### Setting Up Two-Node OpenLDAP Replication - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Presents a quick example of setting up a basic two-node multi-master replication using shell commands. It involves starting two containers with replication enabled, capturing their IPs and IDs, and updating their `/etc/hosts` files to resolve hostnames for replication communication. ```sh #Create the first ldap server, save the container id in LDAP_CID and get its IP: LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.5.0) LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID) ``` ```sh #Create the second ldap server, save the container id in LDAP2_CID and get its IP: LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.5.0) LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID) ``` ```sh #Add the pair "ip hostname" to /etc/hosts on each containers, #because ldap.example.org and ldap2.example.org are fake hostnames docker exec $LDAP_CID bash -c "echo $LDAD2_IP ldap2.example.org >> /etc/hosts" ``` ```sh docker exec $LDAP2_CID bash -c "echo $LDAP_IP ldap.example.org >> /etc/hosts" ``` -------------------------------- ### Dockerfile Example for Extending osixia/openldap Image Source: https://github.com/osixia/docker-openldap/blob/master/README.md Provides a Dockerfile template showing how to extend the base osixia/openldap image. It demonstrates adding custom bootstrap configurations, certificates, and environment files. ```Dockerfile FROM osixia/openldap:1.5.0 LABEL maintainer="Your Name " ADD bootstrap /container/service/slapd/assets/config/bootstrap ADD certs /container/service/slapd/assets/certs ADD environment /container/environment/01-custom ``` -------------------------------- ### Getting All OpenLDAP Container Command Line Options - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Provides the command to execute the OpenLDAP container image with the `--help` argument. This displays a list of all available command-line options that can be used when running the container. ```sh docker run osixia/openldap:1.5.0 --help ``` -------------------------------- ### Customizing OpenLDAP Server Configuration with Environment Variables - Shell Source: https://github.com/osixia/docker-openldap/blob/master/README.md Starts a new OpenLDAP container and overrides the default organization, domain, and admin password using environment variables (--env). This customizes the initial setup of the LDAP directory. ```sh docker run \ --env LDAP_ORGANISATION="My Company" \ --env LDAP_DOMAIN="my-company.com" \ --env LDAP_ADMIN_PASSWORD="JonSn0w" \ --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Seeding OpenLDAP Database with LDIF Files via Docker Volumes - Shell Source: https://github.com/osixia/docker-openldap/blob/master/README.md Starts an OpenLDAP container and mounts local LDIF files or directories into the container's bootstrap directories using Docker volumes. The '--copy-service' argument ensures that the default bootstrap scripts are used to process the mounted files. ```sh # single file example: docker run \ --volume ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif \ osixia/openldap:1.5.0 --copy-service # directory example: docker run \ --volume ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \ osixia/openldap:1.5.0 --copy-service ``` -------------------------------- ### Starting OpenLDAP Container without Port Mapping - Shell Source: https://github.com/osixia/docker-openldap/blob/master/README.md Runs the osixia/openldap Docker image in detached mode, naming the container 'my-openldap-container'. This command starts the server but ports are not exposed to the host machine. ```sh docker run --name my-openldap-container --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Starting OpenLDAP Container with Port Mapping - Shell Source: https://github.com/osixia/docker-openldap/blob/master/README.md Runs the osixia/openldap Docker image in detached mode, mapping the default LDAP ports (389 and 636) from the container to the host machine. This allows external access to the LDAP server. ```sh docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Running OpenLDAP with Auto-Generated TLS Cert - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Shows how to start the OpenLDAP container using the default auto-generated TLS certificate. The certificate is generated based on the container's hostname, which is set using the `--hostname` option in the `docker run` command. ```sh docker run --hostname ldap.my-company.com --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Running OpenLDAP Container in Debug Log Level - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Shows how to start the OpenLDAP container with a specific log level, such as `debug`. This overrides the default log level and provides more verbose output which can be useful for troubleshooting and debugging. ```sh docker run --detach osixia/openldap:1.5.0 --loglevel debug ``` -------------------------------- ### Disabling TLS Configuration for OpenLDAP - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Provides the Docker command to start the OpenLDAP container with TLS explicitly disabled. This is achieved by setting the `LDAP_TLS` environment variable to `false`. ```sh docker run --env LDAP_TLS=false --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Mounting Existing LDAP Database Volumes - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Demonstrates how to run the OpenLDAP container using existing LDAP database and configuration files located on the host machine. It requires mounting the host directories containing the database (`/data/slapd/database`) and config files (`/data/slapd/config`) as volumes to the container's respective paths (`/var/lib/ldap` and `/etc/ldap/slapd.d`). ```sh docker run \ --volume /data/slapd/database:/var/lib/ldap \ --volume /data/slapd/config:/etc/ldap/slapd.d \ --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Run Custom Built Docker Image Source: https://github.com/osixia/docker-openldap/blob/master/README.md Demonstrates running a Docker container using an image that was custom-built (e.g., using the `make build` command), specifying the custom image name and version. ```Shell docker run --detach cool-guy/openldap:0.1.0 ``` -------------------------------- ### Clone osixia/docker-openldap Project Source: https://github.com/osixia/docker-openldap/blob/master/README.md Commands to clone the osixia/docker-openldap Git repository and navigate into the project directory, useful for building a custom image or running tests. ```Shell git clone https://github.com/osixia/docker-openldap cd docker-openldap ``` -------------------------------- ### Run Bats Tests for osixia/docker-openldap Image Source: https://github.com/osixia/docker-openldap/blob/master/README.md Executes the `make test` command in the project directory to run the automated tests for the Docker image using the Bats testing framework. ```Shell make test ``` -------------------------------- ### Run Docker Container Linking Environment File Folder Source: https://github.com/osixia/docker-openldap/blob/master/README.md Illustrates mounting a local directory containing environment files (`*.yaml` and `*.startup.yaml`) into the container's `/container/environment/XX-somedir` path. This allows the container to read configuration from external files. ```Shell docker run \ --volume /data/ldap/environment:/container/environment/01-custom \ --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Run Docker Container Linking Single Environment File Source: https://github.com/osixia/docker-openldap/blob/master/README.md Shows how to mount a single local environment file (`my-env.yaml`) directly into the container's expected configuration path (`/container/environment/01-custom/env.yaml`) for injecting configuration. ```Shell docker run \ --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \ --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Build Custom Docker Image with Makefile Source: https://github.com/osixia/docker-openldap/blob/master/README.md Executes the `make build` command within the project directory to build the Docker image according to the project's Makefile configuration. ```Shell make build ``` -------------------------------- ### Run Docker Container with Command Line Environment Variables Source: https://github.com/osixia/docker-openldap/blob/master/README.md Demonstrates how to set environment variables for the container using the `--env` argument directly in the `docker run` command. This method makes the variable values visible in the container's environment. ```Shell docker run \ --env LDAP_ORGANISATION="My company" \ --env LDAP_DOMAIN="my-company.com" \ --env LDAP_ADMIN_PASSWORD="JonSn0w" \ --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Customizing OpenLDAP Container UID and GID during Build and Run - Shell Source: https://github.com/osixia/docker-openldap/blob/master/README.md Builds a custom Docker image based on osixia/openldap, specifying explicit UID and GID for the 'openldap' user using build arguments. It then runs the custom image and verifies the user ID inside the container. ```sh docker build \ --build-arg LDAP_OPENLDAP_GID=1234 \ --build-arg LDAP_OPENLDAP_UID=2345 \ -t my_ldap_image . docker run --name my_ldap_container -d my_ldap_image # this should output uid=2345(openldap) gid=1234(openldap) groups=1234(openldap) docker exec my_ldap_container id openldap ``` -------------------------------- ### Running OpenLDAP Container with --copy-service - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Provides the command to run the OpenLDAP container using the `--copy-service` argument. This option helps address potential file ownership and permission issues that can arise when mounting host directories or files as volumes inside the container. ```sh docker run [your options] osixia/openldap:1.5.0 --copy-service ``` -------------------------------- ### Searching OpenLDAP Replica for User Entry - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Demonstrates how to execute the `ldapsearch` command inside the second OpenLDAP container (`$LDAP2_CID`) to search for a user entry. It binds as the admin user, specifies the search base, and connects via its hostname, enabling TLS encryption, verifying if the user added to the first replica has been replicated. ```sh docker exec $LDAP2_CID ldapsearch -x -H ldap://ldap2.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin -ZZ ``` -------------------------------- ### Testing OpenLDAP Server with ldapsearch - Shell Source: https://github.com/osixia/docker-openldap/blob/master/README.md Executes the ldapsearch command inside the running Docker container ('my-openldap-container') to verify the OpenLDAP server is running and accessible. It performs a simple bind and a search for all objects under the base DN 'dc=example,dc=org' using the default admin credentials. ```sh docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin ``` -------------------------------- ### Adding User via ldapadd to OpenLDAP Container - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Shows how to execute the `ldapadd` command inside the first OpenLDAP container (`$LDAP_CID`) to add a new user entry using an LDIF file. It binds as the admin user and connects to the LDAP server via its hostname, enabling TLS encryption. ```sh docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/new-user.ldif -H ldap://ldap.example.org -ZZ ``` -------------------------------- ### Run Docker Container Using Docker Secrets for Passwords Source: https://github.com/osixia/docker-openldap/blob/master/README.md Explains how to use Docker secrets to pass sensitive information like passwords (`LDAP_ADMIN_PASSWORD`) by appending `_FILE` to the variable name and pointing it to the secret file path. ```Shell docker run \ --env LDAP_ORGANISATION="My company" \ --env LDAP_DOMAIN="my-company.com" \ --env LDAP_ADMIN_PASSWORD_FILE=/run/secrets/authentication_admin_pw \ --detach osixia/openldap:1.2.4 ``` -------------------------------- ### Configuring Custom TLS Certificates for OpenLDAP - Docker sh Source: https://github.com/osixia/docker-openldap/blob/master/README.md Illustrates running the OpenLDAP container with custom TLS certificates provided from the host machine. This involves mounting a directory containing the certificate files to `/container/service/slapd/assets/certs` inside the container and specifying the filenames using environment variables (`LDAP_TLS_CRT_FILENAME`, `LDAP_TLS_KEY_FILENAME`, `LDAP_TLS_CA_CRT_FILENAME`). ```sh docker run \ --hostname ldap.example.org \ --volume /path/to/certificates:/container/service/slapd/assets/certs \ --env LDAP_TLS_CRT_FILENAME=my-ldap.crt \ --env LDAP_TLS_KEY_FILENAME=my-ldap.key \ --env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \ --detach osixia/openldap:1.5.0 ``` -------------------------------- ### Adding Firewall Rules for LDAP Access on RHEL/CentOS - Shell Source: https://github.com/osixia/docker-openldap/blob/master/README.md Uses the firewall-cmd utility to permanently open ports 389 (LDAP) and 636 (LDAPS) on a RHEL/CentOS host. These rules are necessary to allow connections to the Docker container's exposed ports from other machines or containers on the same network. ```sh $ firewall-cmd --add-port=389/tcp --permanent $ firewall-cmd --add-port=636/tcp --permanent $ firewall-cmd --reload ``` -------------------------------- ### Restricting Self Write Access Control - LDIF Source: https://github.com/osixia/docker-openldap/blob/master/CHANGELOG.md This LDIF snippet shows an updated Access Control List (ACL) configuration line used to fix a security vulnerability. It restricts write permissions for the 'self' entry on all attributes ('*') to only read access, while granting write access specifically to the administrator DN and no access to others. ```LDIF olcAccess: to * by self read by dn="cn=admin,{{ LDAP_BASE_DN }}" write by * none ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.