mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-23 01:39:27 +02:00
update openldap
This commit is contained in:
parent
5840efd29b
commit
3eaf4acf0a
@ -29,14 +29,14 @@ OpenLDAP Software is an open source implementation of the Lightweight Directory
|
|||||||
## docker-compose.yml
|
## docker-compose.yml
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: "3.7"
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
openldap:
|
openldap:
|
||||||
image: osixia/openldap
|
image: osixia/openldap
|
||||||
command: "--loglevel debug"
|
command: "--loglevel debug"
|
||||||
hostname: ldap.easypi.pro
|
hostname: ldap.easypi.duckdns.org
|
||||||
ports:
|
ports:
|
||||||
- "389:389"
|
- "389:389"
|
||||||
- "636:636"
|
- "636:636"
|
||||||
@ -47,7 +47,7 @@ services:
|
|||||||
- ./data/run:/container/run
|
- ./data/run:/container/run
|
||||||
environment:
|
environment:
|
||||||
- LDAP_ORGANISATION=EasyPi
|
- LDAP_ORGANISATION=EasyPi
|
||||||
- LDAP_DOMAIN=ldap.easypi.pro
|
- LDAP_DOMAIN=ldap.easypi.duckdns.org
|
||||||
- LDAP_ADMIN_PASSWORD=admin
|
- LDAP_ADMIN_PASSWORD=admin
|
||||||
- LDAP_CONFIG_PASSWORD=config
|
- LDAP_CONFIG_PASSWORD=config
|
||||||
- LDAP_TLS=true
|
- LDAP_TLS=true
|
||||||
@ -56,23 +56,23 @@ services:
|
|||||||
- LDAP_TLS_KEY_FILENAME=ldap.key
|
- LDAP_TLS_KEY_FILENAME=ldap.key
|
||||||
- LDAP_TLS_VERIFY_CLIENT=try
|
- LDAP_TLS_VERIFY_CLIENT=try
|
||||||
- LDAP_TLS_ENFORCE=true
|
- LDAP_TLS_ENFORCE=true
|
||||||
restart: always
|
restart: unless-stopped
|
||||||
|
|
||||||
phpldapadmin:
|
# phpldapadmin:
|
||||||
image: osixia/phpldapadmin
|
# image: osixia/phpldapadmin
|
||||||
command: "--loglevel debug"
|
# command: "--loglevel debug"
|
||||||
ports:
|
# ports:
|
||||||
- "8080:80"
|
# - "8080:80"
|
||||||
environment:
|
# environment:
|
||||||
# PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
|
# # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
|
||||||
- PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
|
# - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
|
||||||
- PHPLDAPADMIN_HTTPS=false
|
# - PHPLDAPADMIN_HTTPS=false
|
||||||
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
|
# - PHPLDAPADMIN_TRUST_PROXY_SSL=true
|
||||||
extra_hosts:
|
# extra_hosts:
|
||||||
- ldap.easypi.pro:x.x.x.x
|
# - ldap.easypi.duckdns.org:x.x.x.x
|
||||||
depends_on:
|
# depends_on:
|
||||||
- openldap
|
# - openldap
|
||||||
restart: always
|
# restart: unless-stopped
|
||||||
```
|
```
|
||||||
|
|
||||||
> :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS:
|
> :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS:
|
||||||
@ -88,12 +88,12 @@ services:
|
|||||||
```bash
|
```bash
|
||||||
openssl req \
|
openssl req \
|
||||||
-x509 -nodes -days 3650 -sha256 \
|
-x509 -nodes -days 3650 -sha256 \
|
||||||
-subj '/C=US/ST=Oregon/L=Portland/CN=easypi.pro' \
|
-subj '/C=US/ST=Oregon/L=Portland/CN=easypi.duckdns.org' \
|
||||||
-newkey rsa:2048 -keyout ca.key -out ca.crt
|
-newkey rsa:2048 -keyout ca.key -out ca.crt
|
||||||
|
|
||||||
openssl req \
|
openssl req \
|
||||||
-new -sha256 -newkey rsa:2048 -nodes \
|
-new -sha256 -newkey rsa:2048 -nodes \
|
||||||
-subj '/CN=ldap.easypi.pro/O=EasyPi/C=US/ST=Oregon/L=Portland' \
|
-subj '/CN=ldap.easypi.duckdns.org/O=EasyPi/C=US/ST=Oregon/L=Portland' \
|
||||||
-keyout ldap.key -out ldap.csr
|
-keyout ldap.key -out ldap.csr
|
||||||
|
|
||||||
openssl x509 \
|
openssl x509 \
|
||||||
@ -106,11 +106,11 @@ openssl x509 \
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker-compose exec openldap bash
|
$ docker-compose exec openldap bash
|
||||||
>>> ldapwhoami -H ldap://ldap.easypi.pro -x -ZZ
|
>>> ldapwhoami -H ldap://ldap.easypi.duckdns.org -x -ZZ
|
||||||
anonymous
|
anonymous
|
||||||
>>> ldapwhoami -H ldaps://ldap.easypi.pro -x -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
|
>>> ldapwhoami -H ldaps://ldap.easypi.duckdns.org -x -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
|
||||||
dn:cn=admin,dc=ldap,dc=easypi,dc=pro
|
dn:cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org
|
||||||
>>> ldapsearch -H ldaps://ldap.easypi.pro -b dc=ldap,dc=easypi,dc=pro -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
|
>>> ldapsearch -H ldaps://ldap.easypi.duckdns.org -b dc=ldap,dc=easypi,dc=duckdns,dc=org -D cn=admin,dc=ldap,dc=easypi,dc=duckdns,dc=org -w admin
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
version: "3.7"
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
openldap:
|
openldap:
|
||||||
image: osixia/openldap
|
image: osixia/openldap
|
||||||
command: "--loglevel debug"
|
command: "--loglevel debug"
|
||||||
hostname: ldap.easypi.pro
|
hostname: ldap.easypi.duckdns.org
|
||||||
ports:
|
ports:
|
||||||
- "389:389"
|
- "389:389"
|
||||||
- "636:636"
|
- "636:636"
|
||||||
@ -16,7 +16,7 @@ services:
|
|||||||
- ./data/run:/container/run
|
- ./data/run:/container/run
|
||||||
environment:
|
environment:
|
||||||
- LDAP_ORGANISATION=EasyPi
|
- LDAP_ORGANISATION=EasyPi
|
||||||
- LDAP_DOMAIN=ldap.easypi.pro
|
- LDAP_DOMAIN=ldap.easypi.duckdns.org
|
||||||
- LDAP_ADMIN_PASSWORD=admin
|
- LDAP_ADMIN_PASSWORD=admin
|
||||||
- LDAP_CONFIG_PASSWORD=config
|
- LDAP_CONFIG_PASSWORD=config
|
||||||
- LDAP_TLS=true
|
- LDAP_TLS=true
|
||||||
@ -25,20 +25,20 @@ services:
|
|||||||
- LDAP_TLS_KEY_FILENAME=ldap.key
|
- LDAP_TLS_KEY_FILENAME=ldap.key
|
||||||
- LDAP_TLS_VERIFY_CLIENT=try
|
- LDAP_TLS_VERIFY_CLIENT=try
|
||||||
- LDAP_TLS_ENFORCE=true
|
- LDAP_TLS_ENFORCE=true
|
||||||
restart: always
|
restart: unless-stopped
|
||||||
|
|
||||||
phpldapadmin:
|
# phpldapadmin:
|
||||||
image: osixia/phpldapadmin
|
# image: osixia/phpldapadmin
|
||||||
command: "--loglevel debug"
|
# command: "--loglevel debug"
|
||||||
ports:
|
# ports:
|
||||||
- "8080:80"
|
# - "8080:80"
|
||||||
environment:
|
# environment:
|
||||||
# PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
|
# # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
|
||||||
- PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
|
# - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
|
||||||
- PHPLDAPADMIN_HTTPS=false
|
# - PHPLDAPADMIN_HTTPS=false
|
||||||
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
|
# - PHPLDAPADMIN_TRUST_PROXY_SSL=true
|
||||||
extra_hosts:
|
# extra_hosts:
|
||||||
- ldap.easypi.pro:x.x.x.x
|
# - ldap.easypi.duckdns.org:x.x.x.x
|
||||||
depends_on:
|
# depends_on:
|
||||||
- openldap
|
# - openldap
|
||||||
restart: always
|
# restart: unless-stopped
|
||||||
|
@ -1,14 +1,14 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name ldap.easypi.pro;
|
server_name ldap.easypi.duckdns.org;
|
||||||
return 302 https://$host$request_uri;
|
return 302 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
server_name ldap.easypi.pro;
|
server_name ldap.easypi.duckdns.org;
|
||||||
ssl_certificate ssl/easypi.pro/fullchain.pem;
|
ssl_certificate ssl/easypi.duckdns.org/fullchain.pem;
|
||||||
ssl_certificate_key ssl/easypi.pro/privkey.pem;
|
ssl_certificate_key ssl/easypi.duckdns.org/privkey.pem;
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
location / {
|
location / {
|
||||||
|
Loading…
Reference in New Issue
Block a user