No description
Find a file
2020-07-17 22:11:04 +02:00
fixtures Add additional indexes 2019-04-18 21:28:44 +02:00
scripts Integrate and document backup scripts 2019-11-10 09:53:21 +01:00
.dockerignore Initial commit 2017-09-09 17:54:45 +02:00
.gitignore Initial commit 2017-09-09 17:54:45 +02:00
.gitlab-ci.yml Enable automated builds 2017-09-09 18:00:33 +02:00
docker-compose.yml.example Integrate and document backup scripts 2019-11-10 09:53:21 +01:00
Dockerfile update dockerfile documentation 2020-07-17 22:11:04 +02:00
entrypoint.sh Integrate and document backup scripts 2019-11-10 09:53:21 +01:00
README.md edit headings to reflect new name 2020-05-13 21:18:38 +02:00

ldap

ldap offers a LDAP server, which we mostly use for authentication of various services. Therefore, a lot of services have a direct (or indirect) dependency on this image.

Getting the image

This image is automatically build and pushed to the docker hub. Therefore getting the image should be as easy as running

docker pull zombi/ldap

Building ldap

It is also possible to manually build this image from this repository.

docker build -t zombi/ldap .

Running ldap

Copy over example configuration

cp docker-compose.yml{.example,}

run the service

docker-compose up -d

Custom schema

every .ldif or .sh file will be evaluated on server startup, if it's placed inside the '/docker-entrypoint-initdb.d/' directory. This allows you to Specify custom behaviour of the LDAP Server.

By default the server will load the schema from the 'fixtures/' directory, which will provide this features:

  • MDB backend for better performance
  • Indexing of most referenced attributes by default
  • Base structure with People, Groups, Sevices, Domains and Policies.
  • Simple but useful ACL rules, allowing users to change their own passwords.
  • Password policy for strong cryptographic hashing of user passwords and password rotation.
  • Referential integrity for e.g. group memberships.
  • Support for core, cosine, nis, inetorgperson, ppolicy and misc schemas.
  • Support for user-definable SSH public keys as attributes.
  • enforcing of username and user ID uniqueness.

Configuration

The LDAP server can be configured for your organization using the environment variables:

  • ROOTPW password for the administration user that is created by default. Make this hard to guess!
  • ORGANIZATION Name of the organization running this LDAP server.
  • SUFFIX overwrites the root node for all entries. By default this will be 'o=organizationname', but for compatibility you might want to set this to 'dc=domain,dc=tld'.
  • DATADIR is the path to the directory containing the LDAP DATA; by default this is '/var/lib/ldap/'.
  • CONFDIR points to the path containing the server configuration, by default this is '/etc/ldap/slapd.d'.

Backing up data

State stored in this container is essential to many other services, that use authentication and authorization. Therefore you should think about backing up the LDAP database in regular intervals.

# append database number, typically 0 for config and 1 for the main
# database.
$ docker exec -it ldap dump 0 > conf_dump.ldif
$ docker exec -it ldap dump 1 > data_dump.ldif

# .. or similary with docker-compose
$ docker-compose exec ldap dump 1 > data_dump.ldif