docker-openldap

openldap based on bitnami openldap with ppolicy, password hashing and support for ldif migrations

★ ★ ★ Please star this project if you found it useful. ★ ★ ★

docker pull registry.gitlab.com/bitspur/rock8s/docker-openldap

This image was created to address some limitations with the bitnami openldap image while still maintaining maximum compatibility with it.

You can view additional versions of the image at https://gitlab.com/bitspur/rock8s/docker-openldap/container_registry/4388893.

New Features

There are several new features that have been added to this image.

1. Password hashing

A new environment variable called LDAP_HASH_PASSWORD has been added that will automatically setup the environment to hash passwords. By default it is set to SHA512CRYPT, the strongest hashing algorithm available. The available options are the following.

NONE
SSHA
MD5
CRYPT
MD5CRYPT
SHA256CRYPT
SHA512CRYPT

2. Ldif migrations

The /ldifs folder does not support ldif migrations (records with a changetype). Instead /ldifs can only add new records.

If you need to modify existing records, put ldif migration files in the /migrations folder.

3. Support for .schema extension

The /schemas directory can include .ldif schemas or .schema schemas.

You can see some examples at context/schemas.

4. Templating support

The /schemas, /ldifs and /migrations directories all support .ldif.tmpl files which will be templated.

You can see an example at context/ldifs/00-organization.ldif.tmpl.

5. Support for additional modules and schemas

You can find the list of supported modules and schemas HERE

6. Easily compile custom modules into the image

You can see an example of this in the Dockerfile

7. Added support for slapcat command

Compatibility

his image based on the bitnami openldap image and is mostly compatible with the bitnami openldap image.

You can reference the official bitnami openldap image at the links below.

There are a few important differences though.

LDAP_CUSTOM_SCHEMA_DIR should not be changed. If you need to add custom schemas they must be placed in the /schemas directory.
LDAP_CUSTOM_LDIF_DIR should not be changed. If you need to add custom ldifs they must be placed in the /ldifs directory.
The version of ldap is different than the version used in bitnami. This is because openldap had to be compiled from scratch to add new modules. The most stable way to compile openldap was using the src from debian. This means the version will always match the version of the debian release instead of the version provided by bitnami.

Build

make build

Debug

start openldap
```
make up
```
open phpldapadmin at localhost:8080
start a shell to interact with ldap
```
make shell
```
run slapcat or ldapsearch commands to test and inspect

You can reference some useful commands at openldap-cheatsheet

Supported Modules and Schemas

Schemas

The following list of schemas are included in this release of openldap and can be enabled with the LDAP_EXTRA_SCHEMAS variable.

collective
corba
core
cosine
dsee
duaconf
dyngroup
inetorgperson
java
misc
msuser
namedobject
nis
openldap
pmi
ppolicy

Modules

The following list of modules are compiled in this release of openldap.

accesslog
auditlog
autogroup
back_bdb
back_dnssrv
back_hdb
back_ldap
back_meta
back_null
back_passwd
back_perl
back_relay
back_shell
back_sock
back_sql
collect
constraint
dds
deref
dyngroup
dynlist
hello_world
lastbind
memberof
pcache
ppolicy
pw-apr1
pw-argon2
pw-netscape
pw-pbkdf2
pw-sha2
refint
retcode
rwm
seqmod
smbk5pwd
smbkrb5pwd
smbkrb5pwd_srv
sssvlv
syncprov
translucent
unique
valsort

clayrisser/docker-openldap