Add: PHP Ldap ADMIN && Basic LDIF

This commit is contained in:
Luca 2022-12-14 21:57:05 +01:00
parent 9dde6c39b4
commit 22f43c6f1c
9 changed files with 130 additions and 11 deletions

1
.gitigonore Normal file
View File

@ -0,0 +1 @@
.env

View File

@ -3,19 +3,54 @@ FROM debian:stable-slim
ARG LDAP_ADMIN_PASSWORD ARG LDAP_ADMIN_PASSWORD
ARG LDAP_DOMAIN ARG LDAP_DOMAIN
ARG LDAP_ORGANISATION ARG LDAP_ORGANISATION
ARG LDAP_USER
ARG LDAP_GROUP
ENV LDAP_ADMIN_PASSWORD $LDAP_ADMIN_PASSWORD ENV LDAP_ADMIN_PASSWORD $LDAP_ADMIN_PASSWORD
ENV LDAP_ORGANISATION $LDAP_ORGANISATION ENV LDAP_ORGANISATION $LDAP_ORGANISATION
ENV LDAP_DOMAIN $LDAP_DOMAIN ENV LDAP_DOMAIN $LDAP_DOMAIN
ENV LDAP_USER $LDAP_USER
ENV LDAP_GROUP $LDAP_GROUP
RUN apt-get update -y && apt dist-upgrade -y RUN apt-get update -y && apt dist-upgrade -y
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils RUN DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
EXPOSE 389 RUN usermod -u ${LDAP_USER} openldap && \
groupmod -g ${LDAP_GROUP} openldap
ADD slapd.sh /opt/slapd ADD slapd.sh /opt/slapd
RUN /opt/slapd
RUN slapcat -n 0 \
|sed 's/cn: config/cn: config\nolcPasswordHash: {CRYPT}\nolcPasswordCryptSaltFormat: $6$%.16s/' \
|sed 's/cn: module{0}/cn: module{0}\nolcModuleLoad: {0}lastbind/' > /tmp/config.ldif && \
rm -rf /etc/ldap/slapd.d/* && \
slapadd -n 0 -F /etc/ldap/slapd.d/ -l /tmp/config.ldif && \
rm /tmp/config.ldif
RUN echo "dn: olcOverlay={0}lastbind, olcDatabase={1}mdb,cn=config\nobjectClass: olcLastBindConfig\nolcOverlay: {0}lastbind" \
| slapadd -n 0
COPY ./schema/*.ldif ./schema/*.schema /etc/ldap/schema/
RUN slapadd -l /etc/ldap/schema/nextcloud.ldif
RUN chmod -R o+rw /etc/ldap/slapd.d/ && \
chmod -R o+rwx /etc/ldap/slapd.d/cn=config/ && \
chmod -R o+rwx /etc/ldap/slapd.d/cn=config/cn=schema/ && \
chmod -R o+rw /var/run/slapd/
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
CMD /opt/slapd ADD entrypoint.sh /entrypoint.sh
#VOLUME ["/var/lib/ldap"]
ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 389
CMD ["/usr/sbin/slapd","-h", "ldap:///","-d","4"]

View File

@ -1,7 +1,24 @@
version: "2.4" version: "2.4"
services: services:
admin:
image: registry.audio-lab.org/ldapphpadmin
restart: always
links:
- ldap
ports:
- ${LDAP_ADMIN_PORT}:80
build:
context: phpldapadmin
dockerfile: Dockerfile
args:
- LDAP_BASE=${LDAP_BASE}
ldap: ldap:
user: ${USER_GROUP}
image: registry.audio-lab.org/ldap
restart: always
ports:
- ${LDAP_PORT}:389
build: build:
context: . context: .
dockerfile: Dockerfile dockerfile: Dockerfile
@ -9,4 +26,10 @@ services:
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD} - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_ORGANISATION=${LDAP_ORGANISATION} - LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN} - LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_USER=${LDAP_USER}
- LDAP_GROUP=${LDAP_GROUP}
environment:
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}

7
entrypoint.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/bash
set -x
RUN slapadd -n 0 -l /etc/ldap/schema/domain.ldif
exec $@

View File

@ -1,3 +1,5 @@
LDAP_ADMIN_PASSWORD=admin LDAP_ADMIN_PASSWORD=admin
LDAP_ORGANISATION=organisation LDAP_ORGANISATION=organisation
LDAP_DOMAIN=domain LDAP_DOMAIN=domain
LDAP_PORT=389
USER_GROUP=1000:1000

29
phpldapadmin/Dockerfile Normal file
View File

@ -0,0 +1,29 @@
FROM debian:stable-slim
ARG LDAP_BASE
ENV LDAP_BASE $LDAP_BASE
RUN apt-get update -y && apt dist-upgrade -y
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y wget
RUN wget http://ftp.de.debian.org/debian/pool/main/p/phpldapadmin/phpldapadmin_1.2.6.3-0.2_all.deb && \
apt install -y ./phpldapadmin_1.2.6.3-0.2_all.deb && \
rm *.deb
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ADD entrypoint.sh /entrypoint.sh
RUN sed -i "s/^.*setValue('server','host'.*/\$servers->setValue('server','host','ldap');/" /usr/share/phpldapadmin/config/config.php && \
sed -i "s/^.*setValue('server','base'.*/\$servers->setValue('server','base',array('${LDAP_BASE}'));/" /usr/share/phpldapadmin/config/config.php && \
sed -i "s/^.*setValue('login','bind_id'.*/\$servers->setValue('login','bind_id','cn=admin,${LDAP_BASE}');/" /usr/share/phpldapadmin/config/config.php
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
EXPOSE 80
CMD ["apachectl","-D","FOREGROUND"]
ENTRYPOINT ["/entrypoint.sh"]

7
phpldapadmin/entrypoint.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/bash
set -xe
echo "Running Apache"
exec $@

16
schema/nextcloud.ldif Normal file
View File

@ -0,0 +1,16 @@
dn: ou=users,dc=labiaga,dc=ikastola
objectClass: organizationalUnit
objectClass: top
ou: users
dn: ou=groups,dc=labiaga,dc=ikastola
objectClass: organizationalUnit
objectClass: top
ou: groups
dn: cn=irakasleak,ou=groups,dc=labiaga,dc=ikastola
objectClass: posixGroup
cn: irakasleak
gidNumber: 10000
memberUid: irakasleak

View File

@ -2,17 +2,13 @@
set -eu set -eu
status () {
echo "---> ${@}" >&2
}
set -x set -x
: LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD} : LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
: LDAP_DOMAIN=${LDAP_DOMAIN} : LDAP_DOMAIN=${LDAP_DOMAIN}
: LDAP_ORGANISATION=${LDAP_ORGANISATION} : LDAP_ORGANISATION=${LDAP_ORGANISATION}
if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
status "configuring slapd for first run" echo "configuring slapd for first run"
cat <<EOF | debconf-set-selections cat <<EOF | debconf-set-selections
slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PASSWORD} slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PASSWORD}
@ -34,9 +30,12 @@ EOF
touch /var/lib/ldap/docker_bootstrapped touch /var/lib/ldap/docker_bootstrapped
else else
status "found already-configured slapd" echo "found already-configured slapd"
fi fi
status "starting slapd" echo "starting slapd"
set -x set -x
exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d 0
exec $@