OpenLDAP Docker container for demo purposes.
Based on Bitnami Docker Image for OpenLDAP.
Occasionally I have a need to have LDAP server with groups and users. That’s why this image exists. No installations, no setup, just run and use.
-
Get Docker image:
podman pull kazhar/openldap-demo-
Run Docker image:
podman run -d -p 389:1389 -p 636:1636 --name openldap-demo kazhar/openldap-demo-
Login to server:
-
Base DN:
dc=sirius,dc=com -
Admin user:
cn=admin,dc=sirius,dc=com -
Password:
passw0rd
-
Or you can download/clone this repo and create and build your own OpenLDAP image.
-
Add group staff and some users.
podman run -it --rm -p 1389:1389 -p 1636:1636 --name openldap -e ADDITIONAL_LDAP_USERS_AND_GROUPS="staff:Ulysses Ser1, Uma Ser2, Uriel Ser3, Ulrich Ser4, Ursula Ser5, Upton Ser6, Uriah Ser7, Uliana Ser8, Ulma Ser9, Ulric Ser10" kazhar/openldap-demo-
Add your own organization, domain and create new self-signed certificates.
podman run -it --rm -p 1389:1389 -p 1636:1636 --name openldap -e LDAP_DOMAIN=wayne.net -e LDAP_ROOT="dc=wayne,dc=net" -e LDAP_ORGANIZATION="Wayne Machines" -e CREATE_CERTS=true kazhar/openldap-demo-
Add your own certificate
podman run -it --rm -p 1389:1389 -p 1636:1636 --name openldap -v /tmp_crt/ldap.crt:/certs/ldap.crt:z -v /tmp_crt/ldap.key:/certs/ldap.key:z -v /tmp/tmp_crt/ca.crt:/certs/ca.crt:z kazhar/openldap-demo| Name | Default Value | Description |
|---|---|---|
LDAP_DOMAIN |
sirius.com |
Domain used in certificate and user emails. |
LDAP_ROOT |
dc=sirius,dc=com |
Base DN. Must match domain. |
LDAP_ORGANIZATION |
Sirius Cybernetics Corporation |
Organization name/description. For example, company name. |
LDAP_ADMIN_PASSWORD |
passw0rd |
Administrator password. |
DEFAULT_USER_PASSWORD |
passw0rd |
Default user password. |
LDAP_USERS_AND_GROUPS |
admin:Kiara Doyle,Zac Fraser,Andre Shaw,Daniella Wells;research:Olivia Berry,Oscar Davis,Amelia Lawson,Jonah Stone;operations:Tom Foster,Cara Hawkins,Natalia Matthews,George Watts;marketing:Hilary Banks=hilary,Mallory Keaton=mkeaton,Ed Norton=pwd,Michael Scott=scott |
List of users and groups. |
ADDITIONAL_LDAP_USERS_AND_GROUPS |
Additional list of users and groups. Added after LDAP_USERS_AND_GROUPS. |
|
CREATE_CERTS |
Set to |
|
SANS |
Space separated list of hostnames, added to self-signed certificate. |
|
IP_SANS |
Space separated list of IP addresses, added to self-signed certificate. |
See also Dockerfile for more environment variables.
Some applications ask for LDAP connection and filters. If using the default OpenLDAP demo image, here are the settings and filters that should work.
| Setting | Value |
|---|---|
URL |
|
Base DN |
|
Bind DN, admin or domain search user |
|
Admin password |
|
User filter |
|
Group filter |
|
Group membership search filter |
|
Group member ID map |
|
User ID map |
|
Group ID map |
|
User search base |
|
User search field |
|
Group search base |
|
Group search field |
|
First name |
|
Last name |
|
|
|
Group membership (within inetorgPerson) |
|
Group member field (within groupOfUniqueNames) |
|
Groups and users are specified in environment variable LDAP_USERS_AND_GROUPS.
The format of the environment variable is:
<groupname>:<firstname> <lastname>[=<password>],<firstname> <lastname>[=<password>];<groupname>:<firstname> <lastname>[=<password>],<firstname> <lastname>[=<password>]For example, this is the default value:
admin:Kiara Doyle,Zac Fraser,Andre Shaw,Daniella Wells;research:Olivia Berry,Oscar Davis,Amelia Lawson,Jonah Stone;operations:Tom Foster,Cara Hawkins,Natalia Matthews,George Watts;marketing:Hilary Banks=hilary,Mallory Keaton=mkeaton,Ed Norton=pwd,Michael Scott=scottOne group is:
-
cn=admin,ou=groups,dc=sirius,dc=com
And one user in that group is :
-
uid=kdoyle,ou=users,dc=sirius,dc=com
The default password for users is set by DEFAULT_USER_PASSWORD environment variable.
| Name | UID | Default password |
|---|---|---|
Kiara Doyle |
|
|
Zac Fraser |
|
|
Andre Shaw |
|
|
Daniella Wells |
|
|
| Name | UID | Default password |
|---|---|---|
Olivia Berry |
|
|
Oscar Davis |
|
|
Amelia Lawson |
|
|
Jonah Stone |
|
|
| Name | UID | Default password |
|---|---|---|
Tom Foster |
|
|
Cara Hawkins |
|
|
Natalia Matthews |
|
|
George Watts |
|
|
In order to create your own OpenLDAP image with custom domain and users, edit Dockerfile and then build a new OpenLDAP image.
-
Edit Dockerfile.
-
Build image:
podman build -t my-openldap .-
Start:
podman run -it --rm -p 389:1389 -p 636:1636 --name my-openldap my-openldapCertificate is created when image is built, using My CA.
SANs in the certificate are:
DNS: openldap.<domain in LDAP_DOMAIN environment variable>
DNS: localhost
IP: 127.0.0.1When starting the container, set -e CREATE_CERTS=true to create fresh self-signed certificates.
If you have existing certificates (for example, Let’s Encrypt certs), add them as volumes when starting the container:
podman run -it --rm -p 389:1389 -p 636:1636 --name openldap-demo -v /my-certs/privkey1.pem:/certs/ldap.key:z -v /my-certs/cert1.pem:/certs/ldap.crt:z -v /my-certs/ca.crt:/certs/ca.crt:z kazhar/openldap-demo-
-v option maps file to file.
scripts-directory includes some scripts that can be used to search LDAP by userid, last name, package files for offline distribution and others.
-
Install openldap-demo to OpenShift:
sh ocp-openldap-demo.sh install <namespace>-
Uninstall openldap-demo from OpenShift:
sh ocp-openldap-demo.sh uninstall <namespace>-
See ocp-openldap-demo.sh for details.
-
OpenLDAP is accessible within the cluster.
-
For example:
-
ldap://openldap-demo.<namespace>.svc.cluster.local:389 -
ldaps://openldap-demo.<namespace>.svc.cluster.local:636
-