Improve documentation
This commit is contained in:
parent
475b4ad0f7
commit
70c8d70469
1 changed files with 26 additions and 0 deletions
26
README.md
26
README.md
|
@ -33,6 +33,32 @@ run the service
|
|||
docker-compose up -d
|
||||
```
|
||||
|
||||
#### Custom schema
|
||||
every .ldif or .sh file will be evaluated on server startup, if it's placed
|
||||
inside the '/docker-entrypoint-initdb.d/' directory. This allows you to
|
||||
Specify custom behaviour of the LDAP Server.
|
||||
|
||||
By default the server will load the schema from the 'fixtures/' directory,
|
||||
which will provide this features:
|
||||
|
||||
* MDB backend for better performance
|
||||
* Indexing of most referenced attributes by default
|
||||
* Base structure with People, Groups, Sevices, Domains and Policies.
|
||||
* Simple but useful ACL rules, allowing users to change their own passwords.
|
||||
* Password policy for strong cryptographic hashing of user passwords and password rotation.
|
||||
* Referential integrity for e.g. group memberships.
|
||||
* Support for core, cosine, nis, inetorgperson, ppolicy and misc schemas.
|
||||
* Support for user-definable SSH public keys as attributes.
|
||||
* enforcing of username and user ID uniqueness.
|
||||
|
||||
### Configuration
|
||||
The LDAP server can be configured for your organization using the environment variables:
|
||||
* `ROOTPW` password for the administration user that is created by default. Make this hard to guess!
|
||||
* `ORGANIZATION` Name of the organization running this LDAP server.
|
||||
* `SUFFIX` overwrites the root node for all entries. By default this will be 'o=organizationname', but for compatibility you might want to set this to 'dc=domain,dc=tld'.
|
||||
* `DATADIR` is the path to the directory containing the LDAP DATA; by default this is '/var/lib/ldap/'.
|
||||
* `CONFDIR` points to the path containing the server configuration, by default this is '/etc/ldap/slapd.d'.
|
||||
|
||||
### Backing up data
|
||||
State stored in this container is essential to many other services, that
|
||||
use authentication and authorization. Therefore you should think about
|
||||
|
|
Loading…
Reference in a new issue