab is not capable of mounting custom paths into docker services of a ci job, but gitlab automatically mounts the working copy in every service container. So the working copy (sources) are accessible under `/builds` in every services
189
+
For example: Gitlab is not capable of mounting custom paths into docker services of a ci job, but Gitlab automatically mounts the working copy in every service container. So the working copy (sources) are accessible under `/builds` in every services
173
190
of a ci job. The path to the working copy can be obtained via `${CI_PROJECT_DIR}`. See also: https://docs.gitlab.com/runner/executors/docker.html#build-directory-in-service
174
191
175
-
This may also work with other CI services, if they automatically mount the working directory to the services of a ci job like gitlab ci does.
192
+
This may also work with other CI services, if they automatically mount the working directory to the services of a ci job like Gitlab ci does.
176
193
177
194
In order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any *.ldif or *.schema file into the default seeding
Note: By default this image is waiting an **mdb** database backend, if you want to use any other database backend set backend type via the LDAP_BACKEND environement variable.
222
+
Note: By default this image is waiting an **mdb** database backend, if you want to use any other database backend set backend type via the LDAP_BACKEND environment variable.
201
223
202
224
### Backup
203
225
A simple solution to backup your ldap server, is our openldap-backup docker image:
@@ -212,17 +234,23 @@ If you are looking for a simple solution to administrate your ldap server you ca
212
234
#### Use auto-generated certificate
213
235
By default, TLS is already configured and enabled, certificate is created using container hostname (it can be set by docker run --hostname option eg: ldap.example.org).
214
236
215
-
docker run --hostname ldap.my-company.com --detach osixia/openldap:1.4.0
237
+
```sh
238
+
docker run --hostname ldap.my-company.com --detach osixia/openldap:1.4.0
239
+
```
216
240
217
241
#### Use your own certificate
218
242
219
243
You can set your custom certificate at run time, by mounting a directory containing those files to **/container/service/slapd/assets/certs** and adjust their name with the following environment variables:
220
244
221
-
docker run --hostname ldap.example.org --volume /path/to/certificates:/container/service/slapd/assets/certs \
Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
228
256
@@ -284,12 +312,15 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
284
312
285
313
Example command to run the container in `debug` mode:
286
314
287
-
docker run --detach osixia/openldap:1.4.0 --loglevel debug
315
+
```sh
316
+
docker run --detach osixia/openldap:1.4.0 --loglevel debug
317
+
```
288
318
289
319
See all command line options:
290
320
291
-
docker run osixia/openldap:1.4.0 --help
292
-
321
+
```sh
322
+
docker run osixia/openldap:1.4.0 --help
323
+
```
293
324
294
325
## Environment Variables
295
326
Environment variables defaults are set in **image/environment/default.yaml** and **image/environment/default.startup.yaml**.
@@ -300,7 +331,7 @@ See how to [set your own environment variables](#set-your-own-environment-variab
300
331
Variables defined in this file are available at anytime in the container environment.
301
332
302
333
General container configuration:
303
-
-**LDAP_LOG_LEVEL**: Slap log level. defaults to `256`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
334
+
-**LDAP_LOG_LEVEL**: Slap log level. defaults to `256`. See table 5.1 in https://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
304
335
305
336
### Default.startup.yaml
306
337
Variables defined in this file are only available during the container **first start** in **startup files**.
@@ -325,7 +356,7 @@ Required and used for new ldap server only:
325
356
Backend:
326
357
-**LDAP_BACKEND**: Ldap backend. Defaults to `mdb` (previously hdb in image versions up to v1.1.10)
-**LDAP_TLS**: Add openldap TLS capabilities. Can't be removed once set to true. Defaults to `true`.
@@ -337,7 +368,7 @@ TLS options:
337
368
-**LDAP_TLS_CIPHER_SUITE**: TLS cipher suite. Defaults to `SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC`, based on Red Hat's [TLS hardening guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Hardening_TLS_Configuration.html)
338
369
-**LDAP_TLS_VERIFY_CLIENT**: TLS verify client. Defaults to `demand`
Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
394
433
395
434
Note: the container will try to delete the **\*.startup.yaml** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.startup.yaml**:
396
435
397
-
docker run --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
Adapt Makefile, set your image NAME and VERSION, for example:
443
495
444
-
NAME = osixia/openldap
445
-
VERSION = 1.1.9
496
+
```makefile
497
+
NAME = osixia/openldap
498
+
VERSION = 1.1.9
499
+
```
500
+
501
+
become:
446
502
447
-
become:
448
-
NAME = cool-guy/openldap
449
-
VERSION = 0.1.0
503
+
```makefile
504
+
NAME = cool-guy/openldap
505
+
VERSION = 0.1.0
506
+
```
450
507
451
508
Add your custom certificate, bootstrap ldif and environment files...
452
509
453
510
Build your image:
454
511
455
-
make build
512
+
```sh
513
+
make build
514
+
```
456
515
457
516
Run your image:
458
517
459
-
docker run --detach cool-guy/openldap:0.1.0
518
+
```sh
519
+
docker run --detach cool-guy/openldap:0.1.0
520
+
```
460
521
461
522
### Tests
462
523
@@ -466,14 +527,16 @@ We use **Bats** (Bash Automated Testing System) to test this image:
466
527
467
528
Install Bats, and in this project directory run:
468
529
469
-
make test
530
+
```sh
531
+
make test
532
+
```
470
533
471
534
### Kubernetes
472
535
473
536
Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.
474
537
475
538
More information:
476
-
-http://kubernetes.io
539
+
-https://kubernetes.io/
477
540
-https://github.com/kubernetes/kubernetes
478
541
479
542
osixia-openldap kubernetes examples are available in **example/kubernetes**
@@ -496,7 +559,7 @@ If you discover a security vulnerability within this docker image, please send a
496
559
Please include as many details as possible.
497
560
498
561
### Known security issues
499
-
Openldap on debian creates two admin users with the same password, if you changed admin password after bootstrap you may be concerned by issue #161.
562
+
OpenLDAP on debian creates two admin users with the same password, if you changed admin password after bootstrap you may be concerned by issue #161.
0 commit comments