ldap offers a LDAP server, which we mostly use for authentication of various services. Therefore, a lot of services have a direct (or indirect) dependency on this image.
This image is automatically build and pushed to the docker hub. Therefore getting the image should be as easy as running
docker pull zombi/ldap
It is also possible to manually build this image from this repository.
docker build -t zombi/ldap .
Copy over example configuration
cp docker-compose.yml{.example,}
run the service
docker-compose up -d
every .ldif or .sh file will be evaluated on server startup, if it's placed inside the '/docker-entrypoint-initdb.d/' directory. This allows you to Specify custom behaviour of the LDAP Server.
By default the server will load the schema from the 'fixtures/' directory, which will provide this features:
- MDB backend for better performance
- Indexing of most referenced attributes by default
- Base structure with People, Groups, Sevices, Domains and Policies.
- Simple but useful ACL rules, allowing users to change their own passwords.
- Password policy for strong cryptographic hashing of user passwords and password rotation.
- Referential integrity for e.g. group memberships.
- Support for core, cosine, nis, inetorgperson, ppolicy and misc schemas.
- Support for user-definable SSH public keys as attributes.
- enforcing of username and user ID uniqueness.
The LDAP server can be configured for your organization using the environment variables:
ROOTPW
password for the administration user that is created by default. Make this hard to guess!ORGANIZATION
Name of the organization running this LDAP server.SUFFIX
overwrites the root node for all entries. By default this will be 'o=organizationname', but for compatibility you might want to set this to 'dc=domain,dc=tld'.DATADIR
is the path to the directory containing the LDAP DATA; by default this is '/var/lib/ldap/'.CONFDIR
points to the path containing the server configuration, by default this is '/etc/ldap/slapd.d'.
State stored in this container is essential to many other services, that use authentication and authorization. Therefore you should think about backing up the LDAP database in regular intervals.
# append database number, typically 0 for config and 1 for the main
# database.
$ docker exec -it ldap dump 0 > conf_dump.ldif
$ docker exec -it ldap dump 1 > data_dump.ldif
# .. or similary with docker-compose
$ docker-compose exec ldap dump 1 > data_dump.ldif