Build LDAP Docker Image from Ubuntu: Difference between revisions
Jump to navigation
Jump to search
| (6 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
ENV container=docker | ENV container=docker | ||
ADD assets /root/.docker | ADD assets /root/.docker | ||
RUN /root/.docker/setup.sh | RUN /root/.docker/setup.sh | ||
| Line 133: | Line 131: | ||
@since 1.0.00.GA | @since 1.0.00.GA | ||
' | ' | ||
# apt-get in not interactive mode | |||
export DEBIAN_FRONTEND=noninteractive | |||
# debconfig set selections | # debconfig set selections | ||
| Line 143: | Line 145: | ||
apt-get -y install phpldapadmin && | apt-get -y install phpldapadmin && | ||
apt-get clean && | apt-get clean && | ||
# openldap(slap) client configuration | |||
chmod 777 /etc/ldap/ldap.conf && | |||
cat > /etc/ldap/ldap.conf <<'EOF' | |||
# | |||
# LDAP Defaults | |||
# | |||
# See ldap.conf(5) for details | |||
# This file should be world readable but not world writable. | |||
BASE dc=chorke,dc=org | |||
URI ldap://localhost ldap://localhost:666 | |||
#SIZELIMIT 12 | |||
#TIMELIMIT 15 | |||
#DEREF never | |||
# TLS certificates (needed for GnuTLS) | |||
TLS_CACERT /etc/ssl/certs/ca-certificates.crt | |||
EOF | |||
chmod 744 /etc/ldap/ldap.conf && | |||
| Line 156: | Line 181: | ||
# ldap server name change (line 286) | # ldap server name change (line 286) | ||
LDAP_NAME_FIND="$servers->setValue('server','name','My LDAP Server');" && | LDAP_NAME_FIND="$servers->setValue('server','name','My LDAP Server');" && | ||
LDAP_NAME_FILL="$servers->setValue('server','name',' | LDAP_NAME_FILL="$servers->setValue('server','name','CKi LDAP Server');" && | ||
sed -i "s@$LDAP_NAME_FIND.*@$LDAP_NAME_FILL@" "$PHPC_FILE" && | sed -i "s@$LDAP_NAME_FIND.*@$LDAP_NAME_FILL@" "$PHPC_FILE" && | ||
| Line 229: | Line 254: | ||
service --status-all | service --status-all | ||
apachectl -t | apachectl -t | ||
# openldap(slapd) configuration check | |||
ls -la /etc/ldap/slapd.d/cn\=config | |||
ls -la /etc/ldap/slapd.d/ | |||
ls -la /usr/share/slapd/ | |||
ls -la /var/lib/ldap/ | |||
ls -la /var/backups/* | |||
# openldap(slapd) check | # openldap(slapd) check | ||
| Line 236: | Line 268: | ||
nmap -p 389 localhost | nmap -p 389 localhost | ||
slapcat | slapcat | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== References == | == References == | ||
* [https://www.linuxbabe.com/ubuntu/install-configure-openldap-server-ubuntu-16-04 Install OpenLDAP Server on Ubuntu 16.04] | |||
* [https://unix.stackexchange.com/questions/362547 Automating Slapd Install] | |||
* [https://docs.docker.com/config/containers/multi-service_container/ Run multiple services] | |||
* [https://github.com/sameersbn/docker-bind Webmin installation] | |||
* [https://github.com/zanaca/docker-dns/blob/master/Dockerfile Alpine SSH Config] | * [https://github.com/zanaca/docker-dns/blob/master/Dockerfile Alpine SSH Config] | ||
Latest revision as of 20:26, 20 April 2020
Dockerfile
./Dockerfile
FROM ubuntu:16.04
MAINTAINER Chorke, Inc.<[email protected]>
ENV container=docker
ADD assets /root/.docker
RUN /root/.docker/setup.sh
EXPOSE 22 80 389 636
CMD /usr/sbin/startup.sh && /usr/sbin/sshd -D
Setup Script
./assets/setup.sh
#!/bin/bash
: '
@author "Chorke, Inc."<[email protected]>
@web http://chorke.org
@vendor Chorke, Inc.
@version 1.0.00.GA
@since 1.0.00.GA
'
# apt-get in not interactive mode
export DEBIAN_FRONTEND=noninteractive
# debconf set selection
ADMN_PASS=chorkeinc &&
cat > /root/.docker/debconf_slapd.conf << EOF
slapd slapd/root_password password $ADMN_PASS
slapd slapd/root_password_again password $ADMN_PASS
slapd slapd/internal/adminpw password $ADMN_PASS
slapd slapd/internal/generated_adminpw password $ADMN_PASS
slapd slapd/password2 password $ADMN_PASS
slapd slapd/password1 password $ADMN_PASS
slapd slapd/domain string chorke.org
slapd shared/organization string Chorke, Inc.
slapd slapd/backend string MDB
slapd slapd/purge_database boolean false
slapd slapd/move_old_database boolean true
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/no_configuration boolean false
EOF
# cat /root/.docker/debconf_slapd.conf|debconf-set-selections &&
# install slapd, openssh & phpldapadmin
apt-get update &&
# apt-get -y install ldap-utils slapd &&
apt-get -y install openssh-server &&
apt-get -y install openssh-client &&
# apt-get -y install phpldapadmin &&
apt-get clean &&
# config openssh
mkdir /var/run/sshd &&
echo "root:$ADMN_PASS" | chpasswd &&
sed -i 's/^PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config &&
sed -i 's/session\s*required\s*pam_loginuid.so/session optional pam_loginuid.so/g' /etc/pam.d/sshd &&
echo 'export VISIBLE=now' >> /etc/profile &&
# apache server name config
# echo 'ServerName localhost' >> /etc/apache2/conf-enabled/fqdn.conf &&
# echo 'ServerName localhost' >> /etc/apache2/conf-available/fqdn.conf &&
# env settings for chorke
echo '' >> /etc/bash.bashrc &&
echo '' >> /etc/bash.bashrc &&
echo '# env settings for chorke' >> /etc/bash.bashrc &&
echo 'export TMPDIR=/tmp' >> /etc/bash.bashrc &&
echo '' >> /etc/bash.bashrc &&
echo '' >> /etc/bash.bashrc &&
# install startup script for container
mv /root/.docker/startup.sh /usr/sbin/startup.sh &&
chmod +x /usr/sbin/startup.sh &&
# safe exit
exit $?
Startup Script
./assets/startup.sh
#!/bin/bash
: '
@author "Chorke, Inc."<[email protected]>
@web http://chorke.org
@vendor Chorke, Inc.
@version 1.0.00.GA
@since 1.0.00.GA
'
# env settings for chorke
export TMPDIR=/tmp &&
# failure safe start slapd
if [ -f '/etc/init.d/slapd' ];then
service slapd start
fi
# failure safe start apache2
if [ -f '/etc/init.d/apache2' ];then
service apache2 start
fi
# safe exit
exit $?
Init Script
./assets/init.sh
#!/bin/bash
: '
@author "Chorke, Inc."<[email protected]>
@web http://chorke.org
@vendor Chorke, Inc.
@version 1.0.00.GA
@since 1.0.00.GA
'
# apt-get in not interactive mode
export DEBIAN_FRONTEND=noninteractive
# debconfig set selections
cat /root/.docker/debconf_slapd.conf|debconf-set-selections &&
# install slapd, openssh & phpldapadmin
apt-get update &&
apt-get -y install ldap-utils slapd &&
apt-get -y install phpldapadmin &&
apt-get clean &&
# openldap(slap) client configuration
chmod 777 /etc/ldap/ldap.conf &&
cat > /etc/ldap/ldap.conf <<'EOF'
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=chorke,dc=org
URI ldap://localhost ldap://localhost:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
EOF
chmod 744 /etc/ldap/ldap.conf &&
# apache server name config
echo 'ServerName localhost' >> /etc/apache2/conf-enabled/fqdn.conf &&
echo 'ServerName localhost' >> /etc/apache2/conf-available/fqdn.conf &&
# phpldapadmin config update for localhost
PHPC_FILE='/etc/phpldapadmin/config.php' &&
TMPL_FILE='/usr/share/phpldapadmin/lib/TemplateRender.php' &&
# ldap server name change (line 286)
LDAP_NAME_FIND="$servers->setValue('server','name','My LDAP Server');" &&
LDAP_NAME_FILL="$servers->setValue('server','name','CKi LDAP Server');" &&
sed -i "s@$LDAP_NAME_FIND.*@$LDAP_NAME_FILL@" "$PHPC_FILE" &&
# ldap server host change (line 293)
LDAP_HOST_FIND="$servers->setValue('server','host','127.0.0.1');" &&
LDAP_HOST_FILL="$servers->setValue('server','host','127.0.0.1');" &&
sed -i "s@$LDAP_HOST_FIND.*@$LDAP_HOST_FILL@" "$PHPC_FILE" &&
# ldap server base chagne (line 300)
LDAP_BASE_FIND="$servers->setValue('server','base',array('dc=example,dc=com'));" &&
LDAP_BASE_FILL="$servers->setValue('server','base',array('dc=chorke,dc=org'));" &&
sed -i "s@$LDAP_BASE_FIND.*@$LDAP_BASE_FILL@" "$PHPC_FILE" &&
# ldap server base chagne (line 326)
LDAP_BASE_FIND="$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');" &&
LDAP_BASE_FILL="$servers->setValue('login','bind_id','cn=admin,dc=chorke,dc=org');" &&
sed -i "s@$LDAP_BASE_FIND.*@$LDAP_BASE_FILL@" "$PHPC_FILE" &&
# ldap password hash change (line 2469)
LDAP_HASH_FIND="$default = $this->getServer()->getValue('appearance','password_hash');" &&
LDAP_HASH_FILL="$default = $this->getServer()->getValue('appearance','password_hash_custom');" &&
sed -i "s@$LDAP_HASH_FIND.*@$LDAP_HASH_FILL@g" "$TMPL_FILE" &&
# start slapd & apache2
service slapd start &&
service apache2 start
# safe exit
exit $?
How to Build
# continuous integration and deployment
docker stop ldapds;docker rm ldapds;\
docker build --rm -t 'chorke/ldap:16.04' ./;\
docker rmi $(docker images -qa -f 'dangling=true');\
docker run --name='ldapds' -d -p 9030:80 -p 389:389 chorke/ldap:16.04;\
docker exec -it ldapds bash
How to Create
# for first time to create container from docker image and shell access
docker run --name='ldapds' -d -p 9030:80 -p 389:389 chorke/ldap:16.04
docker exec -it ldapds bash
/root/.docker/init.sh
How to Control
# access, start, stop & restart
docker exec -it ldapds bash
docker restart ldapds
docker start ldapds
docker stop ldapds
Good to Know
# filter and remove docker images, containers
docker rm $(docker ps --all -q -f status=dead)
docker rmi $(docker images -qa -f 'dangling=true')
docker rm ldapds && docker rmi chorke/ldap:16.04
# docker container debug, checking history & service
docker run --name='ldapds' -it chorke/ldap:16.04 bash
docker history chorke/ldap:16.04
docker exec -it ldapds bash
service --status-all
apachectl -t
# openldap(slapd) configuration check
ls -la /etc/ldap/slapd.d/cn\=config
ls -la /etc/ldap/slapd.d/
ls -la /usr/share/slapd/
ls -la /var/lib/ldap/
ls -la /var/backups/*
# openldap(slapd) check
ldapwhoami -H ldap:// -x
cat /etc/ldap/ldap.conf
dpkg-reconfigure slapd
nmap -p 389 localhost
slapcat