Reference: https://hub.docker.com/r/bitnami/openldap
LDAP_PORT_NUMBER: The port OpenLDAP is listening for requests. Priviledged port is supported (e.g. 1389). Default: 1389 (non privileged port).
LDAP_ROOT: LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
LDAP_ADMIN_USERNAME: LDAP database admin user. Default: admin
LDAP_ADMIN_PASSWORD: LDAP database admin password. Default: adminpassword
LDAP_CONFIG_ADMIN_ENABLED: Whether to create a configuration admin user. Default: no.
LDAP_USERS: Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
LDAP_PASSWORDS: Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
LDAP_USER_DC: DC for the users' organizational unit. Default: users
LDAP_GROUP: Group used to group created users. Default: readers
LDAP_ALLOW_ANON_BINDING: Allow anonymous bindings to the LDAP server. Default: yes.
LDAP_PASSWORD_HASH: Hash to be used in generation of user passwords. Must be one of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. Default: {SSHA}.
LDAP_CUSTOM_LDIF_DIR: Location of a directory that contains LDIF files that should be used to bootstrap the database. Only files ending in .ldif will be used. Default LDAP tree based on the LDAP_USERS, LDAP_PASSWORDS, LDAP_USER_DC and LDAP_GROUP will be skipped when LDAP_CUSTOM_LDIF_DIR is used. When using this it will override the usage of LDAP_USERS, LDAP_PASSWORDS, LDAP_USER_DC and LDAP_GROUP. You should set LDAP_ROOT to your base to make sure the olcSuffix configured on the database matches the contents imported from the LDIF files. Default: /ldifs
LDAP_PASSWORD_HASH: Hash to be used in generation of user passwords. Must be one of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. Default: {SSHA}.
Create a new directory ldif with custom LDIF for Users and Groups
dn: dc=magnuskkarlsson,dc=se
objectClass: dcObject
objectClass: organization
dc: magnuskkarlsson
o: Magnus K Karlsson
dn: ou=People,dc=magnuskkarlsson,dc=se
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=magnuskkarlsson,dc=se
objectClass: organizationalUnit
ou: Groups
## Users
dn: cn=john,ou=People,dc=magnuskkarlsson,dc=se
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
userPassword:: Yml0bmFtaTE=
cn: John
sn: Doe
mail: john.doe@domain.com
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/john
dn: cn=kate,ou=People,dc=magnuskkarlsson,dc=se
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: kate
userPassword:: Yml0bmFtaTE=
cn: Kate
sn: Doe
mail: kate.doe@domain.com
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/kate
## Groups
dn: cn=USER,ou=Groups,dc=magnuskkarlsson,dc=se
cn: USER
objectClass: groupOfNames
member: cn=john,ou=People,dc=magnuskkarlsson,dc=se
member: cn=kate,ou=People,dc=magnuskkarlsson,dc=se
dn: cn=ADMIN,ou=Groups,dc=magnuskkarlsson,dc=se
cn: ADMIN
objectClass: groupOfNames
member: cn=john,ou=People,dc=magnuskkarlsson,dc=se
$ podman run -d --name openldap \
-e LDAP_ROOT=dc=magnuskkarlsson,dc=se \
-e LDAP_ADMIN_USERNAME=admin \
-e LDAP_ADMIN_PASSWORD=changeit \
-e LDAP_CONFIG_ADMIN_ENABLED=true \
-e LDAP_ALLOW_ANON_BINDING=false \
-e LDAP_CUSTOM_LDIF_DIR=/ldifs \
-p 1389:1389 \
-p 1636:1636 \
-v ./ldifs:/ldifs:Z \
docker.io/bitnami/openldap:2.6
$ podman logs --follow openldap
...
13:30:55.23 INFO ==> Loading custom LDIF files...
13:30:55.23 WARN ==> Ignoring LDAP_USERS, LDAP_PASSWORDS, LDAP_USER_DC and LDAP_GROUP environment variables...
13:30:56.35 INFO ==> ** LDAP setup finished! **
And later to stop
$ podman stop openldap; podman rm openldap
Now verify ldap and it's entries. First install ldap client
$ sudo dnf install openldap-clients
$ ldapsearch -h
...
-H URI LDAP Uniform Resource Identifier(s)
-D binddn bind DN
-x Simple authentication
-w passwd bind password (for simple authentication)
-b basedn base dn for search
-s scope one of base, one, sub or children (search scope)
...
$ ldapsearch -H ldap://localhost:1389 -D cn=admin,dc=magnuskkarlsson,dc=se -w changeit -b dc=magnuskkarlsson,dc=se -s sub
GUI Administration Tools. Apache Directory Studio Eclipse-based LDAP tools
https://magnus-k-karlsson.blogspot.com/2015/02/understanding-ldap-and-ldap.html
No comments:
Post a Comment