flavienbwk/ZULIP-DOCKER-LDAP.md

## docker-compose.yml
version: '2'

services:

  database:
    image: 'zulip/zulip-postgresql:10'
    environment:
      POSTGRES_DB: 'zulip'
      POSTGRES_USER: 'zulip'
      # Note that you need to do a manual `ALTER ROLE` query if you
      # change this on a system after booting the postgres container
      # the first time on a host.  Instructions are available in README.md.
      POSTGRES_PASSWORD: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
    volumes:
      - '/srv/docker/zulip/postgresql/data:/var/lib/postgresql/data:rw'

  memcached:
    image: 'memcached:alpine'
    command:
      - 'sh'
      - '-euc'
      - |
        echo 'mech_list: plain' > "$$SASL_CONF_PATH"
        echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
        exec memcached -S
    environment:
      SASL_CONF_PATH: '/home/memcache/memcached.conf'
      MEMCACHED_SASL_PWDB: '/home/memcache/memcached-sasl-db'
      MEMCACHED_PASSWORD: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
    restart: always

  rabbitmq:
    image: 'rabbitmq:3.7.7'
    hostname: zulip-rabbit
    restart: always
    environment:
        RABBITMQ_DEFAULT_USER: 'zulip'
        RABBITMQ_DEFAULT_PASS: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
    volumes:
      - '/srv/docker/zulip/rabbitmq:/var/lib/rabbitmq:rw'

  redis:
    image: 'redis:alpine'
    command:
      - 'sh'
      - '-euc'
      - |
        echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
        exec redis-server /etc/redis.conf
    environment:
      REDIS_PASSWORD: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
    volumes:
      - '/srv/docker/zulip/redis:/data:rw'

  zulip:
    image: 'zulip/docker-zulip:2.1.2-0'
    build:
      context: .
      args:
        # Change these if you want to build zulip from a different repo/branch
        ZULIP_GIT_URL: https://github.com/zulip/zulip.git
        ZULIP_GIT_REF: 2.1.2
        # Set this up if you plan to use your own CA certificate bundle for building
        # CUSTOM_CA_CERTIFICATES:
    ports:
      - '4443:443'
    environment:
      DB_HOST: 'database'
      DB_HOST_PORT: '5432'
      DB_USER: 'zulip'
      SSL_CERTIFICATE_GENERATION: 'self-signed'
      SETTING_MEMCACHED_LOCATION: 'memcached:11211'
      SETTING_RABBITMQ_HOST: 'rabbitmq'
      SETTING_REDIS_HOST: 'redis'
      SECRETS_email_password: '123456789'
      # These should match RABBITMQ_DEFAULT_PASS, POSTGRES_PASSWORD,
      # MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
      SECRETS_rabbitmq_password: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
      SECRETS_postgres_password: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
      SECRETS_memcached_password: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
      SECRETS_redis_password: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
      SECRETS_secret_key: 'REPLACE_WITH_SECURE_SECRET_KEY'
      SETTING_EXTERNAL_HOST: 'localhost:4443'
      SETTING_ZULIP_ADMINISTRATOR: 'admin@example.com'
      SETTING_EMAIL_HOST: ''  # e.g. smtp.example.com
      SETTING_EMAIL_HOST_USER: 'noreply@example.com'
      SETTING_EMAIL_PORT: '587'
      # It seems that the email server needs to use ssl or tls and can't be used without it
      SETTING_EMAIL_USE_SSL: 'False'
      SETTING_EMAIL_USE_TLS: 'True'
      # Uncomment this when configuring the mobile push notifications service
      # SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
      ZULIP_AUTH_BACKENDS: "EmailAuthBackend,ZulipLDAPAuthBackend"
      SETTING_AUTH_LDAP_SERVER_URI: "ldap://172.17.0.1" # Or docker0 interface IP if LDAP is on same host
      SETTING_AUTH_LDAP_BIND_DN: "cn=admin,dc=mycompany"
      SECRETS_auth_ldap_bind_password: "mypassword"
      SETTING_AUTH_LDAP_USER_SEARCH: 'LDAPSearch("cn=mygroup,dc=mycompany", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")'
      SETTING_LDAP_APPEND_DOMAIN: "example.com"
      SETTING_AUTH_LDAP_USER_ATTR_MAP: '{ "first_name": "givenName", "last_name": "sn" }'
    volumes:
      - '/srv/docker/zulip/zulip:/data:rw'

    ulimits:
      nofile:
        soft: 40000
        hard: 50000

## ZULIP-DOCKER-LDAP.md

      
    Raw
  

              ZULIP-DOCKER-LDAP.md
            
          
    How to install Zulip with Docker and LDAP authentication ?

0. Clone the docker-zulip repository

git clone https://github.com/zulip/docker-zulip
cd docker-zulip

1. Configure LDAP

Go to docker-compose.py and set the appropriate settings (see this gist's docker-compose.yml file)
2. Launch

docker-compose up -d
3. Create your Zulip organization and admin user

ℹ️ You don't need a working mail server to use Zulip as we use LDAP
docker exec -it <zulip_container_id>

# In container
cd /root/zulip
su zulip
./manage.py generate_realm_creation_link
A link will display, click on it and follow the guidelines !
	version: '2'

	services:

	database:
	image: 'zulip/zulip-postgresql:10'
	environment:
	POSTGRES_DB: 'zulip'
	POSTGRES_USER: 'zulip'
	# Note that you need to do a manual `ALTER ROLE` query if you
	# change this on a system after booting the postgres container
	# the first time on a host. Instructions are available in README.md.
	POSTGRES_PASSWORD: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
	volumes:
	- '/srv/docker/zulip/postgresql/data:/var/lib/postgresql/data:rw'

	memcached:
	image: 'memcached:alpine'
	command:
	- 'sh'
	- '-euc'
	- \|
	echo 'mech_list: plain' > "$$SASL_CONF_PATH"
	echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
	exec memcached -S
	environment:
	SASL_CONF_PATH: '/home/memcache/memcached.conf'
	MEMCACHED_SASL_PWDB: '/home/memcache/memcached-sasl-db'
	MEMCACHED_PASSWORD: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
	restart: always

	rabbitmq:
	image: 'rabbitmq:3.7.7'
	hostname: zulip-rabbit
	restart: always
	environment:
	RABBITMQ_DEFAULT_USER: 'zulip'
	RABBITMQ_DEFAULT_PASS: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
	volumes:
	- '/srv/docker/zulip/rabbitmq:/var/lib/rabbitmq:rw'

	redis:
	image: 'redis:alpine'
	command:
	- 'sh'
	- '-euc'
	- \|
	echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
	exec redis-server /etc/redis.conf
	environment:
	REDIS_PASSWORD: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
	volumes:
	- '/srv/docker/zulip/redis:/data:rw'

	zulip:
	image: 'zulip/docker-zulip:2.1.2-0'
	build:
	context: .
	args:
	# Change these if you want to build zulip from a different repo/branch
	ZULIP_GIT_URL: https://github.com/zulip/zulip.git
	ZULIP_GIT_REF: 2.1.2
	# Set this up if you plan to use your own CA certificate bundle for building
	# CUSTOM_CA_CERTIFICATES:
	ports:
	- '4443:443'
	environment:
	DB_HOST: 'database'
	DB_HOST_PORT: '5432'
	DB_USER: 'zulip'
	SSL_CERTIFICATE_GENERATION: 'self-signed'
	SETTING_MEMCACHED_LOCATION: 'memcached:11211'
	SETTING_RABBITMQ_HOST: 'rabbitmq'
	SETTING_REDIS_HOST: 'redis'
	SECRETS_email_password: '123456789'
	# These should match RABBITMQ_DEFAULT_PASS, POSTGRES_PASSWORD,
	# MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
	SECRETS_rabbitmq_password: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
	SECRETS_postgres_password: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
	SECRETS_memcached_password: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
	SECRETS_redis_password: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
	SECRETS_secret_key: 'REPLACE_WITH_SECURE_SECRET_KEY'
	SETTING_EXTERNAL_HOST: 'localhost:4443'
	SETTING_ZULIP_ADMINISTRATOR: 'admin@example.com'
	SETTING_EMAIL_HOST: '' # e.g. smtp.example.com
	SETTING_EMAIL_HOST_USER: 'noreply@example.com'
	SETTING_EMAIL_PORT: '587'
	# It seems that the email server needs to use ssl or tls and can't be used without it
	SETTING_EMAIL_USE_SSL: 'False'
	SETTING_EMAIL_USE_TLS: 'True'
	# Uncomment this when configuring the mobile push notifications service
	# SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
	ZULIP_AUTH_BACKENDS: "EmailAuthBackend,ZulipLDAPAuthBackend"
	SETTING_AUTH_LDAP_SERVER_URI: "ldap://172.17.0.1" # Or docker0 interface IP if LDAP is on same host
	SETTING_AUTH_LDAP_BIND_DN: "cn=admin,dc=mycompany"
	SECRETS_auth_ldap_bind_password: "mypassword"
	SETTING_AUTH_LDAP_USER_SEARCH: 'LDAPSearch("cn=mygroup,dc=mycompany", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")'
	SETTING_LDAP_APPEND_DOMAIN: "example.com"
	SETTING_AUTH_LDAP_USER_ATTR_MAP: '{ "first_name": "givenName", "last_name": "sn" }'
	volumes:
	- '/srv/docker/zulip/zulip:/data:rw'

	ulimits:
	nofile:
	soft: 40000
	hard: 50000