ldap/README.md

76 lines
2.6 KiB
Markdown
Raw Normal View History

2020-05-11 00:49:29 +02:00
## ldap
ldap offers a LDAP server, which we mostly use for authentication of various
2017-09-09 17:54:45 +02:00
services.
Therefore, a lot of services have a direct (or indirect) dependency on this
image.
2019-05-15 18:28:41 +02:00
### Getting the image
This image is automatically build and pushed to the docker hub. Therefore
getting the image should be as easy as running
```
docker pull zombi/ldap
```
2017-09-09 17:54:45 +02:00
### Building slapd
2019-05-15 18:28:41 +02:00
It is also possible to manually build this image from this repository.
2017-09-09 17:54:45 +02:00
```
2019-04-18 20:59:51 +02:00
docker build -t zombi/ldap .
2017-09-09 17:54:45 +02:00
```
### Running slapd
2019-04-18 20:59:51 +02:00
Copy over example configuration
```bash
cp docker-compose.yml{.example,}
```
run the service
2017-09-09 17:54:45 +02:00
```
2019-04-18 20:59:51 +02:00
docker-compose up -d
2017-09-09 17:54:45 +02:00
```
2019-05-17 02:24:19 +02:00
#### Custom schema
every .ldif or .sh file will be evaluated on server startup, if it's placed
inside the '/docker-entrypoint-initdb.d/' directory. This allows you to
Specify custom behaviour of the LDAP Server.
By default the server will load the schema from the 'fixtures/' directory,
which will provide this features:
* MDB backend for better performance
* Indexing of most referenced attributes by default
* Base structure with People, Groups, Sevices, Domains and Policies.
* Simple but useful ACL rules, allowing users to change their own passwords.
* Password policy for strong cryptographic hashing of user passwords and password rotation.
* Referential integrity for e.g. group memberships.
* Support for core, cosine, nis, inetorgperson, ppolicy and misc schemas.
* Support for user-definable SSH public keys as attributes.
* enforcing of username and user ID uniqueness.
### Configuration
The LDAP server can be configured for your organization using the environment variables:
* `ROOTPW` password for the administration user that is created by default. Make this hard to guess!
* `ORGANIZATION` Name of the organization running this LDAP server.
* `SUFFIX` overwrites the root node for all entries. By default this will be 'o=organizationname', but for compatibility you might want to set this to 'dc=domain,dc=tld'.
* `DATADIR` is the path to the directory containing the LDAP DATA; by default this is '/var/lib/ldap/'.
* `CONFDIR` points to the path containing the server configuration, by default this is '/etc/ldap/slapd.d'.
2017-09-09 17:54:45 +02:00
### Backing up data
2019-05-15 18:28:41 +02:00
State stored in this container is essential to many other services, that
use authentication and authorization. Therefore you should think about
backing up the LDAP database in regular intervals.
2017-09-09 17:54:45 +02:00
2019-11-10 09:53:21 +01:00
```shell
# append database number, typically 0 for config and 1 for the main
# database.
$ docker exec -it ldap dump 0 > conf_dump.ldif
$ docker exec -it ldap dump 1 > data_dump.ldif
# .. or similary with docker-compose
$ docker-compose exec ldap dump 1 > data_dump.ldif
```