bn8/docker-openldap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Docker Debian based image for quickly deploying a development OpenLDAP directory from backups of an existing directory
1 commit 1 branch 0 tags 32 KiB
  • Shell 100%
Find a file
Exact
Benjamin Renard 643b73077e
 Initial commit
2026-02-19 14:31:20 +01:00
rootfs Initial commit 2026-02-19 14:31:20 +01:00
.gitignore Initial commit 2026-02-19 14:31:20 +01:00
Dockerfile.common Initial commit 2026-02-19 14:31:20 +01:00
Dockerfile.debian11 Initial commit 2026-02-19 14:31:20 +01:00
Dockerfile.debian12 Initial commit 2026-02-19 14:31:20 +01:00
Dockerfile.debian13 Initial commit 2026-02-19 14:31:20 +01:00
README.md Initial commit 2026-02-19 14:31:20 +01:00

README.md

Docker OpenLDAP Dev Directory

This project provides a Docker image for quickly deploying a development OpenLDAP directory from backups of an existing directory. The image is based on Debian.

📦 Features

  • Automatic Restoration: On container startup, LDIF backup files (config.ldif and data.ldif) are automatically restored.
  • Multi-Database Support: Handles multiple LDAP databases.
  • Flexible Configuration: Configuration and data directories can be persisted using Docker volumes.
  • Auto-Generated ldapvi Profiles: A profile is created for each LDAP database, enabling easy management via ldapi:///.
  • SSL/TLS Support: If SSL certificates are configured in OpenLDAP, the container automatically manages permissions for the openldap user.
  • Multi-Protocol Listening: OpenLDAP listens on ldap:/// (TCP 389), ldapi:/// (Unix socket), and ldaps:/// (TCP 636, if SSL is configured).

🚀 Usage

1. Prerequisites

  • Docker installed on your system.
  • LDIF backup files (config.ldif and data.ldif) available in a local directory.

2. Run the Container

Mount your backup directory (/path/to/backups) to /var/backups/ldap in the container:

docker run -d \
  --name ldap \
  -v /path/to/backups:/var/backups/ldap \
  -p 389:389 \
  -p 636:636 \
  brenard/openldap

3. Persist Configuration and Data (Optional)

To persist OpenLDAP configuration and data across container restarts, mount additional volumes:

docker run -d \
  --name ldap-dev \
  -v /path/to/backups:/var/backups/ldap \
  -v /path/to/config:/etc/ldap/slapd.d \
  -v /path/to/data:/var/lib/ldap \
  -p 389:389 \
  -p 636:636 \
  brenard/openldap

4. Access the LDAP Directory

  • Use ldapsearch or ldapvi to interact with the directory: 
    ldapsearch -H ldap://localhost -x -b "dc=example,dc=com"
  • For ldapvi, use the auto-generated profiles: 
    ldapvi --profile <profile_name>

🔍 Important Notes

Backup Files

  • config.ldif: Export of OpenLDAP configuration (obtained via slapcat -b cn=config > config.ldif for instance).
  • data.ldif: Export of the LDAP database content.
  • For multiple databases, use data.[name].ldif (e.g., data.accesslog.ldif for a database stored in /var/lib/ldap/accesslog).

SSL/TLS Certificates

  • If SSL is configured, ensure the certificate files are mounted to the container.
  • The container automatically adds the openldap user to the ssl-cert group and sets appropriate permissions to these files.

ACLs for ldapi:///

  • For ldapvi profiles to work, ensure your OpenLDAP configuration includes an ACL allowing access via ldapi:///: 
    olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break

Persistence

  • To persist data, mount volumes for:
    • /etc/ldap/slapd.d (configuration)
    • /var/lib/ldap (default database directory)
    • Custom database directories (e.g., /var/lib/ldap/accesslog).

📝 License

This project is licensed under the GNU General Public License v3.0 or later (GPL-3.0-or-later).