Skip to content

Instantly share code, notes, and snippets.

@mark-church

mark-church/setup-ldap.md

Last active October 9, 2017 19:57
Show Gist options
  • Save mark-church/9d5b9cad9dec648294e9e529b1d5e09f to your computer and use it in GitHub Desktop.
Save mark-church/9d5b9cad9dec648294e9e529b1d5e09f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup-ldap.md

Clone repo for the lab setup

root@node1:/# git clone https://github.com/mark-church/docker-access-control.git
Cloning into 'docker-access-control'...
remote: Counting objects: 20, done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 20 (delta 4), reused 20 (delta 4), pack-reused 0
Unpacking objects: 100% (20/20), done.
Checking connectivity... done.

Deploying the ldap server

root@node1:/# docker run --name orcabank-ldap -p 389:389 -p 636:636 --detach -v /docker-access-control:/ldap osixia/openldap:1.1.9
8676f429dd7a62581120bbac0e39f5e941aeb2d3be14643a0cb3b4ee41e3c65f

Displaying the ldif file that I placed in the container

root@node1:/# docker exec orcabank-ldap sh -c "cat /ldap/orcabank.ldif"
## ORGS
dn: dc=orcabank,dc=com
objectclass: top
objectclass: organization
objectClass: dcObject
o: orcabank
dc: orcabank
description: Serving the Cetacian community since 1963

## TEAMS
dn: ou=mobile,dc=orcabank,dc=com
objectClass: organizationalUnit
ou: mobile

dn: ou=payments,dc=orcabank,dc=com
objectClass: organizationalUnit
ou: payments


dn: ou=mobile,dc=example,dc=org
objectClass: organizationalUnit
ou: mobile

dn: ou=payments,dc=example,dc=org
objectClass: organizationalUnit
ou: payments


## USERS
dn: uid=sri,ou=payments,dc=example,dc=org
uid: sri
cn: sri
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
userPassword: docker123
mail: [email protected]

dn: uid=charlie,ou=mobile,dc=example,dc=org
uid: charlie
cn: charlie
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
userPassword: docker123
mail: [email protected]

dn: uid=alex,ou=mobile,dc=orcabank,dc=com
uid: alex
cn: alex
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
userPassword: docker123
mail: [email protected]



dn: cn=adminorca,cn=orcabank,cn=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: adminorca
description: LDAP administrator
userPassword:: docker123


dn: uid=billy,dc=example,dc=org
uid: billy
cn: billy
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: docker123
mail: [email protected]
gecos: Billy User


dn: uid=markus,dc=example,dc=org
uid: markus
cn: markus
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: docker123
mail: [email protected]
gecos: Billy User

dn: uid=user2,dc=orcabank,dc=com
uid: user2
cn: user2
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: docker123
mail: [email protected]
gecos: Billy User

Adding users from the ldif file in to LDAP (got this example from the GH page)

  • Why isn't the orcabank organization being added here? Why is it failing?

  • Is there an easier way of starting with a group of users than manually adding them like this?

root@node1:/# docker exec orcabank-ldap ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /ldap/orcabank.ldif -h localhost -ZZc

ldap_add: Server is unwilling to perform (53)
	additional info: no global superior knowledge
ldap_add: Server is unwilling to perform (53)
	additional info: no global superior knowledge
ldap_add: Server is unwilling to perform (53)
	additional info: no global superior knowledge
ldap_add: Object class violation (65)
	additional info: object class 'posixAccount' requires attribute 'uidNumber'
ldap_add: Object class violation (65)
	additional info: object class 'posixAccount' requires attribute 'uidNumber'
ldap_add: Server is unwilling to perform (53)
	additional info: no global superior knowledge
ldapadd: invalid format (line 65) entry: "cn=adminorca,cn=orcabank,cn=com"
adding new entry "dc=orcabank,dc=com"

adding new entry "ou=mobile,dc=orcabank,dc=com"

adding new entry "ou=payments,dc=orcabank,dc=com"

adding new entry "ou=mobile,dc=example,dc=org"

adding new entry "ou=payments,dc=example,dc=org"

adding new entry "uid=sri,ou=payments,dc=example,dc=org"

adding new entry "uid=charlie,ou=mobile,dc=example,dc=org"

adding new entry "uid=alex,ou=mobile,dc=orcabank,dc=com"

adding new entry "uid=billy,dc=example,dc=org"

adding new entry "uid=markus,dc=example,dc=org"

adding new entry "uid=user2,dc=orcabank,dc=com"

ldap_add: Server is unwilling to perform (53)
	additional info: no global superior knowledge

Searching the dc=example,dc=org scope

root@node1:/# docker exec orcabank-ldap ldapsearch -x -h localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example

# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9SXkrUlp1cDA2ZVNlZXdRbndnMEZGeWVkdmg2Mkp0TzI=

# mobile, example.org
dn: ou=mobile,dc=example,dc=org
objectClass: organizationalUnit
ou: mobile

# payments, example.org
dn: ou=payments,dc=example,dc=org
objectClass: organizationalUnit
ou: payments

# billy, example.org
dn: uid=billy,dc=example,dc=org
uid: billy
cn: billy
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword:: ZG9ja2VyMTIz
mail: [email protected]
gecos: Billy User

# markus, example.org
dn: uid=markus,dc=example,dc=org
uid: markus
cn: markus
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword:: ZG9ja2VyMTIz
mail: [email protected]
gecos: Billy User

# search result
search: 2
result: 0 Success

# numResponses: 7
# numEntries: 6

In searching the dc=orcabank,dc=com scope nothing comes up?

  • Why is that?

  • The output above showed that adding new entry "ou=mobile,dc=orcabank,dc=com" was successful so why is nothing from this search scope coming up?

root@node1:/# docker exec orcabank-ldap ldapsearch -x -h localhost -b dc=orcabank,dc=com -D "cn=admin,dc=example,dc=org" -w admin
# extended LDIF
#
# LDAPv3
# base <dc=orcabank,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
@anokun7
Copy link

anokun7 commented Oct 9, 2017
edited
Loading 

[ec2-user@ip-10-1-1-26 ~]$ docker run --name ds -p 389:389 -p 636:636 --detach -v /docker-access-control:/ldap osixia/openldap:1.1.9
dbdc50769247562a6f681b988a7c512236fd40f8cacaf16d82b9498d6dc49f76
[ec2-user@ip-10-1-1-26 ~]$ docker cp a.ldif ds:/a.ldif
[ec2-user@ip-10-1-1-26 ~]$ docker exec ds ldapadd -h 0.0.0.0 -D cn=admin,dc=example,dc=org -w admin -f /a.ldif
adding new entry "dc=orcabank,dc=example,dc=org"

adding new entry "ou=mobile,dc=orcabank,dc=example,dc=org"

adding new entry "ou=payments,dc=orcabank,dc=example,dc=org"

adding new entry "ou=mobile,dc=example,dc=org"

adding new entry "ou=payments,dc=example,dc=org"

adding new entry "uid=sri,ou=payments,dc=example,dc=org"

adding new entry "uid=charlie,ou=mobile,dc=example,dc=org"

adding new entry "uid=alex,ou=mobile,dc=orcabank,dc=example,dc=org"

[ec2-user@ip-10-1-1-26 ~]$
[ec2-user@ip-10-1-1-26 ~]$ cat a.ldif
## ORGS
dn: dc=orcabank,dc=example,dc=org
objectclass: top
objectclass: organization
objectClass: dcObject
o: orcabank
dc: orcabank
description: Serving the Cetacian community since 1963

## TEAMS
dn: ou=mobile,dc=orcabank,dc=example,dc=org
objectClass: organizationalUnit
ou: mobile

dn: ou=payments,dc=orcabank,dc=example,dc=org
objectClass: organizationalUnit
ou: payments


dn: ou=mobile,dc=example,dc=org
objectClass: organizationalUnit
ou: mobile

dn: ou=payments,dc=example,dc=org
objectClass: organizationalUnit
ou: payments


## USERS
dn: uid=sri,ou=payments,dc=example,dc=org
uid: sri
cn: sri
sn: sri
objectClass: top
objectClass: inetOrgPerson
userPassword: docker123
mail: [email protected]

dn: uid=charlie,ou=mobile,dc=example,dc=org
uid: charlie
cn: charlie
sn: charlie
objectClass: inetOrgPerson
objectClass: top
userPassword: docker123
mail: [email protected]

dn: uid=alex,ou=mobile,dc=orcabank,dc=example,dc=org
uid: alex
sn: alex
cn: alex
objectClass: inetOrgPerson
objectClass: top
userPassword: docker123
mail: [email protected]



dn: uid=adminorca,dc=orcabank,dc=example,dc=org
objectClass: simpleSecurityObject
uid: adminorca
sn: adminorca
cn: adminorca
objectClass: inetOrgPerson
objectClass: top
description: LDAP administrator
userPassword: docker123


dn: uid=billy,dc=example,dc=org
uid: billy
sn: billy
cn: billy
objectClass: inetOrgPerson
objectClass: top
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: docker123
mail: [email protected]
gecos: Billy User


dn: uid=markus,dc=example,dc=org
uid: markus
sn: markus
cn: markus
objectClass: inetOrgPerson
objectClass: top
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: docker123
mail: [email protected]
gecos: Billy User

dn: uid=user2,dc=orcabank,dc=example,dc=org
uid: user2
sn: user2
cn: user2
objectClass: inetOrgPerson
objectClass: top
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: docker123
mail: [email protected]
gecos: Billy User
[ec2-user@ip-10-1-1-26 ~]$

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment