-
Notifications
You must be signed in to change notification settings - Fork 1
/
openldap-tiredofit.xml
312 lines (312 loc) · 14.8 KB
/
openldap-tiredofit.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
<?xml version="1.0"?>
<Container version="2">
<Name>openldap-tiredofit</Name>
<Repository>tiredofit/openldap</Repository>
<Registry>https://hub.docker.com/r/tiredofit/openldap</Registry>
<Network>bridge</Network>
<MyIP/>
<Shell>bash</Shell>
<Privileged>false</Privileged>
<Support>https://github.com/tiredofit/docker-openldap</Support>
<Project>https://www.openldap.org/</Project>
<Overview>a OpenLDAP server for maintaining a directory. Upon starting this image it will give you a ready to run server with many configurable options.

Tracks latest release

Compiles from source

Multiple backends (bdb, hdb, mdb, sql)

All overlays compiled

Supports TLS encryption

Supports Replication

Optional Web Server included to take advantage of Let's Encrypt certificates

Scheduled Backups of Data

Ability to choose NIS or rfc2307bis Schema

Two Password Checking Modules - check_password.so and ppm.so

Zabbix Monitoring templates included

This Container uses a customized Alpine Linux base which includes s6 overlay enabled for PID 1 Init capabilities, zabbix-agent for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, mariadb-client, nano, vim) for easier management. It also supports sending to external SMTP servers..
</Overview>
<Category>Security: Tools: Network:Management Status:Stable</Category>
<WebUI/>
<TemplateURL/>
<Icon>https://raw.githubusercontent.com/CHBMB/docker-templates/master/img/openldap.png</Icon>
<ExtraParams/>
<PostArgs/>
<CPUset/>
<DateInstalled>1591037338</DateInstalled>
<DonateText/>
<DonateLink/>
<Description>a OpenLDAP server for maintaining a directory. Upon starting this image it will give you a ready to run server with many configurable options.

Tracks latest release

Compiles from source

Multiple backends (bdb, hdb, mdb, sql)

All overlays compiled

Supports TLS encryption

Supports Replication

Optional Web Server included to take advantage of Let's Encrypt certificates

Scheduled Backups of Data

Ability to choose NIS or rfc2307bis Schema

Two Password Checking Modules - check_password.so and ppm.so

Zabbix Monitoring templates included

This Container uses a customized Alpine Linux base which includes s6 overlay enabled for PID 1 Init capabilities, zabbix-agent for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, mariadb-client, nano, vim) for easier management. It also supports sending to external SMTP servers..
</Description>
<Networking>
<Mode>docker</Mode>
<Publish>
<Port>
<HostPort>389</HostPort>
<ContainerPort>389</ContainerPort>
<Protocol>tcp</Protocol>
</Port>
<Port>
<HostPort>636</HostPort>
<ContainerPort>636</ContainerPort>
<Protocol>tcp</Protocol>
</Port>
<Port>
<HostPort/>
<ContainerPort>80</ContainerPort>
<Protocol>tcp</Protocol>
</Port>
</Publish>
</Networking>
<Data>
<Volume>
<HostDir/>
<ContainerDir>/var/lib/openldap</ContainerDir>
<Mode>rw</Mode>
</Volume>
<Volume>
<HostDir/>
<ContainerDir>/etc/openldap/slapd.d</ContainerDir>
<Mode>rw</Mode>
</Volume>
<Volume>
<HostDir/>
<ContainerDir>/data/backup</ContainerDir>
<Mode>rw</Mode>
</Volume>
<Volume>
<HostDir/>
<ContainerDir>/www/html</ContainerDir>
<Mode>rw</Mode>
</Volume>
<Volume>
<HostDir/>
<ContainerDir>/assets/custom-scripts/</ContainerDir>
<Mode>rw</Mode>
</Volume>
</Data>
<Environment>
<Variable>
<Value/>
<Name>DOMAIN</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>BASE_DN</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>ADMIN_PASS</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>CONFIG_PASS</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>ORGANIZATION</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>ENABLE_READONLY_USER</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>READONLY_USER_USER</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>READONLY_USER_PASS</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>SCHEMA_TYPE</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>BACKEND</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>LOG_LEVEL</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>ULIMIT_N</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_CA_CRT_PATH</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_CA_CRT_FILENAME</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_CRT_PATH</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_CRT_FILENAME</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_KEY_PATH</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_KEY_FILENAME</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_DH_PARAM_PATH</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_DH_PARAM_FILENAME</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_DH_PARAM_KEYSIZE</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_ENFORCE</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_RESET_PERMISSIONS</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_CIPHER_SUITE</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>TLS_VERIFY_CLIENT</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>BACKUP_CONFIG_CRON_PERIOD</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>BACKUP_DATA_CRON_PERIOD</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>BACKUP_TTL</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>ENABLE_NGINX</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>ENABLE_TLS</Name>
<Mode/>
</Variable>
</Environment>
<Labels/>
<Config Name="Unecrypted LDAP" Target="389" Default="389" Mode="tcp" Description="Unecrypted LDAP" Type="Port" Display="always" Required="false" Mask="false"/>
<Config Name="TLS Encrypted LDAP" Target="636" Default="636" Mode="tcp" Description="TLS Encrypted LDAP" Type="Port" Display="always" Required="false" Mask="false"/>
<Config Name="Data Directory" Target="/var/lib/openldap" Default="" Mode="rw" Description="/var/lib/openldap - Data Directory" Type="Path" Display="always" Required="false" Mask="false"/>
<Config Name="Configuration Directory" Target="/etc/openldap/slapd.d" Default="" Mode="rw" Description="/etc/openldap/slapd.d - Configuration Directory" Type="Path" Display="always" Required="false" Mask="false"/>
<Config Name="Backup Directory" Target="/data/backup" Default="" Mode="rw" Description="/data/backup - Backup Directory" Type="Path" Display="always" Required="false" Mask="false"/>
<Config Name="DOMAIN" Target="DOMAIN" Default="example.org" Mode="" Description="LDAP domain" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="BASE_DN" Target="BASE_DN" Default="" Mode="" Description="LDAP base DN. If empty automatically set from DOMAIN value." Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="ADMIN_PASS" Target="ADMIN_PASS" Default="admin" Mode="" Description="Ldap Admin password" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="CONFIG_PASS" Target="CONFIG_PASS" Default="config" Mode="" Description="Ldap Config password" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="ORGANIZATION" Target="ORGANIZATION" Default="Example Organization" Mode="" Description="Organization Name" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="ENABLE_READONLY_USER" Target="ENABLE_READONLY_USER" Default="false" Mode="" Description="Add a read only user Default: false" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="READONLY_USER_USER" Target="READONLY_USER_USER" Default="readonly" Mode="" Description="Read only user username Default: readonly" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="READONLY_USER_PASS" Target="READONLY_USER_PASS" Default="readonly" Mode="" Description="Read only user password Default: readonly" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="SCHEMA_TYPE" Target="SCHEMA_TYPE" Default="nis" Mode="" Description="Use nis or rfc2307bis core schema Default: nis" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="BACKEND" Target="BACKEND" Default="mdb" Mode="" Description="Ldap backend. bdb hdb mdb and others. Default: mdb" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="LOG_LEVEL" Target="LOG_LEVEL" Default="256" Mode="" Description="Set LDAP Log Level Default: 256" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="ULIMIT_N" Target="ULIMIT_N" Default="1024" Mode="" Description="Set Open File Descriptor Limit Default: 1024" Type="Variable" Display="always" Required="false" Mask="false"/>
<Config Name="ENABLE_TLS" Target="ENABLE_TLS" Default="true" Mode="" Description="Add TLS capabilities. Can't be removed once set to true. Default: true" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_CA_CRT_PATH" Target="TLS_CA_CRT_PATH" Default="/assets/slapd/certs" Mode="" Description="TLS CA certificate path. Default /assets/slapd/certs" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_CA_CRT_FILENAME" Target="TLS_CA_CRT_FILENAME" Default="ca.pem" Mode="" Description="TLS CA certificate filename. Default ca.pem" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_CRT_PATH" Target="TLS_CRT_PATH" Default="/assets/slapd/certs" Mode="" Description="TLS certificate path. Default /assets/slapd/certs" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_CRT_FILENAME" Target="TLS_CRT_FILENAME" Default="cert.pem" Mode="" Description="TLS certificate filename. Default cert.pem" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_KEY_PATH" Target="TLS_KEY_PATH" Default="/assets/slapd/certs" Mode="" Description="TLS certificate private key path. Default /assets/slapd/certs" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_KEY_FILENAME" Target="TLS_KEY_FILENAME" Default="key.pem" Mode="" Description="TLS certificate private key filename. Default key.pem" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_DH_PARAM_PATH" Target="TLS_DH_PARAM_PATH" Default="/assets/slapd/certs" Mode="" Description="TLS DHParam path. Default /assets/slapd/certs" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_DH_PARAM_FILENAME" Target="TLS_DH_PARAM_FILENAME" Default="dhparam.pem" Mode="" Description="TLS DHParam Filename. Default dhparam.pem" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_DH_PARAM_KEYSIZE" Target="TLS_DH_PARAM_KEYSIZE" Default="2048" Mode="" Description="TLS DHParam Keysize. Default 2048" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_ENFORCE" Target="TLS_ENFORCE" Default="false" Mode="" Description="Enforce TLS. Can't be disabled once set to true. Defaults false" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_RESET_PERMISSIONS" Target="TLS_RESET_PERMISSIONS" Default="TRUE" Mode="" Description="Change ownership and reset permissions on Certificates on startup. Default TRUE" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_CIPHER_SUITE" Target="TLS_CIPHER_SUITE" Default="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA" Mode="" Description="TLS cipher suite. Default ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="TLS_VERIFY_CLIENT" Target="TLS_VERIFY_CLIENT" Default="try" Mode="" Description="TLS verify client. Default try" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="BACKUP_CONFIG_CRON_PERIOD" Target="BACKUP_CONFIG_CRON_PERIOD" Default="0 4 * * *" Mode="" Description="Cron expression to schedule OpenLDAP config backup. Defaults 0 4 * * * Every day at 4am." Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="BACKUP_DATA_CRON_PERIOD" Target="BACKUP_DATA_CRON_PERIOD" Default="0 4 * * *" Mode="" Description="Cron expression to schedule OpenLDAP data backup. Defaults 0 4 * * * Every day at 4am." Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="BACKUP_TTL" Target="BACKUP_TTL" Default="15" Mode="" Description="Automatically cleanup backup after how many days. Default 15" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="ENABLE_NGINX" Target="ENABLE_NGINX" Default="false" Mode="" Description="If you want to use automatic LetsEncrypt certificates for your server, set this to true Default: false" Type="Variable" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="LetsEncrypt" Target="80" Default="" Mode="tcp" Description="Nginx - For Automatic LetsEncrypt Certficates" Type="Port" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="Landing page" Target="/www/html" Default="" Mode="rw" Description="/www/html - If you want to put a landing page if using Nginx for LetsEncrypt SSL Place it here " Type="Path" Display="advanced-hide" Required="false" Mask="false"/>
<Config Name="Custom Scripts" Target="/assets/custom-scripts/" Default="" Mode="rw" Description="/assets/custom-scripts/ - If you'd like to execute a script during the initialization process drop it here" Type="Path" Display="advanced-hide" Required="false" Mask="false"/>
</Container>