docker-compose up -d
docker exec openldap ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
Created
January 25, 2019 17:52
-
-
Save thomasdarimont/d22a616a74b45964106461efb948df9c to your computer and use it in GitHub Desktop.
Docker OpenLDAP + phpldapadmin example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| openldap: | |
| image: osixia/openldap:1.2.3 | |
| container_name: openldap | |
| environment: | |
| LDAP_LOG_LEVEL: "256" | |
| LDAP_ORGANISATION: "Example Inc." | |
| LDAP_DOMAIN: "example.org" | |
| LDAP_BASE_DN: "" | |
| LDAP_ADMIN_PASSWORD: "admin" | |
| LDAP_CONFIG_PASSWORD: "config" | |
| LDAP_READONLY_USER: "false" | |
| LDAP_READONLY_USER_USERNAME: "readonly" | |
| LDAP_READONLY_USER_PASSWORD: "readonly" | |
| LDAP_RFC2307BIS_SCHEMA: "false" | |
| LDAP_BACKEND: "mdb" | |
| LDAP_TLS: "true" | |
| LDAP_TLS_CRT_FILENAME: "ldap.crt" | |
| LDAP_TLS_KEY_FILENAME: "ldap.key" | |
| LDAP_TLS_CA_CRT_FILENAME: "ca.crt" | |
| LDAP_TLS_ENFORCE: "false" | |
| LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0" | |
| LDAP_TLS_PROTOCOL_MIN: "3.1" | |
| LDAP_TLS_VERIFY_CLIENT: "demand" | |
| LDAP_REPLICATION: "false" | |
| #LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical" | |
| #LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical" | |
| #docker-compose.ymlLDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" | |
| KEEP_EXISTING_CONFIG: "false" | |
| LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" | |
| LDAP_SSL_HELPER_PREFIX: "ldap" | |
| tty: true | |
| stdin_open: true | |
| volumes: | |
| - /var/lib/ldap | |
| - /etc/ldap/slapd.d | |
| - /container/service/slapd/assets/certs/ | |
| ports: | |
| - "389:389" | |
| - "636:636" | |
| domainname: "example.org" # important: same as hostname | |
| hostname: "example.org" | |
| phpldapadmin: | |
| image: osixia/phpldapadmin:latest | |
| container_name: phpldapadmin | |
| environment: | |
| PHPLDAPADMIN_LDAP_HOSTS: "openldap" | |
| PHPLDAPADMIN_HTTPS: "false" | |
| ports: | |
| - "8080:80" | |
| depends_on: | |
| - openldap |
hostname: "example.org" | line causes container setup to fail with "slapd failed with status 1".
ubuntu 19.04, docker-ce 5:19.03.33-0ubuntu-disco , docker-compose 1.21.03
hostname: "example.org" | line causes container setup to fail with "slapd failed with status 1".
ubuntu 19.04, docker-ce 5:19.03.33-0ubuntu-disco , docker-compose 1.21.03
I eventually got it working by moving the hostname and domainname values to the top of the config and not having them as the same value as in the comment in the original yaml posted above. I'm still not sure why this was an issue:
version: '2'
services:
openldap:
image: osixia/openldap:latest
container_name: openldap
domainname: "example.org"
hostname: "openldap"
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "Example Inc."
LDAP_DOMAIN: "example.org"
LDAP_BASE_DN: "dc=example,dc=org"
LDAP_ADMIN_PASSWORD: "admin"
LDAP_CONFIG_PASSWORD: "config"
LDAP_READONLY_USER: "false"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_RFC2307BIS_SCHEMA: "false"
LDAP_BACKEND: "mdb"
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "ldap.crt"
LDAP_TLS_KEY_FILENAME: "ldap.key"
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_TLS_PROTOCOL_MIN: "3.1"
LDAP_TLS_VERIFY_CLIENT: "demand"
LDAP_REPLICATION: "false"
#LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
#LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
#docker-compose.ymlLDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
LDAP_SSL_HELPER_PREFIX: "ldap"
tty: true
stdin_open: true
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "8080:80"
depends_on:
- openldap
Note: this does not properly set the fqdn of the openldap container. Curiously - if you add values for the hostname and domainname under container_name of the phpldapamin container config it does properly set the fqdn of that container.
the website works but I cannot log in the ldapadmin website.
Using "example.com:8080" and
Login:cn=admin,dc=example,dc=org
Password:"admin"
Any idea?
the website works but I cannot log in the ldapadmin website.
Using "example.com:8080" and
Login:cn=admin,dc=example,dc=orgPassword:"admin"
Any idea?
Yes. This is the format.
Hello,
Can you help me ?
When I use launch the page localhost:8080 in firefox , I have the message:
Forbidden
You don't have permission to access this resource.
Thanks in advance.
docker run --name ldap-service --hostname ldap-service --detach osixia/openldap:1.1.8
docker run --name phpldapadmin-service --hostname phpldapadmin-service -p 6443:443 --link ldap-service:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.9.0
Login:
Username: "cn=admin,dc=example,dc=org"
Password: "admin"
hi.
I'm trying to login with
Username: cn=admin,dc=example,dc=org
Password: admin
but, ldap always show "user or passwor incorrect".
thanks for ur help
The osixia/openldap repo comes with a sample docker-compose.yml file
https://github.com/osixia/docker-openldap/blob/stable/example/docker-compose.yml
I also had the login–issue. Root cause was that the openldap–container failed and stopped immediately, throwing error messages that led to some really old bugreports.
The issue was resolved when I changed the line
image: osixia/openldap:1.2.3
to
image: osixia/openldap:latest
I'd suggest to change the example accordingly.
The osixia/openldap repo comes with a sample docker-compose.yml file
https://github.com/osixia/docker-openldap/blob/stable/example/docker-compose.yml
Thank you for the information. There is no stable branch. So the current example is here:
https://github.com/osixia/docker-openldap/blob/master/example/docker-compose.yml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
very niche 👍