Tuesday, January 7, 2025
Google search engine
HomeSecurity & TestingHow To Run OpenLDAP Server in Docker Containers

How To Run OpenLDAP Server in Docker Containers

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

Welcome to this guide on how to run OpenLDAP Server in Docker Containers. LDAP, an acronym for Lightweight Directory Access Protocol is a protocol used to access and modify X.500-based directory service running over TCP/IP. It is used to share information about users, systems, networks, services, and applications from a directory service to other services/applications. OpenLDAP is a free and open-source implementation of LDAP. This tool is developed by the OpenLDAP Project and released under the unique BSD-style license called the OpenLDAP Public License.

OpenLDAP provides a command line from which system admins can build and manage the LDAP directory. This requires one to have a deep knowledge of the LDAP protocol and structure. However, this tussle can be swept away by using third-party applications like phpLDAPadmin. This is a web application from which one can interact with OpenLDAP via a simple UI.

OpenLDAP is preferred due to:

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

  • Low Costs – It is free, making it a common choice for startups.
  • OS-Agnosticism – It is fully supported on Mac, Windows, and Linux systems.
  • Flexibility – This gives it broad applicability.

Now let’s dive in and enjoy!.

#1. Install Docker Engine

It will be best if you have the following done before you begin the setup of OpenLDAP Server in Docker Containers.

  • Update the system and install the required packages
## On Debian/Ubuntu
sudo apt update && sudo apt upgrade
sudo apt install curl vim git

## On RHEL/CentOS/RockyLinux 8
sudo yum -y update
sudo yum -y install curl vim git

## On Fedora
sudo dnf update
sudo dnf -y install curl vim git
  • Install Docker Engine on your system. The below guide can help you achieve this.

Once installed, add your system user to the docker group.

sudo usermod -aG docker $USER
newgrp docker

Start and enable the docker service.

sudo systemctl start docker && sudo systemctl enable docker

#2. Provision OpenLDAP Docker Container

Running OpenLDAP in Docker containers requires one to define a few desired variables. There are quite a number of variables one can use when running the container.

To run a basic OpenLDAP container, use the command:

docker run --name openldap-server \
	--env LDAP_ORGANISATION="My Company" \
	--env LDAP_DOMAIN="ldap.example.com" \
	--env LDAP_ADMIN_PASSWORD="StrongAdminPassw0rd" \
	--detach osixia/openldap:latest

The above command will create a container with the domain name ldap.example.com, and the password for the admin as StrongAdminPassw0rd.

Data persistence

It is possible to create an OpenLDAP container that persists data. The directories /var/lib/ldap for the database and /etc/ldap/slapd.d for LDAP configurations need to be mapped for the data to be saved outside the container.

Delete current container:

docker rm -f openldap-server

First, create the Data volumes.

sudo mkdir -p /data/slapd/config
sudo mkdir /data/slapd/database

Set the right permissions.

sudo chmod 775 -R /data/slapd
sudo chown -R $USER:docker /data/slapd

On Rhel-based systems, configure SELinux as below.

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

You can now use the two volumes for data persistence by mapping them as shown:

docker run --name openldap-server \
	--env LDAP_ORGANISATION="My Company" \
	--env LDAP_DOMAIN="ldap.example.com" \
	--env LDAP_ADMIN_PASSWORD="StrongAdminPassw0rd" \
        --volume /data/slapd/database:/var/lib/ldap \
        --volume /data/slapd/config:/etc/ldap/slapd.d \
	--detach osixia/openldap:latest

Configure TLS

When running OpenLDAP in docker containers, SSL is enabled by default and uses its own generated certificates. However, you can use custom certificates at your runtime. The directory containing the certificates needs to be mapped to /container/service/slapd/assets/certs, then names adjusted.

.....
 --volume /path/to/certificates:/container/service/slapd/assets/certs \
 --env LDAP_TLS_CRT_FILENAME=my-ldap.crt \
 --env LDAP_TLS_KEY_FILENAME=my-ldap.key \
 --env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \
.......

To disable SSL, the variable below can be used:

......
--env LDAP_TLS=false 
.....

Set OpenLDAP Base DN

You can also set the Base DN when running the container. The environment variable is used as shown.

....
--env LDAP_BASE_DN="dc=neveropen,dc=com"
....

#3. Run OpenLDAP in Docker Containers

The above variables can now be put together when initializing the OpenLDAP container as shown.

docker run \
      --name openldap-server \
        -p 389:389 \
        -p 636:636 \
        --hostname ldap.geeksforgeeks.org \
	--env LDAP_ORGANISATION="My Company" \
	--env LDAP_DOMAIN="geeksforgeeks.org" \
	--env LDAP_ADMIN_PASSWORD="StrongAdminPassw0rd" \
        --env LDAP_BASE_DN="dc=neveropen,dc=com" \
        --volume /data/slapd/database:/var/lib/ldap \
        --volume /data/slapd/config:/etc/ldap/slapd.d \
	--detach osixia/openldap:latest

Verify if the container is running with the ports exposed.

$ docker ps
24ce38a6c74f   osixia/openldap:latest   "/container/tool/run"   8 seconds ago   Up 6 seconds   0.0.0.0:389->389/tcp, :::389->389/tcp, 0.0.0.0:636->636/tcp, :::636->636/tcp   openldap-server

If you have a firewall enabled, allow the ports through it:

##For UFW
sudo ufw allow 389/tcp
sudo ufw allow 636/tcp

##For Firewalld
sudo firewall-cmd --add-port=389/tcp --permanent
sudo firewall-cmd --add-port=636/tcp --permanent
sudo firewall-cmd --reload

#4. Run phpLDAPadmin In Docker Containers

For easier administration, we will run phpLDAPadmin in Docker as well. This will provide a web UI to easily populate users and groups for OpenLDAP.

docker run \
    --name phpldapadmin \
    -p 10080:80 \
    -p 10443:443 \
    --hostname phpldapadmin-service \
    --link openldap-server:ldap-host \
    --env PHPLDAPADMIN_LDAP_HOSTS=ldap.geeksforgeeks.org \
    --detach osixia/phpldapadmin:latest

Verify if the container is running:

$ docker ps
CONTAINER ID   IMAGE                        COMMAND                 CREATED              STATUS              PORTS                                                                          NAMES
785ca2657e65   osixia/phpldapadmin:latest   "/container/tool/run"   5 seconds ago   Up 4 seconds   0.0.0.0:10080->80/tcp, :::10080->80/tcp, 0.0.0.0:10443->443/tcp, :::10443->443/tcp   phpldapadmin-service
24ce38a6c74f   osixia/openldap:latest       "/container/tool/run"   About a minute ago   Up About a minute   0.0.0.0:389->389/tcp, :::389->389/tcp, 0.0.0.0:636->636/tcp, :::636->636/tcp   phpldapadmin

#5. Access the OpenLDAP via Web UI

You can now proceed and access OpenLDAP via the Web UI using the URL https://IP_Address:10443.

How To Run OpenLDAP Server in Docker Containers

Log in to the interface. For this case the credentials will be:

Login DN = cn=admin,dc=neveropen,dc=com
Password = StrongAdminPassw0rd

Fill in the credentials as shown below.

How To Run OpenLDAP Server in Docker Containers 1

On successful login, you will see the below dashboard.

How To Run OpenLDAP Server in Docker Containers 2

1. Create Organizational Units

Click on the “dc=neveropen,dc=com”-> Create a child Entry to create a new Organizational Unit.

How To Run OpenLDAP Server in Docker Containers 3

There are several entries. For this guide, we will create two categories; groups and users. So we will proceed with the Generic: Organizational Unit template. Provide the name of the organizational unit(groups)

How To Run OpenLDAP Server in Docker Containers 4

Proceed and commit the made changes.

How To Run OpenLDAP Server in Docker Containers 5

You can repeat the same to create an entry for users. Remember this child Entry is created on dc=neveropen,dc=com

After this, the new entries will be added.

How To Run OpenLDAP Server in Docker Containers 6

2. Create Groups

We can now create groups with the required access rights. To create a group, click on the Groups category created.

How To Run OpenLDAP Server in Docker Containers 7

Click on Create a child entry and choose Generic: Posix Group.

How To Run OpenLDAP Server in Docker Containers 8

Provide the group name say “employer” and click on Create Object.

How To Run OpenLDAP Server in Docker Containers 9

Commit the changes made.

How To Run OpenLDAP Server in Docker Containers 10

You can repeat the same process when creating another group say “employees“. The created groups will appear as shown.

How To Run OpenLDAP Server in Docker Containers 11

View details for the groups by clicking on the ou=groups category then View 2 children.

How To Run OpenLDAP Server in Docker Containers 12

3. Create Users.

Begin by clicking the “ou=users” category. Then “Create a child entry”.

How To Run OpenLDAP Server in Docker Containers 13

On the entry list, click on Generic: User Account

How To Run OpenLDAP Server in Docker Containers 14

Proceed and provide the details for the user.

How To Run OpenLDAP Server in Docker Containers 15

Create and proceed to commit the changes.

How To Run OpenLDAP Server in Docker Containers 16

Use this procedure to create more and more users. View the users by clicking on the “ou=users” category and view 2*+ children

How To Run OpenLDAP Server in Docker Containers 17

4. Add Users to Groups

Users can be added to desired groups. This is done by clicking on ou=groups-> Desired group and selecting “Add new attribute

How To Run OpenLDAP Server in Docker Containers 18

Proceed and select “memberUid” from the drop-down list.

How To Run OpenLDAP Server in Docker Containers 19

In the text box, provide the user to be added and click update.

How To Run OpenLDAP Server in Docker Containers 20

Commit the changes.

How To Run OpenLDAP Server in Docker Containers 21

You can now add more members by clicking modify group members.

How To Run OpenLDAP Server in Docker Containers 22

Select the members to be added and save the changes.

How To Run OpenLDAP Server in Docker Containers 23

Voila!

That marks the end of this guide on how to run OpenLDAP Server in Docker Containers. You now have your OpenLDAP Server running with users and groups added. I hope this was significant.

Related posts:

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments