Download the following Docker Compose configuration (from here, related comment)
docker-compose.yaml
version: '2'
services:
openldap:
image: osixia/openldap:1.5.0
container_name: openldap
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "Example Inc."
LDAP_DOMAIN: "example.org"
LDAP_BASE_DN: ""
LDAP_ADMIN_PASSWORD: "admin"
LDAP_CONFIG_PASSWORD: "config"
LDAP_READONLY_USER: "false"
#LDAP_READONLY_USER_USERNAME: "readonly"
#LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_RFC2307BIS_SCHEMA: "false"
LDAP_BACKEND: "mdb"
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "ldap.crt"
LDAP_TLS_KEY_FILENAME: "ldap.key"
LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_TLS_VERIFY_CLIENT: "demand"
LDAP_REPLICATION: "false"
#LDAP_REPLICATION_CONFIG_SYNCPROV: 'binddn="cn=admin,cn=config" bindmethod=simple credentials="$$LDAP_CONFIG_PASSWORD" searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical'
#LDAP_REPLICATION_DB_SYNCPROV: 'binddn="cn=admin,$$LDAP_BASE_DN" bindmethod=simple credentials="$$LDAP_ADMIN_PASSWORD" searchbase="$$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical'
#LDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
LDAP_SSL_HELPER_PREFIX: "ldap"
tty: true
stdin_open: true
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
# For replication to work correctly, domainname and hostname must be
# set correctly so that "hostname"."domainname" equates to the
# fully-qualified domain name for the host.
domainname: "example.org"
hostname: "ldap-server"
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "8083:80"
depends_on:
- openldapAnd start with:
docker compose -f openldap-compose.yaml up
Access LDAP from: http://localhost:8083/
Note: the port of phpLDAPadmin was changed to 8083 to avoid conflicts with Rancher.
Login into LDAP with the FULL dn:
cn=admin,dc=example,dc=org
admin
Create a new OU (Organizational Unit) called users in the top hierarchy.
In this OU create a new user with Create a child entry > Default
Container: ou=users,dc=example,dc=org
ObjectClass: inetOrgPerson
then
RDN: cn
cn: enrico
sn: enrico
Password: password
..
To create a group create a new OU (Organizational Unit) called groups in the top hierarchy.
In this OU create a new group with Create a child entry > Default
Container: ou=groups,dc=example,dc=org
ObjectClass: groupOfNames
then add the name and a user (or a OU) to it
RDN: cn
cn: dev1
member: cn=enrico,ou=users,dc=example,dc=org
Add the LDAP provider with these parameters:
Find the LDAP IP with:
docker inspect openldap | jq -r ".[].NetworkSettings.Networks[].IPAddress"
172.20.0.2
Then fill the fields:
Hostname/IP: 172.20.0.2
Service Account Distinguished Name: cn=admin,dc=example,dc=org
Service Account Password: admin
User Search Base: ou=users,dc=example,dc=org
and to Test the authentication you can use the created user:
enrico
password
If you want to setup the groups you will need to add these fields:
Groups Search Base: ou=groups,dc=example,dc=org
To perform manually some queries:
ldapsearch -x -H <hostname> -D <bind_DN (account)> -w <password> -b <search_base> [filters]
docker exec openldap ldapsearch -x -H ldap://localhost \
-D "cn=admin,dc=example,dc=org" -w admin \
-b "ou=users,dc=example,dc=org" \
"(&(objectClass=inetOrgPerson)(uid=enrico))"
docker exec openldap ldapsearch -x -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
More examples: https://devconnected.com/how-to-search-ldap-using-ldapsearch-examples/