{"id":35784164,"url":"https://github.com/foundata/oci-openldap-declarative","last_synced_at":"2026-01-07T06:38:44.484Z","repository":{"id":329149212,"uuid":"1118305815","full_name":"foundata/oci-openldap-declarative","owner":"foundata","description":"OCI container image config: OpenLDAP Declarative (LDIF-file-defined directory state, reset on startup)","archived":false,"fork":false,"pushed_at":"2025-12-17T21:50:53.000Z","size":67,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-21T04:36:12.700Z","etag":null,"topics":["ldif","oci-image","openldap","openldap-server","openldap-slapd","podman","podman-image"],"latest_commit_sha":null,"homepage":"https://foundata.com/en/projects/oci-images/#openldap-declarative","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foundata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSES/GPL-3.0-or-later.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-17T15:00:13.000Z","updated_at":"2025-12-17T21:52:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/foundata/oci-openldap-declarative","commit_stats":null,"previous_names":["foundata/oci-openldap-declarative"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/foundata/oci-openldap-declarative","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foundata%2Foci-openldap-declarative","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foundata%2Foci-openldap-declarative/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foundata%2Foci-openldap-declarative/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foundata%2Foci-openldap-declarative/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foundata","download_url":"https://codeload.github.com/foundata/oci-openldap-declarative/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foundata%2Foci-openldap-declarative/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28233394,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2026-01-07T02:00:05.975Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ldif","oci-image","openldap","openldap-server","openldap-slapd","podman","podman-image"],"created_at":"2026-01-07T06:38:43.836Z","updated_at":"2026-01-07T06:38:44.475Z","avatar_url":"https://github.com/foundata.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OCI Image: OpenLDAP Declarative\n\nAn [OpenLDAP](https://www.openldap.org/) server with declarative directory state. [LDAP Data Interchange Format (LDIF)](https://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format) files are the single source of truth. On startup, the container reconciles the directory to the state described by the LDIF inputs. Runtime changes are not persisted; restarting the container always produces the same directory state for the same LDIF.\n\nMain features of the [OCI](https://opencontainers.org/) image:\n\n- **Declarative, idempotent directory state** defined entirely by LDIF files (reset-on-restart semantics).\n- **Support for unprivileged execution (rootless)**.\n- **Fully featured OpenLDAP**, plus essential debugging utilities and no unnecessary extras.\n\nThis image is intended for small, isolated LDAP directories where reproducibility, auditability, and deterministic behavior are required. Typical use cases include defense-in-depth architectures where applications operate with a minimal, self-contained user directory.\n\n\n\n## Table of contents\u003ca id=\"toc\"\u003e\u003c/a\u003e\n\n- [Tags](#tags)\n- [How to build](#build)\n- [How to use](#usage)\n- [Non-goals / Limitations](#limitations)\n- [Licensing, copyright](#licensing-copyright)\n  - [Container configuration, repository](#licensing-copyright-project)\n  - [Container image](#licensing-copyright-image)\n- [Author information](#author-information)\n\n\n\n## Tags\u003ca id=\"tags\"\u003e\u003c/a\u003e\n\n- `latest`: Latest release of this image.\n\n\n\n## How to build\u003ca id=\"build\"\u003e\u003c/a\u003e\n\nTo build the image locally, do the following:\n\n1. [Install Podman](https://podman.io/docs/installation).\n2. Clone or pull the latest changes from the [`foundata/oci-openldap-declarative` git repository](https://github.com/foundata/oci-openldap-declarative).\n3. Change into the directory and execute the [build command](https://docs.podman.io/en/latest/markdown/podman-build.1.html):\n   ```bash\n   podman build -t openldap-declarative .\n   ```\n\n\n\n## How to use\u003ca id=\"usage\"\u003e\u003c/a\u003e\n\n1. [Install Podman](https://podman.io/docs/installation).\n2. Use the image you built earlier or pull the image from a registry:\n   - [Quay](https://quay.io/repository/foundata/openldap-declarative):\n     ```bash\n     podman pull quay.io/foundata/openldap-declarative:latest\n     ```\n   - [Docker Hub](https://hub.docker.com/r/foundata/openldap-declarative):\n     ```bash\n     podman pull docker.io/foundata/openldap-declarative:latest\n     ```\n3. Run a container from the image:\n   ```bash\n   podman run --detach \\\n    --name ldap-foobar \\\n    --env LDAP_DOMAIN=\"foobar.svc.local\" \\\n    --env LDAP_ADMIN_PASSWORD=\"SecurePass123\" \\\n    --publish 127.0.0.1:1389:1389 \\\n    --volume ./examples/basic/config:/ldap/config:ro,Z \\\n    --volume ./examples/basic/data:/ldap/data:ro,Z \\\n    openldap-declarative:latest\n   ```\n   With TLS:\n   ```bash\n   podman run --detach \\\n    --name ldap-foobar \\\n    --env LDAP_DOMAIN=\"foobar.svc.local\" \\\n    --env LDAP_ADMIN_PASSWORD=\"SecurePass123\" \\\n    --env LDAP_TLS_ENABLED=\"true\" \\\n    --publish 127.0.0.1:1389:1389 \\\n    --publish 127.0.0.1:1636:1636 \\\n    --volume ./examples/basic/config:/ldap/config:ro,Z \\\n    --volume ./examples/basic/data:/ldap/data:ro,Z \\\n    --volume ./examples/basic/tls:/ldap/tls:ro,Z \\\n    openldap-declarative:latest\n   ```\n\n4. You can now work with the container:\n   ```bash\n   podman ps\n\n   # List all objects (org, groups, users, ...)\n   ldapsearch -x -H ldap://127.0.0.1:1389 \\\n      -D \"cn=admin,dc=foobar,dc=svc,dc=local\" \\\n      -w \"SecurePass123\" \\\n      -b \"dc=foobar,dc=svc,dc=local\" \"(objectClass=*)\"\n\n   # List all users in \"ou=people\"\n   ldapsearch -x -H ldap://127.0.0.1:1389 \\\n      -D \"cn=admin,dc=foobar,dc=svc,dc=local\" \\\n      -w \"SecurePass123\" \\\n      -b \"ou=people,dc=foobar,dc=svc,dc=local\" \"(objectClass=inetOrgPerson)\"\n   ```\n\nThis image is built and tested with [Podman](https://podman.io/) only. We currently do *not* support [Docker](https://www.docker.com/) (but it might work).\n\n\n\n## Non-goals / Limitations\u003ca id=\"limitations\"\u003e\u003c/a\u003e\n\n\nThis image is intentionally scoped for declarative, file-defined LDAP directories. It is **not** intended to be a general-purpose LDAP service.\n\nSpecifically, it does **not** provide:\n\n- Persistent directory state across container restarts.\n- Support for interactive or imperative LDAP administration.\n- Dynamic runtime modification of users, groups, or schemas.\n- Replication, clustering, or high-availability setups.\n- Large-scale or multi-tenant directory deployments.\n\nAny change to the directory must be expressed by modifying the LDIF inputs and restarting the container. For mutable, stateful, or large-scale LDAP deployments, use a traditional or managed LDAP service instead.\n\n\n\n## Licensing, copyright\u003ca id=\"licensing-copyright\"\u003e\u003c/a\u003e\n\n### Container configuration, repository\u003ca id=\"licensing-copyright-project\"\u003e\u003c/a\u003e\n\n\u003c!--REUSE-IgnoreStart--\u003e\nCopyright (c) 2025 foundata GmbH (https://foundata.com)\n\nThis project is licensed under the GNU General Public License v3.0 or later (SPDX-License-Identifier: `GPL-3.0-or-later`), see [`LICENSES/GPL-3.0-or-later.txt`](LICENSES/GPL-3.0-or-later.txt) for the full text.\n\nThe [`REUSE.toml`](REUSE.toml) file provides detailed licensing and copyright information in a human- and machine-readable format. This includes parts that may be subject to different licensing or usage terms, such as third-party components. The repository conforms to the [REUSE specification](https://reuse.software/spec/). You can use [`reuse spdx`](https://reuse.readthedocs.io/en/latest/readme.html#cli) to create a [SPDX software bill of materials (SBOM)](https://en.wikipedia.org/wiki/Software_Package_Data_Exchange).\n\u003c!--REUSE-IgnoreEnd--\u003e\n\n[![REUSE status](https://api.reuse.software/badge/github.com/foundata/oci-openldap-declarative)](https://api.reuse.software/info/github.com/foundata/oci-openldap-declarative)\n\n\n\n### Container image\u003ca id=\"licensing-copyright-image\"\u003e\u003c/a\u003e\n\nThe pre-built image itself bundles various software components along with direct and indirect dependencies, which are subject to their respective licenses. When using the pre-built image, **you are responsible for ensuring that your usage complies with all relevant licenses** for the software contained within the image.\n\nFor further licensing information about the software contained in this image, please refer to the following resources:\n\n* https://www.debian.org/legal/licenses/\n\n\n\n## Author information\u003ca id=\"author-information\"\u003e\u003c/a\u003e\n\nThis project was created and is maintained by foundata GmbH (https://foundata.com).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoundata%2Foci-openldap-declarative","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoundata%2Foci-openldap-declarative","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoundata%2Foci-openldap-declarative/lists"}