Skip to content

Instantly share code, notes, and snippets.

@thomasdarimont
Created January 25, 2019 17:52
Show Gist options
  • Save thomasdarimont/d22a616a74b45964106461efb948df9c to your computer and use it in GitHub Desktop.
Save thomasdarimont/d22a616a74b45964106461efb948df9c to your computer and use it in GitHub Desktop.
Docker OpenLDAP + phpldapadmin example

Start

docker-compose up -d

Query

 docker exec openldap ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
version: '2'
services:
openldap:
image: osixia/openldap:1.2.3
container_name: openldap
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "Example Inc."
LDAP_DOMAIN: "example.org"
LDAP_BASE_DN: ""
LDAP_ADMIN_PASSWORD: "admin"
LDAP_CONFIG_PASSWORD: "config"
LDAP_READONLY_USER: "false"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_RFC2307BIS_SCHEMA: "false"
LDAP_BACKEND: "mdb"
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "ldap.crt"
LDAP_TLS_KEY_FILENAME: "ldap.key"
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_TLS_PROTOCOL_MIN: "3.1"
LDAP_TLS_VERIFY_CLIENT: "demand"
LDAP_REPLICATION: "false"
#LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
#LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
#docker-compose.ymlLDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
LDAP_SSL_HELPER_PREFIX: "ldap"
tty: true
stdin_open: true
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
domainname: "example.org" # important: same as hostname
hostname: "example.org"
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "8080:80"
depends_on:
- openldap
@Mohan-CB
Copy link

very niche 👍

@societyblind
Copy link

societyblind commented Jan 14, 2020

hostname: "example.org" | line causes container setup to fail with "slapd failed with status 1".
ubuntu 19.04, docker-ce 5:19.03.33-0ubuntu-disco , docker-compose 1.21.03

@societyblind
Copy link

hostname: "example.org" | line causes container setup to fail with "slapd failed with status 1".
ubuntu 19.04, docker-ce 5:19.03.33-0ubuntu-disco , docker-compose 1.21.03

I eventually got it working by moving the hostname and domainname values to the top of the config and not having them as the same value as in the comment in the original yaml posted above. I'm still not sure why this was an issue:

version: '2'
services:
  openldap:
    image: osixia/openldap:latest
    container_name: openldap
    domainname: "example.org"
    hostname: "openldap"
    environment:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: "Example Inc."
      LDAP_DOMAIN: "example.org"
      LDAP_BASE_DN: "dc=example,dc=org"
      LDAP_ADMIN_PASSWORD: "admin"
      LDAP_CONFIG_PASSWORD: "config"
      LDAP_READONLY_USER: "false"
      LDAP_READONLY_USER_USERNAME: "readonly"
      LDAP_READONLY_USER_PASSWORD: "readonly"
      LDAP_RFC2307BIS_SCHEMA: "false"
      LDAP_BACKEND: "mdb"
      LDAP_TLS: "true"
      LDAP_TLS_CRT_FILENAME: "ldap.crt"
      LDAP_TLS_KEY_FILENAME: "ldap.key"
      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
      LDAP_TLS_ENFORCE: "false"
      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
      LDAP_TLS_PROTOCOL_MIN: "3.1"
      LDAP_TLS_VERIFY_CLIENT: "demand"
      LDAP_REPLICATION: "false"
      #LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
      #LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
      #docker-compose.ymlLDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
      KEEP_EXISTING_CONFIG: "false"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
      LDAP_SSL_HELPER_PREFIX: "ldap"
    tty: true
    stdin_open: true
    volumes:
      - /var/lib/ldap
      - /etc/ldap/slapd.d
      - /container/service/slapd/assets/certs/
    ports:
      - "389:389"
      - "636:636"
  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
      PHPLDAPADMIN_HTTPS: "false"
    ports:
      - "8080:80"
    depends_on:
      - openldap

Note: this does not properly set the fqdn of the openldap container. Curiously - if you add values for the hostname and domainname under container_name of the phpldapamin container config it does properly set the fqdn of that container.

@parsifalzgz
Copy link

the website works but I cannot log in the ldapadmin website.
Using "example.com:8080" and
Login:cn=admin,dc=example,dc=org

Password:"admin"

Any idea?

@shamal
Copy link

shamal commented Feb 13, 2020

the website works but I cannot log in the ldapadmin website.
Using "example.com:8080" and
Login:cn=admin,dc=example,dc=org

Password:"admin"

Any idea?

Yes. This is the format.

@abc007xyz
Copy link

Hello,
Can you help me ?
When I use launch the page localhost:8080 in firefox , I have the message:
Forbidden
You don't have permission to access this resource.
Thanks in advance.

@nthung82
Copy link

nthung82 commented May 2, 2020

docker run --name ldap-service --hostname ldap-service --detach osixia/openldap:1.1.8
docker run --name phpldapadmin-service --hostname phpldapadmin-service -p 6443:443 --link ldap-service:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.9.0

Login:

Username: "cn=admin,dc=example,dc=org"
Password: "admin"

@samusinho
Copy link

hi.
I'm trying to login with

Username: cn=admin,dc=example,dc=org
Password: admin

ldaplogin

but, ldap always show "user or passwor incorrect".

thanks for ur help

Copy link

ghost commented May 22, 2020

The osixia/openldap repo comes with a sample docker-compose.yml file
https://github.com/osixia/docker-openldap/blob/stable/example/docker-compose.yml

@stwaidele
Copy link

I also had the login–issue. Root cause was that the openldap–container failed and stopped immediately, throwing error messages that led to some really old bugreports.

The issue was resolved when I changed the line
image: osixia/openldap:1.2.3
to
image: osixia/openldap:latest

I'd suggest to change the example accordingly.

@AndreVirtimo
Copy link

The osixia/openldap repo comes with a sample docker-compose.yml file
https://github.com/osixia/docker-openldap/blob/stable/example/docker-compose.yml

Thank you for the information. There is no stable branch. So the current example is here:
https://github.com/osixia/docker-openldap/blob/master/example/docker-compose.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment