/docker-fusiondirectory

FusionDirectory LDAP Manager w/S6 Init, Zabbix Monitoring, Nginx, PHP7 based on Alpine

Primary LanguageDockerfileMIT LicenseMIT

tiredofit/fusiondirectory

Build Status Docker Pulls Docker Stars Docker Layers

Introduction

This will build a container for Fusion Directory a Directory Manager frontend for LDAP.

  • This Container uses a customized Alpine Linux base which includes s6 overlay enabled for PID 1 Init capabilities, zabbix-agent for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier management. It also supports sending to external SMTP servers

Additional Components Inside are Nginx, PHP7.3 w/ APC, OPCache, LDAP extensions and Openldap clients.

Changelog

Authors

Table of Contents

Prerequisites

You must have use the accompanying openldap-fusiondirectory image with matching version number for the correct schema to operate!

Installation

Automated builds of the image are available on Docker Hub and is the recommended method of installation.

docker pull tiredofit/fusiondirectory

Quick Start

Make sure you have installed the appropriate schemas on the LDAP Server.

Configuration

Persistent Storage

If you would like to add custom HTML such as themes into Fusiondirectory map your folder that follows the /www/fusiondirectory/html structure into /assets/fusiondirectory and the script will overwrite upon bootup.

If you have custom plugins, map a folder to /assets/plugins-custom/ and they will be automatically added to the container upon startup.

Environment Variables

Along with the Environment Variables from the Base image, the Nginx and the Nginx+PHP-FPM Engine below is the complete list of available options that can be used to customize your installation.

You can connect to multiple LDAP servers by setting the following environment variables. Simply Add as many LDAP(x) Variables for the amount of servers you wish to manage.

Parameter Description
LDAP1_NAME The instance Name e.g. production
LDAP1_HOST Hostname with the openldap-fusiondirectory service running e.g. openldap-fusiondirectory
LDAP1_TLS (optional) Use TLS TRUE or FALSE - Default false
LDAP1_PORT (optional) Port number - Default 389 unless TLS=TRUE 636
LDAP1_ADMIN_PASS cn=admin,dc=example,dc=org Password e.g. password
LDAP1_ADMIN_DN The Primary DN to Manage e.g. cn=admin,dc=example,dc=org
LDAP1_BASE_DN The Primary Base DN to Manage e.g. dc=example,dc=org
LDAP2_NAME The Instance Name (e.g. development)
LDAP2_HOST The Second Domain Hostname with the openldap-fusiondirectory service running (e.g. openldap-fusiondirectory)
LDAP2_TLS (optional) Use TLS TRUE or FALSE - Default false
LDAP2_PORT (optional) Port number - Default 389 unless TLS=TRUE 636
LDAP2_ADMIN_PASS cn=admin,dc=example,dc=org Password e.g. password
LDAP2_ADMIN_DN The second Admin DN e.g. cn=admin,dc=example,dc=org
LDAP2_BASE_DN The second BASE DN e.g. dc=example,dc=org
LDAP_DEFAULT The Default Instance to show on Login Page e.g. production - Default LDAP1_NAME

Plugins

Enable various plugins. Please see the FusionDirectory Site for configuration options. Depending on the Plugin enabled, various dependent plugins will automatically be installed. **Note you must have the schema's installed on the LDAP server otherwise you will face errors!

Parameter Description
ENABLE_ARGONAUT Enable Argonaut Server - Default: FALSE
ENABLE_AUDIT_LOG_CLEANUP Enable scheduled Audit Log Cleanups - Default TRUE if plugin enabled
ENABLE_USER_REMINDER Enable scheduled User Reminder emails - Default TRUE if plugin enabled
AUDIT_LOG_CLEANUP_CRON_EXP Cron expression for when to run Audit log cleanup - Default 0 0 * * *
USER_REMINDER_CLEANUP_CRON_EXP Cron expression for when to send user reminder emails log cleanup - Default 0 0 * * *
PLUGIN_ALIAS Mail Aliases - Default: FALSE
PLUGIN_APPLICATIONS Applications - Default: FALSE
PLUGIN_ARGONAUT Argonaut - Default: FALSE
PLUGIN_AUDIT Audit Trail - Default: FALSE
PLUGIN_AUTOFS AutoFS - Default: FALSE
PLUGIN_CERTIFICATES Manage Certificates - Default: FALSE
PLUGIN_COMMUNITY Community Plugin - Default: FALSE
PLUGIN_CYRUS Cyrus IMAP - Default: FALSE
PLUGIN_DEBCONF Argonaut Debconf - Default: FALSE
PLUGIN_DEVELOPERS Developers Plugin - Default: FALSE
PLUGIN_DHCP Manage DHCP - Default: FALSE
PLUGIN_DNS Manage DNS - Default: FALSE
PLUGIN_DOVECOT Dovecot IMAP - Default: FALSE
PLUGIN_DSA System Accounts - Default: FALSE
PLUGIN_EJBCA Unknown - Default: FALSE
PLUGIN_FAI Unknown - Default: FALSE
PLUGIN_FREERADIUS FreeRadius Management - Default: FALSE
PLUGIN_FUSIONINVENTORY Inventory Plugin - Default: FALSE
PLUGIN_GPG Manage GPG Keys - Default: FALSE
PLUGIN_IPMI IPMI Management - Default: FALSE
PLUGIN_LDAPDUMP LDAP Attribute Export - Default: FALSE
PLUGIN_LDAPMANAGER Import/Export CSV/LDIF - Default: FALSE
PLUGIN_MAIL Mail Attributes - Default: FALSE
PLUGIN_MIXEDGROUPS Unix/LDAP Groups - Default: FALSE
PLUGIN_NAGIOS Nagios Monitoring - Default: FALSE
PLUGIN_NETGROUPS NIS - Default: FALSE
PLUGIN_NEWSLETTER Manage Newsletters - Default: FALSE
PLUGIN_OPSI Inventory - Default: FALSE
PLUGIN_PERSONAL Personal Details - Default: FALSE
PLUGIN_POSIX Posix Groups - Default: FALSE
PLUGIN_POSTFIX Postfix SMTP - Default: FALSE
PLUGIN_PPOLICY Password Policy - Default: FALSE
PLUGIN_PUPPET Puppet CI - Default: FALSE
PLUGIN_PUREFTPD FTP Server - Default: FALSE
PLUGIN_QUOTA Manage Quotas - Default: FALSE
PLUGIN_RENATER_PARTAGE Unknown - Default: FALSE
PLUGIN_REPOSITORY Argonaut Deployment Registry - Default: FALSE
PLUGIN_SAMBA File Sharing - Default: FALSE
PLUGIN_SOGO Groupware - Default: FALSE
PLUGIN_SPAMASSASSIN Anti Spam - Default: FALSE
PLUGIN_SQUID Proxy - Default: FALSE
PLUGIN_SSH Manage SSH Keys - Default: FALSE
PLUGIN_SUBCONTRACTING Unknown - Default: FALSE
PLUGIN_SUDO Manage SUDO on Hosts - Default: FALSE
PLUGIN_SUPANN SUPANN - Default: FALSE
PLUGIN_SYMPA Sympa Mailing List - Default: FALSE
PLUGIN_SYSTEMS Systems Management - Default: FALSE
PLUGIN_USER_REMINDER Password Expiry - Default: FALSE
PLUGIN_WEBLINK Display Weblink - Default: FALSE

Networking

The following ports are exposed.

Port Description
80 HTTP

Maintenance

Shell Access

For debugging and maintenance purposes you may want access the containers shell.

docker exec -it (whatever your container name is e.g. fusiondirectory) bash

References