A simple and light Docker image for querying G Suite domains via Secure LDAP.
Google G Suite LDAP queries can be performed with OpenLDAP and STunnel, which are the sole tenants of this image.
The purpose is to be able to query and test your LDAP queries, in an easy and quick way - without ever leaving crums behind.
Deploying in an ephemeral approach is the preferred way, as STunnel takes little to no time launching. It is encouraged to keep the clean-up-after-yourself flag [--rm
].
The private .crt/.key
combination that you've downloaded should be moved into the keys
folder and renamed stunnel
as such:
/path/to/repo/keys/stunnel.crt
/path/to/repo/keys/stunnel.key
Which you can do after you've downloaded them. Unzip the archive into the keys
folder, cd
into it and run the commands:
cp *.crt stunnel.crt
cp *.key stunnel.key
The keys
folder is the folder attached to the container holding the certificates. It should be linked to the /data
folder in the container.
Alternatively, you can mount these files individually, renaming them inside the container to:
/data/stunnel.crt
/data/stunnel.key
Finally define the following environment variables when starting the container:
LDAP_USER=username
LDAP_PASS=password
LDAP_BASESEARCH=dc=ldaptest,dc=eu
Either export, source or replace the variables from the command below to perform a query:
docker run --rm -ti \
--name gldap \
-v `pwd`/keys:/data \
-e LDAP_USER=$LDAP_USER \
-e LDAP_PASS=$LDAP_PASS \
-e LDAP_BASESEARCH=$LDAP_BASESEARCH \
zalgonoise/gldap:latest \
$LDAP_FILTER
You can also use --env-file
and populate the provided template:
docker run --rm -ti \
--name gldap \
-v `pwd`/keys:/data \
--env-file `pwd`/secrets.env \
zalgonoise/gldap:latest
Lastly, the containter supports the unzip
action, so you can provide the .zip
file directly:
docker run --rm -ti \
--name gldap \
-v ~/Downloads/Google_2023_02_04_48611.zip:/data/Google.zip \
--env-file `pwd`/secrets.env \
zalgonoise/gldap:latest
If you prefer to add the .crt/.key combination individually:
docker run --rm -ti \
--name gldap \
-v `pwd`/keys/Google_20YY_MM_DD_XXXXX.crt:/data/stunnel.crt:ro \
-v `pwd`/keys/Google_20YY_MM_DD_XXXXX.key:/data/stunnel.key:ro \
-e LDAP_USER=$LDAP_USER \
-e LDAP_PASS=$LDAP_PASS \
-e LDAP_BASESEARCH=$LDAP_BASESEARCH \
zalgonoise/gldap:latest \
$LDAP_FILTER
You will be returned an output of the STunnel service, followed by the result of your LDAP query.
Running queries in OpenLDAP debug mode (by attaching the flag -d5
to the ldapsearch
command) can be done in through the LDAP_FILTER
environment variable or provided as the first argument to the container:
docker run --rm -ti \
--name gldap \
-v `pwd`/keys/Google_20YY_MM_DD_XXXXX.crt:/data/stunnel.crt:ro \
-v `pwd`/keys/Google_20YY_MM_DD_XXXXX.key:/data/stunnel.key:ro \
-e LDAP_USER=$LDAP_USER \
-e LDAP_PASS=$LDAP_PASS \
-e LDAP_BASESEARCH=$LDAP_BASESEARCH \
zalgonoise/gldap:latest \
-d5 "objectClass=*"
This action will add the -d5
flag to ldapsearch
, dumping the debug output for your query.
~ ZalgoNoise ~ 2020 ~