Add: PHP Ldap ADMIN && Basic LDIF

.gitigonore

@@ -0,0 +1 @@
+.env

Dockerfile

@@ -3,19 +3,54 @@ FROM debian:stable-slim
 ARG LDAP_ADMIN_PASSWORD
 ARG LDAP_DOMAIN
 ARG LDAP_ORGANISATION
+ARG LDAP_USER
+ARG LDAP_GROUP
 
 ENV LDAP_ADMIN_PASSWORD $LDAP_ADMIN_PASSWORD
 ENV LDAP_ORGANISATION $LDAP_ORGANISATION
 ENV LDAP_DOMAIN $LDAP_DOMAIN
+ENV LDAP_USER $LDAP_USER
+ENV LDAP_GROUP $LDAP_GROUP
 
 RUN apt-get update -y && apt dist-upgrade -y
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
 
-EXPOSE 389
+RUN usermod -u ${LDAP_USER} openldap && \
+    groupmod -g ${LDAP_GROUP} openldap
 
 ADD slapd.sh /opt/slapd
+RUN /opt/slapd
+
+RUN slapcat -n 0 \
+    |sed 's/cn: config/cn: config\nolcPasswordHash: {CRYPT}\nolcPasswordCryptSaltFormat: $6$%.16s/' \
+    |sed 's/cn: module{0}/cn: module{0}\nolcModuleLoad: {0}lastbind/' > /tmp/config.ldif && \
+    rm -rf /etc/ldap/slapd.d/* && \
+    slapadd -n 0 -F /etc/ldap/slapd.d/ -l /tmp/config.ldif && \
+    rm /tmp/config.ldif
+
+RUN echo "dn: olcOverlay={0}lastbind, olcDatabase={1}mdb,cn=config\nobjectClass: olcLastBindConfig\nolcOverlay: {0}lastbind" \
+    | slapadd -n 0
+
+
+COPY ./schema/*.ldif ./schema/*.schema /etc/ldap/schema/
+
+RUN slapadd -l /etc/ldap/schema/nextcloud.ldif
+
+RUN chmod -R o+rw /etc/ldap/slapd.d/ && \
+    chmod -R o+rwx /etc/ldap/slapd.d/cn=config/ && \
+    chmod -R o+rwx /etc/ldap/slapd.d/cn=config/cn=schema/ && \
+    chmod -R o+rw /var/run/slapd/
 
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-CMD /opt/slapd
+ADD entrypoint.sh /entrypoint.sh
+
+#VOLUME ["/var/lib/ldap"]
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+EXPOSE 389
+
+CMD ["/usr/sbin/slapd","-h", "ldap:///","-d","4"]
+

docker-compose.yml

@@ -1,7 +1,24 @@
 version: "2.4"
 
 services:
+  admin:
+    image: registry.audio-lab.org/ldapphpadmin
+    restart: always
+    links:
+      - ldap
+    ports:
+      - ${LDAP_ADMIN_PORT}:80
+    build:
+      context: phpldapadmin
+      dockerfile: Dockerfile
+      args:
+        - LDAP_BASE=${LDAP_BASE}
   ldap:
+    user: ${USER_GROUP}
+    image: registry.audio-lab.org/ldap
+    restart: always
+    ports:
+      - ${LDAP_PORT}:389
     build: 
       context: .
       dockerfile: Dockerfile
@@ -9,4 +26,10 @@ services:
         - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
         - LDAP_ORGANISATION=${LDAP_ORGANISATION}
         - LDAP_DOMAIN=${LDAP_DOMAIN}
-    
+        - LDAP_USER=${LDAP_USER}
+        - LDAP_GROUP=${LDAP_GROUP}
+    environment:
+      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
+      - LDAP_ORGANISATION=${LDAP_ORGANISATION}
+      - LDAP_DOMAIN=${LDAP_DOMAIN}
+

entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -x
+
+RUN slapadd -n 0 -l /etc/ldap/schema/domain.ldif
+
+exec $@

env.sample

@@ -1,3 +1,5 @@
 LDAP_ADMIN_PASSWORD=admin
 LDAP_ORGANISATION=organisation
 LDAP_DOMAIN=domain
+LDAP_PORT=389
+USER_GROUP=1000:1000

phpldapadmin/Dockerfile

@@ -0,0 +1,29 @@
+FROM debian:stable-slim
+
+ARG LDAP_BASE
+
+ENV LDAP_BASE $LDAP_BASE
+
+RUN apt-get update -y && apt dist-upgrade -y
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y wget
+
+RUN wget http://ftp.de.debian.org/debian/pool/main/p/phpldapadmin/phpldapadmin_1.2.6.3-0.2_all.deb && \
+	apt install -y ./phpldapadmin_1.2.6.3-0.2_all.deb && \
+	rm *.deb
+
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ADD entrypoint.sh /entrypoint.sh
+
+RUN sed -i "s/^.*setValue('server','host'.*/\$servers->setValue('server','host','ldap');/" /usr/share/phpldapadmin/config/config.php && \
+    sed -i "s/^.*setValue('server','base'.*/\$servers->setValue('server','base',array('${LDAP_BASE}'));/" /usr/share/phpldapadmin/config/config.php && \
+    sed -i "s/^.*setValue('login','bind_id'.*/\$servers->setValue('login','bind_id','cn=admin,${LDAP_BASE}');/" /usr/share/phpldapadmin/config/config.php
+	
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+EXPOSE 80
+
+CMD ["apachectl","-D","FOREGROUND"]
+
+ENTRYPOINT ["/entrypoint.sh"]

phpldapadmin/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -xe
+
+echo "Running Apache"
+
+exec $@

schema/nextcloud.ldif

@@ -0,0 +1,16 @@
+dn: ou=users,dc=labiaga,dc=ikastola
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: ou=groups,dc=labiaga,dc=ikastola
+objectClass: organizationalUnit
+objectClass: top
+ou: groups
+
+dn: cn=irakasleak,ou=groups,dc=labiaga,dc=ikastola
+objectClass: posixGroup
+cn: irakasleak
+gidNumber: 10000
+memberUid: irakasleak
+

slapd.sh

@@ -2,17 +2,13 @@
 
 set -eu
 
-status () {
-  echo "---> ${@}" >&2
-}
-
 set -x
 : LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
 : LDAP_DOMAIN=${LDAP_DOMAIN}
 : LDAP_ORGANISATION=${LDAP_ORGANISATION}
 
 if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
-  status "configuring slapd for first run"
+  echo "configuring slapd for first run"
 
   cat <<EOF | debconf-set-selections
 slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PASSWORD}
@@ -34,9 +30,12 @@ EOF
 
   touch /var/lib/ldap/docker_bootstrapped
 else
-  status "found already-configured slapd"
+  echo "found already-configured slapd"
 fi
 
-status "starting slapd"
+echo "starting slapd"
 set -x
-exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d 0
+
+
+
+exec $@