1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-23 01:39:27 +02:00

update openldap

This commit is contained in:
kev 2021-03-11 15:54:47 +08:00
parent 5840efd29b
commit 3eaf4acf0a
3 changed files with 48 additions and 48 deletions

View File

@ -29,14 +29,14 @@ OpenLDAP Software is an open source implementation of the Lightweight Directory
## docker-compose.yml ## docker-compose.yml
```yaml ```yaml
version: "3.7" version: "3.8"
services: services:
openldap: openldap:
image: osixia/openldap image: osixia/openldap
command: "--loglevel debug" command: "--loglevel debug"
hostname: ldap.easypi.pro hostname: ldap.easypi.duckdns.org
ports: ports:
- "389:389" - "389:389"
- "636:636" - "636:636"
@ -47,7 +47,7 @@ services:
- ./data/run:/container/run - ./data/run:/container/run
environment: environment:
- LDAP_ORGANISATION=EasyPi - LDAP_ORGANISATION=EasyPi
- LDAP_DOMAIN=ldap.easypi.pro - LDAP_DOMAIN=ldap.easypi.duckdns.org
- LDAP_ADMIN_PASSWORD=admin - LDAP_ADMIN_PASSWORD=admin
- LDAP_CONFIG_PASSWORD=config - LDAP_CONFIG_PASSWORD=config
- LDAP_TLS=true - LDAP_TLS=true
@ -56,23 +56,23 @@ services:
- LDAP_TLS_KEY_FILENAME=ldap.key - LDAP_TLS_KEY_FILENAME=ldap.key
- LDAP_TLS_VERIFY_CLIENT=try - LDAP_TLS_VERIFY_CLIENT=try
- LDAP_TLS_ENFORCE=true - LDAP_TLS_ENFORCE=true
restart: always restart: unless-stopped
phpldapadmin: # phpldapadmin:
image: osixia/phpldapadmin # image: osixia/phpldapadmin
command: "--loglevel debug" # command: "--loglevel debug"
ports: # ports:
- "8080:80" # - "8080:80"
environment: # environment:
# PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}] # # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
- PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/ # - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
- PHPLDAPADMIN_HTTPS=false # - PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true # - PHPLDAPADMIN_TRUST_PROXY_SSL=true
extra_hosts: # extra_hosts:
- ldap.easypi.pro:x.x.x.x # - ldap.easypi.duckdns.org:x.x.x.x
depends_on: # depends_on:
- openldap # - openldap
restart: always # restart: unless-stopped
``` ```
> :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS: > :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS:
@ -88,12 +88,12 @@ services:
```bash ```bash
openssl req \ openssl req \
-x509 -nodes -days 3650 -sha256 \ -x509 -nodes -days 3650 -sha256 \
-subj '/C=US/ST=Oregon/L=Portland/CN=easypi.pro' \ -subj '/C=US/ST=Oregon/L=Portland/CN=easypi.duckdns.org' \
-newkey rsa:2048 -keyout ca.key -out ca.crt -newkey rsa:2048 -keyout ca.key -out ca.crt
openssl req \ openssl req \
-new -sha256 -newkey rsa:2048 -nodes \ -new -sha256 -newkey rsa:2048 -nodes \
-subj '/CN=ldap.easypi.pro/O=EasyPi/C=US/ST=Oregon/L=Portland' \ -subj '/CN=ldap.easypi.duckdns.org/O=EasyPi/C=US/ST=Oregon/L=Portland' \
-keyout ldap.key -out ldap.csr -keyout ldap.key -out ldap.csr
openssl x509 \ openssl x509 \
@ -106,11 +106,11 @@ openssl x509 \
```bash ```bash
$ docker-compose exec openldap bash $ docker-compose exec openldap bash
>>> ldapwhoami -H ldap://ldap.easypi.pro -x -ZZ >>> ldapwhoami -H ldap://ldap.easypi.duckdns.org -x -ZZ
anonymous anonymous
>>> ldapwhoami -H ldaps://ldap.easypi.pro -x -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin >>> ldapwhoami -H ldaps://ldap.easypi.duckdns.org -x -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
dn:cn=admin,dc=ldap,dc=easypi,dc=pro dn:cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org
>>> ldapsearch -H ldaps://ldap.easypi.pro -b dc=ldap,dc=easypi,dc=pro -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin >>> ldapsearch -H ldaps://ldap.easypi.duckdns.org -b dc=ldap,dc=easypi,dc=duckdns,dc=org -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
... ...
``` ```

View File

@ -1,11 +1,11 @@
version: "3.7" version: "3.8"
services: services:
openldap: openldap:
image: osixia/openldap image: osixia/openldap
command: "--loglevel debug" command: "--loglevel debug"
hostname: ldap.easypi.pro hostname: ldap.easypi.duckdns.org
ports: ports:
- "389:389" - "389:389"
- "636:636" - "636:636"
@ -16,7 +16,7 @@ services:
- ./data/run:/container/run - ./data/run:/container/run
environment: environment:
- LDAP_ORGANISATION=EasyPi - LDAP_ORGANISATION=EasyPi
- LDAP_DOMAIN=ldap.easypi.pro - LDAP_DOMAIN=ldap.easypi.duckdns.org
- LDAP_ADMIN_PASSWORD=admin - LDAP_ADMIN_PASSWORD=admin
- LDAP_CONFIG_PASSWORD=config - LDAP_CONFIG_PASSWORD=config
- LDAP_TLS=true - LDAP_TLS=true
@ -25,20 +25,20 @@ services:
- LDAP_TLS_KEY_FILENAME=ldap.key - LDAP_TLS_KEY_FILENAME=ldap.key
- LDAP_TLS_VERIFY_CLIENT=try - LDAP_TLS_VERIFY_CLIENT=try
- LDAP_TLS_ENFORCE=true - LDAP_TLS_ENFORCE=true
restart: always restart: unless-stopped
phpldapadmin: # phpldapadmin:
image: osixia/phpldapadmin # image: osixia/phpldapadmin
command: "--loglevel debug" # command: "--loglevel debug"
ports: # ports:
- "8080:80" # - "8080:80"
environment: # environment:
# PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}] # # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
- PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/ # - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
- PHPLDAPADMIN_HTTPS=false # - PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true # - PHPLDAPADMIN_TRUST_PROXY_SSL=true
extra_hosts: # extra_hosts:
- ldap.easypi.pro:x.x.x.x # - ldap.easypi.duckdns.org:x.x.x.x
depends_on: # depends_on:
- openldap # - openldap
restart: always # restart: unless-stopped

View File

@ -1,14 +1,14 @@
server { server {
listen 80; listen 80;
server_name ldap.easypi.pro; server_name ldap.easypi.duckdns.org;
return 302 https://$host$request_uri; return 302 https://$host$request_uri;
} }
server { server {
listen 443 ssl; listen 443 ssl;
server_name ldap.easypi.pro; server_name ldap.easypi.duckdns.org;
ssl_certificate ssl/easypi.pro/fullchain.pem; ssl_certificate ssl/easypi.duckdns.org/fullchain.pem;
ssl_certificate_key ssl/easypi.pro/privkey.pem; ssl_certificate_key ssl/easypi.duckdns.org/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers HIGH:!aNULL:!MD5;
location / { location / {