From bfe9eb4694c58709cb1f86cef73faa4bc0630682 Mon Sep 17 00:00:00 2001 From: Sam Dodrill Date: Fri, 20 Feb 2015 20:33:23 -0800 Subject: [PATCH] Add ldap container --- ldap/Dockerfile | 21 +++++++++++++++++++++ ldap/README.md | 38 ++++++++++++++++++++++++++++++++++++++ ldap/slapd.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+) create mode 100644 ldap/Dockerfile create mode 100644 ldap/README.md create mode 100755 ldap/slapd.sh diff --git a/ldap/Dockerfile b/ldap/Dockerfile new file mode 100644 index 0000000..5bd511c --- /dev/null +++ b/ldap/Dockerfile @@ -0,0 +1,21 @@ +FROM flitter/init +MAINTAINER Nick Stenning + +ENV HOME /root + +# Use baseimage-docker's init system. +CMD ["/sbin/my_init"] + +# Configure apt +RUN apt-get -y update &&\ + LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y slapd &&\ + apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Default configuration: can be overridden at the docker command line +ENV LDAP_ROOTPASS toor +ENV LDAP_ORGANISATION Acme Widgets Inc. +ENV LDAP_DOMAIN example.com + +EXPOSE 389 + +ADD slapd.sh /etc/service/slapd/run diff --git a/ldap/README.md b/ldap/README.md new file mode 100644 index 0000000..b2f737f --- /dev/null +++ b/ldap/README.md @@ -0,0 +1,38 @@ +## slapd + +A basic configuration of the OpenLDAP server, slapd, with support for data +volumes. + +This image will initialize a basic configuration of slapd. Most common schemas +are preloaded (all the schemas that come preloaded with the default Ubuntu +Precise install of slapd), but the only record added to the directory will be +the root organisational unit. + +You can (and should) configure the following by providing environment variables +to `docker run`: + +- `LDAP_DOMAIN` sets the LDAP root domain. (e.g. if you provide `foo.bar.com` + here, the root of your directory will be `dc=foo,dc=bar,dc=com`) +- `LDAP_ORGANISATION` sets the human-readable name for your organisation (e.g. + `Acme Widgets Inc.`) +- `LDAP_ROOTPASS` sets the LDAP admin user password (i.e. the password for + `cn=admin,dc=example,dc=com` if your domain was `example.com`) + +For example, to start a container running slapd for the `mycorp.com` domain, +with data stored in `/data/ldap` on the host, use the following: + + docker run -v /data/ldap:/var/lib/ldap \ + -e LDAP_DOMAIN=mycorp.com \ + -e LDAP_ORGANISATION="My Mega Corporation" \ + -e LDAP_ROOTPASS=s3cr3tpassw0rd \ + -d nickstenning/slapd + +You can find out which port the LDAP server is bound to on the host by running +`docker ps` (or `docker port 389`). You could then load an LDIF +file (to set up your directory) like so: + + ldapadd -h localhost -p -c -x -D cn=admin,dc=mycorp,dc=com -W -f +data.ldif + +**NB**: Please be aware that by default docker will make the LDAP port +accessible from anywhere if the host firewall is unconfigured. diff --git a/ldap/slapd.sh b/ldap/slapd.sh new file mode 100755 index 0000000..cb75656 --- /dev/null +++ b/ldap/slapd.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +set -eu + +status () { + echo "---> ${@}" >&2 +} + +set -x +: LDAP_ROOTPASS=${LDAP_ROOTPASS} +: LDAP_DOMAIN=${LDAP_DOMAIN} +: LDAP_ORGANISATION=${LDAP_ORGANISATION} + +if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then + status "configuring slapd for first run" + + cat <