From 70c8d704699188f101338c91e7ccbd97a9d3a808 Mon Sep 17 00:00:00 2001 From: Paul Date: Fri, 17 May 2019 02:24:19 +0200 Subject: [PATCH] Improve documentation --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 50c7e18..4c9cbf9 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,32 @@ run the service docker-compose up -d ``` +#### Custom schema +every .ldif or .sh file will be evaluated on server startup, if it's placed +inside the '/docker-entrypoint-initdb.d/' directory. This allows you to +Specify custom behaviour of the LDAP Server. + +By default the server will load the schema from the 'fixtures/' directory, +which will provide this features: + + * MDB backend for better performance + * Indexing of most referenced attributes by default + * Base structure with People, Groups, Sevices, Domains and Policies. + * Simple but useful ACL rules, allowing users to change their own passwords. + * Password policy for strong cryptographic hashing of user passwords and password rotation. + * Referential integrity for e.g. group memberships. + * Support for core, cosine, nis, inetorgperson, ppolicy and misc schemas. + * Support for user-definable SSH public keys as attributes. + * enforcing of username and user ID uniqueness. + +### Configuration +The LDAP server can be configured for your organization using the environment variables: + * `ROOTPW` password for the administration user that is created by default. Make this hard to guess! + * `ORGANIZATION` Name of the organization running this LDAP server. + * `SUFFIX` overwrites the root node for all entries. By default this will be 'o=organizationname', but for compatibility you might want to set this to 'dc=domain,dc=tld'. + * `DATADIR` is the path to the directory containing the LDAP DATA; by default this is '/var/lib/ldap/'. + * `CONFDIR` points to the path containing the server configuration, by default this is '/etc/ldap/slapd.d'. + ### Backing up data State stored in this container is essential to many other services, that use authentication and authorization. Therefore you should think about