OpenLDAP Docker Image for testing
This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain planetexpress.com
with data from the Futurama Wiki .
Parts of the image are based on the work from Nick Stenning docker-slapd and Bertrand Gouny docker-openldap .
The Flask extension flask-ldapconn use this image for unit tests.
Features
Initialized with data from Futurama
Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
memberOf overlay support
MS-AD style groups support
Supports Forced STARTTLS
Supports custom domain and custom directory structure
Usage
docker pull rroemhild/test-openldap
docker run --rm -p 10389:10389 -p 10636:10636 rroemhild/test-openldap
Testing
# List all Users
ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Request StartTLS
ldapsearch -H ldap://localhost:10389 -Z -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS
ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS with self-signed cert
LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
Exposed ports
10389 (ldap)
10636 (ldaps)
Exposed volumes
/etc/ldap/slapd.d
/etc/ldap/ssl
/var/lib/ldap
/run/slapd
LDAP structure
dc=planetexpress,dc=com
Admin
Secret
cn=admin,dc=planetexpress,dc=com
GoodNewsEveryone
ou=people,dc=planetexpress,dc=com
cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
inetOrgPerson
cn
Hubert J. Farnsworth
sn
Farnsworth
description
Human
displayName
Professor Farnsworth
employeeType
Owner
employeeType
Founder
givenName
Hubert
jpegPhoto
JPEG-Photo (630x507 Pixel, 26780 Bytes)
mail
[email protected]
mail
[email protected]
ou
Office Management
title
Professor
uid
professor
userPassword
professor
cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
inetOrgPerson
cn
Philip J. Fry
sn
Fry
description
Human
displayName
Fry
employeeType
Delivery boy
givenName
Philip
jpegPhoto
JPEG-Photo (429x350 Pixel, 22132 Bytes)
mail
[email protected]
ou
Delivering Crew
uid
fry
userPassword
fry
cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
inetOrgPerson
cn
John A. Zoidberg
sn
Zoidberg
description
Decapodian
displayName
Zoidberg
employeeType
Doctor
givenName
John
jpegPhoto
JPEG-Photo (343x280 Pixel, 26438 Bytes)
mail
[email protected]
ou
Staff
title
Ph. D.
uid
zoidberg
userPassword
zoidberg
cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
inetOrgPerson
cn
Hermes Conrad
sn
Conrad
description
Human
employeeType
Bureaucrat
employeeType
Accountant
givenName
Hermes
mail
[email protected]
ou
Office Management
uid
hermes
userPassword
hermes
cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
inetOrgPerson
cn
Turanga Leela
sn
Turanga
description
Mutant
employeeType
Captain
employeeType
Pilot
givenName
Leela
jpegPhoto
JPEG-Photo (429x350 Pixel, 26526 Bytes)
mail
[email protected]
ou
Delivering Crew
uid
leela
userPassword
leela
cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
inetOrgPerson
cn
Bender Bending Rodríguez
sn
Rodríguez
description
Robot
employeeType
Ship's Robot
givenName
Bender
jpegPhoto
JPEG-Photo (436x570 Pixel, 26819 Bytes)
mail
[email protected]
ou
Delivering Crew
uid
bender
userPassword
bender
cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com
Amy has a multi-valued DN
Attribute
Value
objectClass
inetOrgPerson
cn
Amy Wong
sn
Kroker
description
Human
givenName
Amy
mail
[email protected]
ou
Intern
uid
amy
userPassword
amy
cn=admin_staff,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
Group
cn
admin_staff
member
cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
member
cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com
cn=ship_crew,ou=people,dc=planetexpress,dc=com
Attribute
Value
objectClass
Group
cn
ship_crew
member
cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
member
cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
member
cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com
JAAS configuration
In case you want to use this OpenLDAP server for testing with a Java-based
application using JAAS and the LdapLoginModule
, here's a working configuration
file you can use to connect.
other {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://localhost:10389/ou=people,dc=planetexpress,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
useSSL=false
java.naming.security.principal="cn=admin,dc=planetexpress,dc=com"
java.naming.security.credentials="GoodNewsEveryone"
debug=true
;
};
This config uses the admin credentials to connect to the OpenLDAP server and to
submit the search query for the user that enters their credentials. As username
the uid
attribute of each entry is used.