openldap/README.md

docker-openldap
===============

A Docker image running OpenLDAP on Debian stable ("wheezy" at the moment). The
Dockerfile is inspired by the well written one from
[cnry/openldap](https://registry.hub.docker.com/u/cnry/openldap/), but as said
before, running a stable Debian and be a little less verbose, but more complete
in the configuration.

NOTE: On purpose, there is no secured channel (TLS/SSL), because I believe that
this service should never be exposed to the internet, but only be used directly
by Docker containers using the `--link` option.

Usage
-----

The most simple form would be to start the application like so (however this is
not the recommended way - see above):

    docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org dinkel/openldap

To get the full potential this image offers, one should first create a data-only
container (see "Data persistence" below), start the OpenLDAP daemon as follows:

    docker run -d -name openldap --volumes-from your-data-container dinkel/openldap

An application talking to OpenLDAP should then `--link` the container:

    docker run -d --link openldap:openldap image-using-openldap

The name after the colon in the `--link` section is the hostname where the
OpenLDAP daemon is listening to (the port is the default port `389`).

Configuration (environment variables)
-------------------------------------

For the first run one has to set at least two envrironment variables. The first

    SLAPD_PASSWORD

sets the password for the `admin` user.

The second

    SLAPD_DOMAIN

sets the DC (Domain component) parts. E.g. if one sets it to `ldap.example.org`,
the generated base DC parts would be `...,dc=ldap,dc=example,dc=org`.

There is an optinal third variable

    SLAPD_ORGANIZATION (defaults to $SLAPD_DOMAIN)

that represents the human readable company name (e.g. `Example Inc.`).

After the first start of the image (and the initial configuration), these
envirnonment variables are not evaluated anymore.

Data persistence
----------------

The image exposes the directory, where the data is written
(`VOLUME ["/var/lib/ldap"`). Please make sure that
these directories are saved (in a data-only container or alike) in order to make
sure that everything is restored after a new restart of the application.
Initial version 2015-02-18 15:23:34 +00:00			`docker-openldap`
			`===============`

			`A Docker image running OpenLDAP on Debian stable ("wheezy" at the moment). The`
			`Dockerfile is inspired by the well written one from`
			`[cnry/openldap](https://registry.hub.docker.com/u/cnry/openldap/), but as said`
			`before, running a stable Debian and be a little less verbose, but more complete`
			`in the configuration.`

			`NOTE: On purpose, there is no secured channel (TLS/SSL), because I believe that`
			`this service should never be exposed to the internet, but only be used directly`
			by Docker containers using the `--link` option.

			`Usage`
			`-----`

			`The most simple form would be to start the application like so (however this is`
			`not the recommended way - see above):`

			`docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org dinkel/openldap`

			`To get the full potential this image offers, one should first create a data-only`
			`container (see "Data persistence" below), start the OpenLDAP daemon as follows:`

			`docker run -d -name openldap --volumes-from your-data-container dinkel/openldap`

			An application talking to OpenLDAP should then `--link` the container:

			`docker run -d --link openldap:openldap image-using-openldap`

			The name after the colon in the `--link` section is the hostname where the
			OpenLDAP daemon is listening to (the port is the default port `389`).

			`Configuration (environment variables)`
			`-------------------------------------`

			`For the first run one has to set at least two envrironment variables. The first`

			`SLAPD_PASSWORD`

			sets the password for the `admin` user.

			`The second`

			`SLAPD_DOMAIN`

			sets the DC (Domain component) parts. E.g. if one sets it to `ldap.example.org`,
			the generated base DC parts would be `...,dc=ldap,dc=example,dc=org`.

			`There is an optinal third variable`

			`SLAPD_ORGANIZATION (defaults to $SLAPD_DOMAIN)`

			that represents the human readable company name (e.g. `Example Inc.`).

			`After the first start of the image (and the initial configuration), these`
			`envirnonment variables are not evaluated anymore.`

			`Data persistence`
			`----------------`

			`The image exposes the directory, where the data is written`
			(`VOLUME ["/var/lib/ldap"`). Please make sure that
			`these directories are saved (in a data-only container or alike) in order to make`
			`sure that everything is restored after a new restart of the application.`