• Stars
    star
    316
  • Rank 132,587 (Top 3 %)
  • Language
    Dockerfile
  • License
    MIT License
  • Created almost 10 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Docker OpenLDAP Server for testing LDAP applications

OpenLDAP Docker Image for testing

Docker Build Status Docker Stars Docker Pulls

This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain planetexpress.com with data from the Futurama Wiki.

Parts of the image are based on the work from Nick Stenning docker-slapd and Bertrand Gouny docker-openldap.

The Flask extension flask-ldapconn use this image for unit tests.

Features

  • Initialized with data from Futurama
  • Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
  • memberOf overlay support
  • MS-AD style groups support
  • Supports Forced STARTTLS
  • Supports custom domain and custom directory structure

Usage

docker pull rroemhild/test-openldap
docker run --rm -p 10389:10389 -p 10636:10636 rroemhild/test-openldap

Testing

# List all Users
ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

# Request StartTLS
ldapsearch -H ldap://localhost:10389 -Z -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

# Enforce StartTLS
ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

# Enforce StartTLS with self-signed cert
LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

Exposed ports

  • 10389 (ldap)
  • 10636 (ldaps)

Exposed volumes

  • /etc/ldap/slapd.d
  • /etc/ldap/ssl
  • /var/lib/ldap
  • /run/slapd

LDAP structure

dc=planetexpress,dc=com

Admin Secret
cn=admin,dc=planetexpress,dc=com GoodNewsEveryone

ou=people,dc=planetexpress,dc=com

cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Hubert J. Farnsworth
sn Farnsworth
description Human
displayName Professor Farnsworth
employeeType Owner
employeeType Founder
givenName Hubert
jpegPhoto JPEG-Photo (630x507 Pixel, 26780 Bytes)
mail [email protected]
mail [email protected]
ou Office Management
title Professor
uid professor
userPassword professor

cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Philip J. Fry
sn Fry
description Human
displayName Fry
employeeType Delivery boy
givenName Philip
jpegPhoto JPEG-Photo (429x350 Pixel, 22132 Bytes)
mail [email protected]
ou Delivering Crew
uid fry
userPassword fry

cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn John A. Zoidberg
sn Zoidberg
description Decapodian
displayName Zoidberg
employeeType Doctor
givenName John
jpegPhoto JPEG-Photo (343x280 Pixel, 26438 Bytes)
mail [email protected]
ou Staff
title Ph. D.
uid zoidberg
userPassword zoidberg

cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Hermes Conrad
sn Conrad
description Human
employeeType Bureaucrat
employeeType Accountant
givenName Hermes
mail [email protected]
ou Office Management
uid hermes
userPassword hermes

cn=Turanga Leela,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Turanga Leela
sn Turanga
description Mutant
employeeType Captain
employeeType Pilot
givenName Leela
jpegPhoto JPEG-Photo (429x350 Pixel, 26526 Bytes)
mail [email protected]
ou Delivering Crew
uid leela
userPassword leela

cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Bender Bending Rodríguez
sn Rodríguez
description Robot
employeeType Ship's Robot
givenName Bender
jpegPhoto JPEG-Photo (436x570 Pixel, 26819 Bytes)
mail [email protected]
ou Delivering Crew
uid bender
userPassword bender

cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com

Amy has a multi-valued DN

Attribute Value
objectClass inetOrgPerson
cn Amy Wong
sn Kroker
description Human
givenName Amy
mail [email protected]
ou Intern
uid amy
userPassword amy

cn=admin_staff,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass Group
cn admin_staff
member cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
member cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com

cn=ship_crew,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass Group
cn ship_crew
member cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
member cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
member cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com

JAAS configuration

In case you want to use this OpenLDAP server for testing with a Java-based application using JAAS and the LdapLoginModule, here's a working configuration file you can use to connect.

other {
  com.sun.security.auth.module.LdapLoginModule REQUIRED
    userProvider="ldap://localhost:10389/ou=people,dc=planetexpress,dc=com"
    userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
    useSSL=false
    java.naming.security.principal="cn=admin,dc=planetexpress,dc=com"
    java.naming.security.credentials="GoodNewsEveryone"
    debug=true
    ;
};

This config uses the admin credentials to connect to the OpenLDAP server and to submit the search query for the user that enters their credentials. As username the uid attribute of each entry is used.