Commit befe7c5b authored by Christian Luginbühl's avatar Christian Luginbühl
Browse files

Initial version

parents
FROM debian:wheezy
MAINTAINER Christian Luginbühl <dinke@pimprecords.com>
ENV OPENLDAP_VERSION 2.4.31
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
slapd=${OPENLDAP_VERSION}* \
ldap-utils=${OPENLDAP_VERSION}* && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
EXPOSE 389
VOLUME ["/var/lib/ldap"]
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["slapd", "-d", "32768"]
The MIT License (MIT)
Copyright (c) 2015, Christian Luginbühl
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
docker-openldap
===============
A Docker image running OpenLDAP on Debian stable ("wheezy" at the moment). The
Dockerfile is inspired by the well written one from
[cnry/openldap](https://registry.hub.docker.com/u/cnry/openldap/), but as said
before, running a stable Debian and be a little less verbose, but more complete
in the configuration.
NOTE: On purpose, there is no secured channel (TLS/SSL), because I believe that
this service should never be exposed to the internet, but only be used directly
by Docker containers using the `--link` option.
Usage
-----
The most simple form would be to start the application like so (however this is
not the recommended way - see above):
docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org dinkel/openldap
To get the full potential this image offers, one should first create a data-only
container (see "Data persistence" below), start the OpenLDAP daemon as follows:
docker run -d -name openldap --volumes-from your-data-container dinkel/openldap
An application talking to OpenLDAP should then `--link` the container:
docker run -d --link openldap:openldap image-using-openldap
The name after the colon in the `--link` section is the hostname where the
OpenLDAP daemon is listening to (the port is the default port `389`).
Configuration (environment variables)
-------------------------------------
For the first run one has to set at least two envrironment variables. The first
SLAPD_PASSWORD
sets the password for the `admin` user.
The second
SLAPD_DOMAIN
sets the DC (Domain component) parts. E.g. if one sets it to `ldap.example.org`,
the generated base DC parts would be `...,dc=ldap,dc=example,dc=org`.
There is an optinal third variable
SLAPD_ORGANIZATION (defaults to $SLAPD_DOMAIN)
that represents the human readable company name (e.g. `Example Inc.`).
After the first start of the image (and the initial configuration), these
envirnonment variables are not evaluated anymore.
Data persistence
----------------
The image exposes the directory, where the data is written
(`VOLUME ["/var/lib/ldap"`). Please make sure that
these directories are saved (in a data-only container or alike) in order to make
sure that everything is restored after a new restart of the application.
#!/bin/bash
set -e
chown -R openldap:openldap /var/lib/ldap/
if [[ ! -f /etc/ldap/docker-configured ]]; then
if [[ -z "$SLAPD_PASSWORD" ]]; then
echo >&2 "Error: slapd not configured and SLAPD_PASSWORD not set"
echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
exit 1
fi
if [[ -z "$SLAPD_DOMAIN" ]]; then
echo >&2 "Error: slapd not configured and SLAPD_DOMAIN not set"
echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
exit 1
fi
SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}"
cat <<-EOF | debconf-set-selections
slapd slapd/no_configuration boolean false
slapd slapd/password1 password $SLAPD_PASSWORD
slapd slapd/password2 password $SLAPD_PASSWORD
slapd shared/organization string $SLAPD_ORGANIZATION
slapd slapd/domain string $SLAPD_DOMAIN
slapd slapd/backend select hdb
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/purge_database boolean false
slapd slapd/move_old_database boolean true
EOF
dpkg-reconfigure -fnoninteractive slapd >/dev/null 2>&1
dc_string=""
IFS="."; declare -a dc_parts=($SLAPD_DOMAIN)
for dc_part in "${dc_parts[@]}"; do
dc_string="$dc_string,dc=$dc_part"
done
base_string="BASE ${dc_string:1}"
sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
touch /etc/ldap/docker-configured
fi
exec "$@"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment