Add ldap container

2015-02-20 20:33:23 -08:00 · 2015-02-20 20:33:23 -08:00 · bfe9eb4694
parent ade9cd5547
commit bfe9eb4694
3 changed files with 101 additions and 0 deletions
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@ -0,0 +1,21 @@
+FROM flitter/init
+MAINTAINER Nick Stenning <nick@whiteink.com>
+
+ENV HOME /root
+
+# Use baseimage-docker's init system.
+CMD ["/sbin/my_init"]
+
+# Configure apt
+RUN apt-get -y update &&\
+    LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y slapd &&\
+    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Default configuration: can be overridden at the docker command line
+ENV LDAP_ROOTPASS toor
+ENV LDAP_ORGANISATION Acme Widgets Inc.
+ENV LDAP_DOMAIN example.com
+
+EXPOSE 389
+
+ADD slapd.sh /etc/service/slapd/run
--- a/ldap/README.md
+++ b/ldap/README.md
@ -0,0 +1,38 @@
+## slapd
+
+A basic configuration of the OpenLDAP server, slapd, with support for data
+volumes.
+
+This image will initialize a basic configuration of slapd. Most common schemas
+are preloaded (all the schemas that come preloaded with the default Ubuntu
+Precise install of slapd), but the only record added to the directory will be
+the root organisational unit.
+
+You can (and should) configure the following by providing environment variables
+to `docker run`:
+
+- `LDAP_DOMAIN` sets the LDAP root domain. (e.g. if you provide `foo.bar.com`
+  here, the root of your directory will be `dc=foo,dc=bar,dc=com`)
+- `LDAP_ORGANISATION` sets the human-readable name for your organisation (e.g.
+  `Acme Widgets Inc.`)
+- `LDAP_ROOTPASS` sets the LDAP admin user password (i.e. the password for
+  `cn=admin,dc=example,dc=com` if your domain was `example.com`)
+
+For example, to start a container running slapd for the `mycorp.com` domain,
+with data stored in `/data/ldap` on the host, use the following:
+
+    docker run -v /data/ldap:/var/lib/ldap \
+               -e LDAP_DOMAIN=mycorp.com \
+               -e LDAP_ORGANISATION="My Mega Corporation" \
+               -e LDAP_ROOTPASS=s3cr3tpassw0rd \
+               -d nickstenning/slapd
+
+You can find out which port the LDAP server is bound to on the host by running
+`docker ps` (or `docker port <container_id> 389`). You could then load an LDIF
+file (to set up your directory) like so:
+
+    ldapadd -h localhost -p <host_port> -c -x -D cn=admin,dc=mycorp,dc=com -W -f
+data.ldif
+
+**NB**: Please be aware that by default docker will make the LDAP port
+accessible from anywhere if the host firewall is unconfigured.
--- a/ldap/slapd.sh
+++ b/ldap/slapd.sh
@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -eu
+
+status () {
+  echo "---> ${@}" >&2
+}
+
+set -x
+: LDAP_ROOTPASS=${LDAP_ROOTPASS}
+: LDAP_DOMAIN=${LDAP_DOMAIN}
+: LDAP_ORGANISATION=${LDAP_ORGANISATION}
+
+if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
+  status "configuring slapd for first run"
+
+  cat <<EOF | debconf-set-selections
+slapd slapd/internal/generated_adminpw password ${LDAP_ROOTPASS}
+slapd slapd/internal/adminpw password ${LDAP_ROOTPASS}
+slapd slapd/password2 password ${LDAP_ROOTPASS}
+slapd slapd/password1 password ${LDAP_ROOTPASS}
+slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+slapd slapd/domain string ${LDAP_DOMAIN}
+slapd shared/organization string ${LDAP_ORGANISATION}
+slapd slapd/backend string HDB
+slapd slapd/purge_database boolean true
+slapd slapd/move_old_database boolean true
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/no_configuration boolean false
+slapd slapd/dump_database select when needed
+EOF
+
+  dpkg-reconfigure -f noninteractive slapd
+
+  touch /var/lib/ldap/docker_bootstrapped
+else
+  status "found already-configured slapd"
+fi
+
+status "starting slapd"
+set -x
+exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d 0