self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-05-13 22:06:55 +02:00
Code Issues Releases Activity

update openldap

Browse Source
This commit is contained in:
kev 2019-09-25 04:24:54 +08:00
parent 1057a9d6b6
commit ddc98ab232
2 changed files with 96 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
openldap/README.md
View File

@ -29,38 +29,56 @@ OpenLDAP Software is an open source implementation of the Lightweight Directory
## docker-compose.yml ## docker-compose.yml
```yaml ```yaml
openldap: version: "3.7"
services:
openldap:
image: osixia/openldap image: osixia/openldap
command: "--loglevel debug"
hostname: ldap.easypi.pro
ports: ports:
- "389:389" - "389:389"
- "636:636"
volumes: volumes:
- ./data/certs:/container/service/slapd/assets/certs - ./data/certs:/container/service/slapd/assets/certs
- ./data/conf:/etc/ldap/slapd.d - ./data/etc:/etc/ldap/slapd.d
- ./data/data:/var/lib/ldap - ./data/var:/var/lib/ldap
- ./data/run:/container/run
environment: environment:
- LDAP_ORGANISATION=EasyPi - LDAP_ORGANISATION=EasyPi
- LDAP_DOMAIN=ldap.easypi.pro - LDAP_DOMAIN=ldap.easypi.pro
- LDAP_ADMIN_PASSWORD=admin - LDAP_ADMIN_PASSWORD=admin
- LDAP_CONFIG_PASSWORD=config - LDAP_CONFIG_PASSWORD=config
- LDAP_TLS=true
- LDAP_TLS_CA_CRT_FILENAME=ca.crt - LDAP_TLS_CA_CRT_FILENAME=ca.crt
- LDAP_TLS_CRT_FILENAME=ldap.crt - LDAP_TLS_CRT_FILENAME=ldap.crt
- LDAP_TLS_KEY_FILENAME=ldap.key - LDAP_TLS_KEY_FILENAME=ldap.key
# LDAP_TLS_ENFORCE=true - LDAP_TLS_VERIFY_CLIENT=try
- LDAP_TLS_ENFORCE=true
restart: always restart: always
phpldapadmin: phpldapadmin:
image: osixia/phpldapadmin image: osixia/phpldapadmin
ports: ports:
- "8080:80" - "8080:80"
environment: environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap - PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
- PHPLDAPADMIN_HTTPS=false - PHPLDAPADMIN_HTTPS=false
links: extra_hosts:
- ldap.easypi.pro:x.x.x.x
depends_on:
- openldap - openldap
restart: always restart: always
``` ```
> :warnning: I haven't figured out how to connect phpldapadmin to openladp via STARTTLS. > :warnning: I haven't figured out how to connect phpldapadmin to openladp via STARTTLS:
>> openldap_1 | 5d8a7abe conn=1023 fd=12 ACCEPT from IP=172.29.0.1:59342 (IP=0.0.0.0:389)
>> openldap_1 | 5d8a7abe conn=1023 op=0 EXT oid=1.3.6.1.4.1.1466.20037
>> openldap_1 | 5d8a7abe conn=1023 op=0 STARTTLS
>> openldap_1 | 5d8a7abe conn=1023 op=0 RESULT oid= err=0 text=
>> openldap_1 | 5d8a7abe conn=1023 fd=12 TLS established tls_ssf=256 ssf=256
>> openldap_1 | 5d8a7abe conn=1023 fd=12 closed (connection lost)
## Create Keys and Certificates ## Create Keys and Certificates
@ -81,16 +99,22 @@ openssl x509 \
-out ldap.crt -out ldap.crt
``` ```
## Test the STARTTLS upgrade ## Test the STARTTLS & SSL connections
```bash ```bash
$ docker-compose exec openldap bash $ docker-compose exec openldap bash
>>> ldapwhoami -H ldap://ldap.easypi.pro -x -ZZ >>> ldapwhoami -H ldap://ldap.easypi.pro -x -ZZ
anonymous anonymous
>>> exit >>> ldapwhoami -H ldaps://ldap.easypi.pro -x -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
exit dn:cn=admin,dc=ldap,dc=easypi,dc=pro
>>> ldapsearch -H ldaps://ldap.easypi.pro -b dc=ldap,dc=easypi,dc=pro -D cn=admin,dc=ldap,dc=easypi,dc=pro -w admin
...
``` ```
## GUI Client
- https://directory.apache.org/
## References ## References
- https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls - https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls

26
openldap/docker-compose.yml
View File

@ -1,29 +1,41 @@
openldap: version: "3.7"
services:
openldap:
image: osixia/openldap image: osixia/openldap
command: "--loglevel debug"
hostname: ldap.easypi.pro
ports: ports:
- "389:389" - "389:389"
- "636:636"
volumes: volumes:
- ./data/certs:/container/service/slapd/assets/certs - ./data/certs:/container/service/slapd/assets/certs
- ./data/conf:/etc/ldap/slapd.d - ./data/etc:/etc/ldap/slapd.d
- ./data/data:/var/lib/ldap - ./data/var:/var/lib/ldap
- ./data/run:/container/run
environment: environment:
- LDAP_ORGANISATION=EasyPi - LDAP_ORGANISATION=EasyPi
- LDAP_DOMAIN=ldap.easypi.pro - LDAP_DOMAIN=ldap.easypi.pro
- LDAP_ADMIN_PASSWORD=admin - LDAP_ADMIN_PASSWORD=admin
- LDAP_CONFIG_PASSWORD=config - LDAP_CONFIG_PASSWORD=config
- LDAP_TLS=true
- LDAP_TLS_CA_CRT_FILENAME=ca.crt - LDAP_TLS_CA_CRT_FILENAME=ca.crt
- LDAP_TLS_CRT_FILENAME=ldap.crt - LDAP_TLS_CRT_FILENAME=ldap.crt
- LDAP_TLS_KEY_FILENAME=ldap.key - LDAP_TLS_KEY_FILENAME=ldap.key
# LDAP_TLS_ENFORCE=true - LDAP_TLS_VERIFY_CLIENT=try
- LDAP_TLS_ENFORCE=true
restart: always restart: always
phpldapadmin: phpldapadmin:
image: osixia/phpldapadmin image: osixia/phpldapadmin
ports: ports:
- "8080:80" - "8080:80"
environment: environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap - PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
- PHPLDAPADMIN_HTTPS=false - PHPLDAPADMIN_HTTPS=false
links: extra_hosts:
- ldap.easypi.pro:x.x.x.x
depends_on:
- openldap - openldap
restart: always restart: always