Initial version

2024-11-14 12:12:41 +00:00 · 2015-02-18 16:23:34 +01:00 · 2015-02-18 16:23:34 +01:00 · befe7c5b26
commit befe7c5b26
4 changed files with 158 additions and 0 deletions
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+FROM debian:wheezy
+
+MAINTAINER Christian Luginbühl <dinke@pimprecords.com>
+
+ENV OPENLDAP_VERSION 2.4.31
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        slapd=${OPENLDAP_VERSION}* \
+        ldap-utils=${OPENLDAP_VERSION}* && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+EXPOSE 389
+
+VOLUME ["/var/lib/ldap"]
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+CMD ["slapd", "-d", "32768"]
--- a/21
+++ b/21
@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015, Christian Luginbühl
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,65 @@
+docker-openldap
+===============
+
+A Docker image running OpenLDAP on Debian stable ("wheezy" at the moment). The
+Dockerfile is inspired by the well written one from
+[cnry/openldap](https://registry.hub.docker.com/u/cnry/openldap/), but as said
+before, running a stable Debian and be a little less verbose, but more complete
+in the configuration.
+
+NOTE: On purpose, there is no secured channel (TLS/SSL), because I believe that
+this service should never be exposed to the internet, but only be used directly
+by Docker containers using the `--link` option.
+
+Usage
+-----
+
+The most simple form would be to start the application like so (however this is
+not the recommended way - see above):
+
+    docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org dinkel/openldap
+
+To get the full potential this image offers, one should first create a data-only
+container (see "Data persistence" below), start the OpenLDAP daemon as follows:
+
+    docker run -d -name openldap --volumes-from your-data-container dinkel/openldap
+
+An application talking to OpenLDAP should then `--link` the container:
+
+    docker run -d --link openldap:openldap image-using-openldap
+
+The name after the colon in the `--link` section is the hostname where the
+OpenLDAP daemon is listening to (the port is the default port `389`).
+
+Configuration (environment variables)
+-------------------------------------
+
+For the first run one has to set at least two envrironment variables. The first
+
+    SLAPD_PASSWORD
+
+sets the password for the `admin` user.
+
+The second
+
+    SLAPD_DOMAIN
+
+sets the DC (Domain component) parts. E.g. if one sets it to `ldap.example.org`,
+the generated base DC parts would be `...,dc=ldap,dc=example,dc=org`.
+
+There is an optinal third variable
+
+    SLAPD_ORGANIZATION (defaults to $SLAPD_DOMAIN)
+
+that represents the human readable company name (e.g. `Example Inc.`).
+
+After the first start of the image (and the initial configuration), these
+envirnonment variables are not evaluated anymore.
+
+Data persistence
+----------------
+
+The image exposes the directory, where the data is written
+(`VOLUME ["/var/lib/ldap"`). Please make sure that
+these directories are saved (in a data-only container or alike) in order to make
+sure that everything is restored after a new restart of the application.
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+
+chown -R openldap:openldap /var/lib/ldap/
+
+if [[ ! -f /etc/ldap/docker-configured ]]; then
+    if [[ -z "$SLAPD_PASSWORD" ]]; then
+        echo >&2 "Error: slapd not configured and SLAPD_PASSWORD not set"
+        echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
+        exit 1
+    fi
+
+    if [[ -z "$SLAPD_DOMAIN" ]]; then
+        echo >&2 "Error: slapd not configured and SLAPD_DOMAIN not set"
+        echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
+        exit 1
+    fi
+
+    SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}"
+
+    cat <<-EOF | debconf-set-selections
+        slapd slapd/no_configuration boolean false
+        slapd slapd/password1 password $SLAPD_PASSWORD
+        slapd slapd/password2 password $SLAPD_PASSWORD
+        slapd shared/organization string $SLAPD_ORGANIZATION
+        slapd slapd/domain string $SLAPD_DOMAIN
+        slapd slapd/backend select hdb
+        slapd slapd/allow_ldap_v2 boolean false
+        slapd slapd/purge_database boolean false
+        slapd slapd/move_old_database boolean true
+EOF
+
+    dpkg-reconfigure -fnoninteractive slapd >/dev/null 2>&1
+
+    dc_string=""
+
+    IFS="."; declare -a dc_parts=($SLAPD_DOMAIN)
+
+    for dc_part in "${dc_parts[@]}"; do
+        dc_string="$dc_string,dc=$dc_part"
+    done
+
+    base_string="BASE ${dc_string:1}"
+
+    sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
+
+    touch /etc/ldap/docker-configured
+fi
+
+exec "$@"