1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-11-21 17:56:53 +02:00
dockerfiles/openldap
2024-09-02 15:11:14 +08:00
..
docker-compose.yml update openldap 2024-09-02 15:11:14 +08:00
nginx.conf update openldap 2021-03-11 15:54:47 +08:00
README.md update openldap 2024-09-02 15:11:14 +08:00

OpenLDAP

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol.

Directory Tree

├── data
│   ├── certs
│   │   ├── ca.crt
│   │   ├── ca.key
│   │   ├── ca.srl
│   │   ├── ldap.crt
│   │   ├── ldap.csr
│   │   └── ldap.key
│   ├── conf (auto generated)
│   │   ├── cn=config
│   │   ├── cn=config.ldif
│   │   └── docker-openldap-was-started-with-tls
│   └── data (auto generated)
│       ├── data.mdb
│       └── lock.mdb
└── docker-compose.yml

Create Keys and Certificates

openssl req \
  -x509 -nodes -days 3650 -sha256 \
  -subj '/C=US/ST=Oregon/L=Portland/CN=easypi.duckdns.org' \
  -newkey rsa:2048 -keyout ca.key -out ca.crt

openssl req \
  -new -sha256 -newkey rsa:2048 -nodes \
  -subj '/CN=ldap.easypi.duckdns.org/O=EasyPi/C=US/ST=Oregon/L=Portland' \
  -keyout ldap.key -out ldap.csr

openssl x509 \
  -req -days 3650 -sha256 \
  -in ldap.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
  -out ldap.crt

Test the STARTTLS & SSL connections

$ docker-compose exec openldap bash
>>> ldapwhoami -H ldap://ldap.easypi.duckdns.org -x -ZZ
anonymous
>>> ldapwhoami -H ldaps://ldap.easypi.duckdns.org -x -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
dn:cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org
>>> ldapsearch -H ldaps://ldap.easypi.duckdns.org -b dc=ldap,dc=easypi,dc=duckdns,dc=org -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
...

GUI Client

References