sushant-pradhan/Dockerfile

## README.md

      
    Raw
  

              README.md
            
          
    OpenLDAP proxy running as docker service

Build and run Docker Image

# Copy any certs (root and intermediate) to the current directory and modify the Dockerfile accordingly
# Update slapd.conf: uri, suffix, binddn and credentials
docker build -t openldap-proxy .
# Start the container
docker run --name openldap-proxy -p 389:389 -d openldap-proxy
# Check the process logs
docker logs openldap-proxy -f
Validate

Use any LDAP browser like Apache Studio or JXplorer and try to connect to localhost:389. Use the binddn, credentials from slapd.conf as credentials

  
## Dockerfile
# Pull base image from authorized source
FROM centos:7

# Install the necessary packages for LDAP Proxy server
RUN yum install openldap openldap-clients openldap-servers -y

# Copy openldap configuration
COPY ./slapd.conf /etc/openldap/slapd.conf

# Copy certs (root and intermediate)
COPY ./root.cer /tmp/root.cer
COPY ./intermediate.cer /tmp/intermediate.cer
# Copy additional certs if any

# Add root and intermediate cert(s) to keystore
RUN certutil -A -n ca -t c -i /tmp/root.cer -d /etc/openldap/certs/ && \
	certutil -A -n inter1 -t c -i /tmp/intermediate.cer -d /etc/openldap/certs/ # Install additional certs if any

# Remove unneeded directories, files
RUN rm -rf /etc/openldap/slapd.d && rm -rf /tmp/*.cer

# Entry point. Start slapd service
ENTRYPOINT ["/usr/sbin/slapd", "-h", "ldap:///", "-g", "ldap", "-u", "ldap", "-d", "2"]

## slapd.conf
### Schema includes ###########################################################
include                 /etc/openldap/schema/core.schema
include                 /etc/openldap/schema/cosine.schema
include                 /etc/openldap/schema/inetorgperson.schema
include                 /etc/openldap/schema/misc.schema
include                 /etc/openldap/schema/nis.schema

## Module paths ##############################################################
modulepath              /usr/lib64/openldap/
moduleload              back_ldap
moduleload              rwm

TLSVerifyClient never

# Main settings ###############################################################
pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args

### Database definition (Proxy to AD) #########################################
database                ldap
readonly                yes
protocol-version        3
rebind-as-user
uri                     "ldaps://<<LDAPS server url>>"
suffix                  "dc=domain,dc=local"
idassert-bind 		bindmethod=simple
	    		binddn="cn=svc_test_ad,ou=Service Accounts,ou=Admin,ou=Infrastructure,dc=domain,dc=local"
	    		credentials="****"
	    		tls_reqcert=never
	    		tls_cacertdir=/etc/openldap/certs/

### Logging ###################################################################
loglevel                0
	# Pull base image from authorized source
	FROM centos:7

	# Install the necessary packages for LDAP Proxy server
	RUN yum install openldap openldap-clients openldap-servers -y

	# Copy openldap configuration
	COPY ./slapd.conf /etc/openldap/slapd.conf

	# Copy certs (root and intermediate)
	COPY ./root.cer /tmp/root.cer
	COPY ./intermediate.cer /tmp/intermediate.cer
	# Copy additional certs if any

	# Add root and intermediate cert(s) to keystore
	RUN certutil -A -n ca -t c -i /tmp/root.cer -d /etc/openldap/certs/ && \
	certutil -A -n inter1 -t c -i /tmp/intermediate.cer -d /etc/openldap/certs/ # Install additional certs if any

	# Remove unneeded directories, files
	RUN rm -rf /etc/openldap/slapd.d && rm -rf /tmp/*.cer

	# Entry point. Start slapd service
	ENTRYPOINT ["/usr/sbin/slapd", "-h", "ldap:///", "-g", "ldap", "-u", "ldap", "-d", "2"]
	### Schema includes ###########################################################
	include /etc/openldap/schema/core.schema
	include /etc/openldap/schema/cosine.schema
	include /etc/openldap/schema/inetorgperson.schema
	include /etc/openldap/schema/misc.schema
	include /etc/openldap/schema/nis.schema

	## Module paths ##############################################################
	modulepath /usr/lib64/openldap/
	moduleload back_ldap
	moduleload rwm

	TLSVerifyClient never

	# Main settings ###############################################################
	pidfile /var/run/openldap/slapd.pid
	argsfile /var/run/openldap/slapd.args

	### Database definition (Proxy to AD) #########################################
	database ldap
	readonly yes
	protocol-version 3
	rebind-as-user
	uri "ldaps://<<LDAPS server url>>"
	suffix "dc=domain,dc=local"
	idassert-bind bindmethod=simple
	binddn="cn=svc_test_ad,ou=Service Accounts,ou=Admin,ou=Infrastructure,dc=domain,dc=local"
	credentials="****"
	tls_reqcert=never
	tls_cacertdir=/etc/openldap/certs/

	### Logging ###################################################################
	loglevel 0