{"id":13498207,"url":"https://github.com/osixia/docker-openldap","last_synced_at":"2025-05-14T12:11:00.402Z","repository":{"id":16359188,"uuid":"19109244","full_name":"osixia/docker-openldap","owner":"osixia","description":"OpenLDAP container image 🐳🌴","archived":false,"fork":false,"pushed_at":"2023-11-13T03:02:46.000Z","size":918,"stargazers_count":4105,"open_issues_count":352,"forks_count":982,"subscribers_count":90,"default_branch":"master","last_synced_at":"2025-04-11T04:59:16.134Z","etag":null,"topics":["docker","docker-image","ldap","ldap-database","ldap-server","openldap"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"mkschreder/juciwrt","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/osixia.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2014-04-24T13:24:34.000Z","updated_at":"2025-04-10T02:18:42.000Z","dependencies_parsed_at":"2023-02-14T02:31:11.371Z","dependency_job_id":"70f4f273-6ff4-449b-bfe3-1dab433841cd","html_url":"https://github.com/osixia/docker-openldap","commit_stats":{"total_commits":570,"total_committers":80,"mean_commits":7.125,"dds":0.8157894736842105,"last_synced_commit":"635034a75878773f8576d646422cf26e43741fab"},"previous_names":[],"tags_count":55,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osixia%2Fdocker-openldap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osixia%2Fdocker-openldap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osixia%2Fdocker-openldap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osixia%2Fdocker-openldap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/osixia","download_url":"https://codeload.github.com/osixia/docker-openldap/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254140760,"owners_count":22021219,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-image","ldap","ldap-database","ldap-server","openldap"],"created_at":"2024-07-31T20:00:54.058Z","updated_at":"2025-05-14T12:11:00.377Z","avatar_url":"https://github.com/osixia.png","language":"Shell","readme":"# osixia/openldap\n\n[![Docker Pulls](https://img.shields.io/docker/pulls/osixia/openldap.svg)](https://hub.docker.com/r/osixia/openldap/)\n[![Docker Stars](https://img.shields.io/docker/stars/osixia/openldap.svg)](https://hub.docker.com/r/osixia/openldap/)\n[![Layers](https://images.microbadger.com/badges/image/osixia/openldap.svg)](https://hub.docker.com/r/osixia/openldap/)\n\nLatest release: 1.5.0 - [OpenLDAP 2.4.57](https://www.openldap.org/software/release/changes.html) -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) \n\n**A docker image to run OpenLDAP.**\n\n\u003e OpenLDAP website : [www.openldap.org](https://www.openldap.org/)\n\n\n- [osixia/openldap](#osixiaopenldap)\n\t- [Contributing](#contributing)\n\t- [Quick Start](#quick-start)\n\t- [Beginner Guide](#beginner-guide)\n\t\t- [Create new ldap server](#create-new-ldap-server)\n\t\t\t- [Data persistence](#data-persistence)\n\t\t\t- [Edit your server configuration](#edit-your-server-configuration)\n\t\t\t- [Seed ldap database with ldif](#seed-ldap-database-with-ldif)\n\t\t\t- [Seed from internal path](#seed-from-internal-path)\n\t\t- [Use an existing ldap database](#use-an-existing-ldap-database)\n\t\t- [Backup](#backup)\n\t\t- [Administrate your ldap server](#administrate-your-ldap-server)\n\t\t- [TLS](#tls)\n\t\t\t- [Use auto-generated certificate](#use-auto-generated-certificate)\n\t\t\t- [Use your own certificate](#use-your-own-certificate)\n\t\t\t- [Disable TLS](#disable-tls)\n\t\t- [Multi master replication](#multi-master-replication)\n\t\t- [Fix docker mounted file problems](#fix-docker-mounted-file-problems)\n\t\t- [Debug](#debug)\n\t- [Environment Variables](#environment-variables)\n\t\t- [Default.yaml](#defaultyaml)\n\t\t- [Default.startup.yaml](#defaultstartupyaml)\n\t\t- [Set your own environment variables](#set-your-own-environment-variables)\n\t\t\t- [Use command line argument](#use-command-line-argument)\n\t\t\t- [Link environment file](#link-environment-file)\n\t\t\t- [Docker Secrets](#docker-secrets)\n\t\t\t- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)\n\t- [Advanced User Guide](#advanced-user-guide)\n\t\t- [Extend osixia/openldap:1.5.0 image](#extend-osixiaopenldap150-image)\n\t\t- [Make your own openldap image](#make-your-own-openldap-image)\n\t\t- [Tests](#tests)\n\t\t- [Kubernetes](#kubernetes)\n\t\t- [Under the hood: osixia/light-baseimage](#under-the-hood-osixialight-baseimage)\n\t- [Security](#security)\n\t\t- [Known security issues](#known-security-issues)\n\t- [Changelog](#changelog)\n\n## Contributing\n\nIf you find this image useful here's how you can help:\n\n- Send a pull request with your kickass new features and bug fixes\n- Help new users with [issues](https://github.com/osixia/docker-openldap/issues) they may encounter\n- Support the development of this image and star this repo !\n\n## Quick Start\nRun OpenLDAP docker image:\n\n```sh\ndocker run --name my-openldap-container --detach osixia/openldap:1.5.0\n```\n\nDo not forget to add the port mapping for both port 389 and 636 if you wish to access the ldap server from another machine.\n\n```sh\ndocker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.5.0\n```\n\nEither command starts a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:\n\n```sh\ndocker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D \"cn=admin,dc=example,dc=org\" -w admin\n```\n\nThis should output:\n\n\t# extended LDIF\n\t#\n\t# LDAPv3\n\t# base \u003cdc=example,dc=org\u003e with scope subtree\n\t# filter: (objectclass=*)\n\t# requesting: ALL\n\t#\n\n\t[...]\n\n\t# numResponses: 3\n\t# numEntries: 2\n\nIf you have the following error, OpenLDAP is not started yet, maybe you are too fast or maybe your computer is too slow, as you want... but wait for some time before retrying.\n\n\t\tldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)\n\n\n## Beginner Guide\n\n### Create new ldap server\n\nThis is the default behavior when you run this image.\nIt will create an empty ldap for the company **Example Inc.** and the domain **example.org**.\n\nBy default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example:\n\n```sh\ndocker run \\\n\t--env LDAP_ORGANISATION=\"My Company\" \\\n\t--env LDAP_DOMAIN=\"my-company.com\" \\\n\t--env LDAP_ADMIN_PASSWORD=\"JonSn0w\" \\\n\t--detach osixia/openldap:1.5.0\n```\n\n#### Data persistence\n\nThe directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d`  (LDAP config files) are used to persist the schema and data information, and should be mapped as volumes, so your ldap files are saved outside the container (see [Use an existing ldap database](#use-an-existing-ldap-database)). However it can be useful to not use volumes,\nin case the image should be delivered complete with test data - this is especially useful when deriving other images from this one.\n\nThe default uid and gid used by the image may map to surprising\ncounterparts in the host. If you need to match uid and gid in the\ncontainer and in the host, you can use build parameters\n`LDAP_OPENLDAP_UID` and `LDAP_OPENLDAP_GID` to set uid and gid\nexplicitly:\n\n```sh\ndocker build \\\n\t--build-arg LDAP_OPENLDAP_GID=1234 \\\n\t--build-arg LDAP_OPENLDAP_UID=2345 \\\n\t-t my_ldap_image .\ndocker run --name my_ldap_container -d my_ldap_image\n# this should output uid=2345(openldap) gid=1234(openldap) groups=1234(openldap)\ndocker exec my_ldap_container id openldap\n```\n\nFor more information about docker data volume, please refer to:\n\n\u003e [https://docs.docker.com/engine/tutorials/dockervolumes/](https://docs.docker.com/engine/tutorials/dockervolumes/)\n\n#### Firewall issues on RHEL/CentOS\nDocker Engine doesn't work well with firewall-cmd and can cause issues if you're connecting to the LDAP server from another container on the same machine. You can fix this by running:\n```sh\n$ firewall-cmd --add-port=389/tcp --permanent\n$ firewall-cmd --add-port=636/tcp --permanent\n$ firewall-cmd --reload\n```\nLearn more about this issue at https://github.com/moby/moby/issues/32138\n\n#### Edit your server configuration\n\nDo not edit slapd.conf it's not used. To modify your server configuration use ldap utils: **ldapmodify / ldapadd / ldapdelete**\n\n#### Seed ldap database with ldif\n\nThis image can load ldif files at startup with either `ldapadd` or `ldapmodify`.\nMount `.ldif` in `/container/service/slapd/assets/config/bootstrap/ldif` directory if you want to overwrite image default bootstrap ldif files or in `/container/service/slapd/assets/config/bootstrap/ldif/custom` (recommended) to extend image config.\n\nFiles containing `changeType:` attributes will be loaded with `ldapmodify`.\n\nThe startup script provides some substitutions in bootstrap ldif files. Following substitutions are supported:\n\n- `{{ LDAP_BASE_DN }}`\n- `{{ LDAP_BACKEND }}`\n- `{{ LDAP_DOMAIN }}`\n- `{{ LDAP_READONLY_USER_USERNAME }}`\n- `{{ LDAP_READONLY_USER_PASSWORD_ENCRYPTED }}`\n\nOther `{{ * }}` substitutions are left unchanged.\n\nSince startup script modifies `ldif` files, you **must** add `--copy-service`\nargument to entrypoint if you don't want to overwrite them.\n\n```sh\n# single file example:\ndocker run \\\n\t--volume ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif \\\n\tosixia/openldap:1.5.0 --copy-service\n\n# directory example:\ndocker run \\\n\t--volume ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \\\n\tosixia/openldap:1.5.0 --copy-service\n```\n\n#### Seed from internal path\n\nThis image can load ldif and schema files at startup from an internal path. Additionally, certificates can be copied from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.\n\nFor example: Gitlab is not capable of mounting custom paths into docker services of a ci job, but Gitlab automatically mounts the working copy in every service container. So the working copy (sources) are accessible under `/builds` in every services\nof a ci job. The path to the working copy can be obtained via `${CI_PROJECT_DIR}`. See also: https://docs.gitlab.com/runner/executors/docker.html#build-directory-in-service\n\nThis may also work with other CI services, if they automatically mount the working directory to the services of a ci job like Gitlab ci does.\n\nIn order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any files in the specified directory into the default seeding\ndirectories of this image.\n\nExample variables defined in gitlab-ci.yml:\n\n```yml\nvariables:\n  LDAP_SEED_INTERNAL_LDIF_PATH: \"${CI_PROJECT_DIR}/docker/openldap/ldif\"\n  LDAP_SEED_INTERNAL_SCHEMA_PATH: \"${CI_PROJECT_DIR}/docker/openldap/schema\"\n```\n\nAlso, certificates can be used by the internal path. The file, specified in a variable, will be copied in the default certificate directory of this image. If desired, you can use these with the LDAP_TLS_CRT_FILENAME, LDAP_TLS_KEY_FILENAME, LDAP_TLS_CA_CRT_FILENAME and LDAP_TLS_DH_PARAM_FILENAME to set a different filename in the default certificate directory of the image.\n\n\tvariables:\n        LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE: \"${CI_PROJECT_DIR}/docker/certificates/certs/cert.pem\"\n        LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE: \"${CI_PROJECT_DIR}/docker/certificates/certs/key.pem\"\n        LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE: \"${CI_PROJECT_DIR}/docker/certificates/ca/ca.pem\"\n        LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE: \"${CI_PROJECT_DIR}/certificates/dhparam.pem\"\n\n### Use an existing ldap database\n\nThis can be achieved by mounting host directories as volume.\nAssuming you have a LDAP database on your docker host in the directory `/data/slapd/database`\nand the corresponding LDAP config files on your docker host in the directory `/data/slapd/config`\nsimply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slapd.d`:\n\n```sh\ndocker run \\\n\t--volume /data/slapd/database:/var/lib/ldap \\\n\t--volume /data/slapd/config:/etc/ldap/slapd.d \\\n\t--detach osixia/openldap:1.5.0\n```\n\nYou can also use data volume containers. Please refer to:\n\u003e [https://docs.docker.com/engine/tutorials/dockervolumes/](https://docs.docker.com/engine/tutorials/dockervolumes/)\n\nNote: By default this image is waiting an **mdb**  database backend, if you want to use any other database backend set backend type via the LDAP_BACKEND environment variable.\n\n### Backup\nA simple solution to backup your ldap server, is our openldap-backup docker image:\n\u003e [osixia/openldap-backup](https://github.com/osixia/docker-openldap-backup)\n\n### Administrate your ldap server\nIf you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image:\n\u003e [osixia/phpldapadmin](https://github.com/osixia/docker-phpLDAPadmin)\n\n### TLS\n\n#### Use auto-generated certificate\nBy default, TLS is already configured and enabled, certificate is created using container hostname (it can be set by docker run --hostname option eg: ldap.example.org).\n\n```sh\ndocker run --hostname ldap.my-company.com --detach osixia/openldap:1.5.0\n```\n\n#### Use your own certificate\n\nYou can set your custom certificate at run time, by mounting a directory containing those files to **/container/service/slapd/assets/certs** and adjust their name with the following environment variables:\n\n```sh\ndocker run \\\n\t--hostname ldap.example.org \\\n\t--volume /path/to/certificates:/container/service/slapd/assets/certs \\\n\t--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \\\n\t--env LDAP_TLS_KEY_FILENAME=my-ldap.key \\\n\t--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \\\n\t--detach osixia/openldap:1.5.0\n```\n\nOther solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)\n\n#### Disable TLS\nAdd --env LDAP_TLS=false to the run command:\n\n\tdocker run --env LDAP_TLS=false --detach osixia/openldap:1.5.0\n\n### Multi master replication\nQuick example, with the default config.\n\n\t#Create the first ldap server, save the container id in LDAP_CID and get its IP:\n\tLDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.5.0)\n\tLDAP_IP=$(docker inspect -f \"{{ .NetworkSettings.IPAddress }}\" $LDAP_CID)\n\n\t#Create the second ldap server, save the container id in LDAP2_CID and get its IP:\n\tLDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.5.0)\n\tLDAP2_IP=$(docker inspect -f \"{{ .NetworkSettings.IPAddress }}\" $LDAP2_CID)\n\n\t#Add the pair \"ip hostname\" to /etc/hosts on each containers,\n\t#because ldap.example.org and ldap2.example.org are fake hostnames\n\tdocker exec $LDAP_CID bash -c \"echo $LDAP2_IP ldap2.example.org \u003e\u003e /etc/hosts\"\n\tdocker exec $LDAP2_CID bash -c \"echo $LDAP_IP ldap.example.org \u003e\u003e /etc/hosts\"\n\nThat's it! But a little test to be sure:\n\nAdd a new user \"billy\" on the first ldap server\n\n\tdocker exec $LDAP_CID ldapadd -x -D \"cn=admin,dc=example,dc=org\" -w admin -f /container/service/slapd/assets/test/new-user.ldif -H ldap://ldap.example.org -ZZ\n\nSearch on the second ldap server, and billy should show up!\n\n\tdocker exec $LDAP2_CID ldapsearch -x -H ldap://ldap2.example.org -b dc=example,dc=org -D \"cn=admin,dc=example,dc=org\" -w admin -ZZ\n\n\t[...]\n\n\t# billy, example.org\n\tdn: uid=billy,dc=example,dc=org\n\tuid: billy\n\tcn: billy\n\tsn: 3\n\tobjectClass: top\n\tobjectClass: posixAccount\n\tobjectClass: inetOrgPerson\n\t[...]\n\n### Fix docker mounted file problems\n\nYou may have some problems with mounted files on some systems. The startup script try to make some file adjustment and fix files owner and permissions, this can result in multiple errors. See [Docker documentation](https://docs.docker.com/v1.4/userguide/dockervolumes/#mount-a-host-file-as-a-data-volume).\n\nTo fix that run the container with `--copy-service` argument :\n\n\t\tdocker run [your options] osixia/openldap:1.5.0 --copy-service\n\n### Debug\n\nThe container default log level is **info**.\nAvailable levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.\n\nExample command to run the container in `debug` mode:\n\n```sh\ndocker run --detach osixia/openldap:1.5.0 --loglevel debug\n```\n\nSee all command line options:\n\n```sh\ndocker run osixia/openldap:1.5.0 --help\n```\n\n## Environment Variables\nEnvironment variables defaults are set in **image/environment/default.yaml** and **image/environment/default.startup.yaml**.\n\nSee how to [set your own environment variables](#set-your-own-environment-variables)\n\n### Default.yaml\nVariables defined in this file are available at anytime in the container environment.\n\nGeneral container configuration:\n- **LDAP_LOG_LEVEL**: Slap log level. defaults to  `256`. See table 5.1 in https://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.\n\n### Default.startup.yaml\nVariables defined in this file are only available during the container **first start** in **startup files**.\nThis file is deleted right after startup files are processed for the first time,\nthen all of these values will not be available in the container environment.\n\nThis helps to keep your container configuration secret. If you don't care all environment variables can be defined in **default.yaml** and everything will work fine.\n\nRequired and used for new ldap server only:\n- **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.`\n- **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org`\n- **LDAP_BASE_DN**: Ldap base DN. If empty automatically set from LDAP_DOMAIN value. Defaults to `(empty)`\n- **LDAP_ADMIN_PASSWORD** Ldap Admin password. Defaults to `admin`\n- **LDAP_CONFIG_PASSWORD** Ldap Config password. Defaults to `config`\n\n- **LDAP_READONLY_USER** Add a read only user. Defaults to `false`\n  \u003e **Note:** The read only user **does** have write access to its own password.\n- **LDAP_READONLY_USER_USERNAME** Read only user username. Defaults to `readonly`\n- **LDAP_READONLY_USER_PASSWORD** Read only user password. Defaults to `readonly`\n\n- **LDAP_RFC2307BIS_SCHEMA** Use rfc2307bis schema instead of nis schema. Defaults to `false`\n\nBackend:\n- **LDAP_BACKEND**: Ldap backend. Defaults to `mdb` (previously hdb in image versions up to v1.1.10)\n\n\tHelp: https://www.openldap.org/doc/admin24/backends.html\n\nTLS options:\n- **LDAP_TLS**: Add openldap TLS capabilities. Can't be removed once set to true. Defaults to `true`.\n- **LDAP_TLS_CRT_FILENAME**: Ldap ssl certificate filename. Defaults to `ldap.crt`\n- **LDAP_TLS_KEY_FILENAME**: Ldap ssl certificate private key filename. Defaults to `ldap.key`\n- **LDAP_TLS_DH_PARAM_FILENAME**: Ldap ssl certificate dh param file. Defaults to `dhparam.pem`\n- **LDAP_TLS_CA_CRT_FILENAME**: Ldap ssl CA certificate  filename. Defaults to `ca.crt`\n- **LDAP_TLS_ENFORCE**: Enforce TLS but except ldapi connections. Can't be disabled once set to true. Defaults to `false`.\n- **LDAP_TLS_CIPHER_SUITE**: TLS cipher suite. Defaults to `SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC`, based on Red Hat's [TLS hardening guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Hardening_TLS_Configuration.html)\n- **LDAP_TLS_VERIFY_CLIENT**: TLS verify client. Defaults to `demand`\n\n\tHelp: https://www.openldap.org/doc/admin24/tls.html\n\nReplication options:\n- **LDAP_REPLICATION**: Add openldap replication capabilities. Possible values : `true`, `false`, `own`. Defaults to `false`. Setting this to `own` allow to provide own replication settings via custom bootstrap ldifs.\n\n- **LDAP_REPLICATION_CONFIG_SYNCPROV**: olcSyncRepl options used for the config database. Without **rid** and **provider** which are automatically added based on LDAP_REPLICATION_HOSTS.  Defaults to `binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical`\n\n- **LDAP_REPLICATION_DB_SYNCPROV**: olcSyncRepl options used for the database. Without **rid** and **provider** which are automatically added based on LDAP_REPLICATION_HOSTS.  Defaults to `binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical`\n\n- **LDAP_REPLICATION_HOSTS**: list of replication hosts, must contain the current container hostname set by --hostname on docker run command. Defaults to :\n\t```yaml\n  - ldap://ldap.example.org\n  - ldap://ldap2.example.org\n\t```\n\n\tIf you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:\n\n\t\tdocker run --env LDAP_REPLICATION_HOSTS=\"#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']\" --detach osixia/openldap:1.5.0\n\n\tTo convert yaml to python online: https://yaml-online-parser.appspot.com/\n\nOther environment variables:\n- **KEEP_EXISTING_CONFIG**: Do not change the ldap config. Defaults to `false`\n\t- if set to *true* with an existing database, config will remain unchanged. Image tls and replication config will not be run. The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.\n\t- if set to *true* when bootstrapping a new database, bootstrap ldif and schema will not be added and tls and replication config will not be run.\n\n- **LDAP_REMOVE_CONFIG_AFTER_SETUP**: delete config folder after setup. Defaults to `true`\n- **LDAP_SSL_HELPER_PREFIX**: ssl-helper environment variables prefix. Defaults to `ldap`, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.\n- **HOSTNAME**: set the hostname of the running openldap server. Defaults to whatever docker creates.\n- **DISABLE_CHOWN**: do not perform any chown to fix file ownership. Defaults to `false`\n- LDAP_OPENLDAP_UID: runtime docker user uid to run container as\n- LDAP_OPENLDAP_GID: runtime docker user gid to run container as\n\n\n### Set your own environment variables\n\n#### Use command line argument\nEnvironment variables can be set by adding the --env argument in the command line, for example:\n\n```sh\ndocker run \\\n\t--env LDAP_ORGANISATION=\"My company\" \\\n\t--env LDAP_DOMAIN=\"my-company.com\" \\\n\t--env LDAP_ADMIN_PASSWORD=\"JonSn0w\" \\\n\t--detach osixia/openldap:1.5.0\n```\n\nBe aware that environment variable added in command line will be available at any time\nin the container. In this example if someone manage to open a terminal in this container\nhe will be able to read the admin password in clear text from environment variables.\n\n#### Link environment file\n\nFor example if your environment files **my-env.yaml** and **my-env.startup.yaml** are in /data/ldap/environment\n\n```sh\ndocker run \\\n\t--volume /data/ldap/environment:/container/environment/01-custom \\\n\t--detach osixia/openldap:1.5.0\n```\n\nTake care to link your environment files folder to `/container/environment/XX-somedir` (with XX \u003c 99 so they will be processed before default environment files) and not  directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).\n\nNote: the container will try to delete the **\\*.startup.yaml** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\\*.yaml** file and don't use **\\*.startup.yaml**:\n\n```sh\ndocker run \\\n\t--volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \\\n\t--detach osixia/openldap:1.5.0\n```\n\n#### Docker Secrets\n\nAs an alternative to passing sensitive information via environmental variables, _FILE may be appended to the listed variables, causing\nthe startup.sh script to load the values for those values from files presented in the container. This is particular useful for loading\npasswords using the [Docker secrets](https://docs.docker.com/engine/swarm/secrets/) mechanism. For example:\n\n```sh\ndocker run \\\n\t--env LDAP_ORGANISATION=\"My company\" \\\n\t--env LDAP_DOMAIN=\"my-company.com\" \\\n\t--env LDAP_ADMIN_PASSWORD_FILE=/run/secrets/ \\\n\tauthentication_admin_pw \\\n\t--detach osixia/openldap:1.2.4\n```\n\nCurrently this is only supported for LDAP_ADMIN_PASSWORD, LDAP_CONFIG_PASSWORD, LDAP_READONLY_USER_PASSWORD\n\n#### Make your own image or extend this image\n\nThis is the best solution if you have a private registry. Please refer to the [Advanced User Guide](#advanced-user-guide) just below.\n\n## Advanced User Guide\n\n### Extend osixia/openldap:1.5.0 image\n\nIf you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.\n\nDockerfile example:\n\n```dockerfile\nFROM osixia/openldap:1.5.0\nLABEL maintainer=\"Your Name \u003cyour@name.com\u003e\"\n\nADD bootstrap /container/service/slapd/assets/config/bootstrap\nADD certs /container/service/slapd/assets/certs\nADD environment /container/environment/01-custom\n```\n\nSee complete example in **example/extend-osixia-openldap**\n\nWarning: if you want to install new packages from debian repositories, this image has a configuration to prevent documentation and locales to be installed. If you need the doc and locales remove the following files :\n**/etc/dpkg/dpkg.cfg.d/01_nodoc** and **/etc/dpkg/dpkg.cfg.d/01_nolocales**\n\n### Make your own openldap image\n\nClone this project:\n\n```sh\ngit clone https://github.com/osixia/docker-openldap\ncd docker-openldap\n```\n\nAdapt Makefile, set your image NAME and VERSION, for example:\n\n```makefile\nNAME = osixia/openldap\nVERSION = 1.1.9\n```\n\nbecome:\n\n```makefile\nNAME = cool-guy/openldap\nVERSION = 0.1.0\n```\n\nAdd your custom certificate, bootstrap ldif and environment files...\n\nBuild your image:\n\n```sh\nmake build\n```\n\nRun your image:\n\n```sh\ndocker run --detach cool-guy/openldap:0.1.0\n```\n\n### Tests\n\nWe use **Bats** (Bash Automated Testing System) to test this image:\n\n\u003e [https://github.com/bats-core/bats-core](https://github.com/bats-core/bats-core)\n\nInstall Bats, and in this project directory run:\n\n```sh\nmake test\n```\n\n### Kubernetes\n\nKubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.\n\nMore information:\n- https://kubernetes.io/\n- https://github.com/kubernetes/kubernetes\n\nosixia-openldap kubernetes examples are available in **example/kubernetes**\n\n### Under the hood: osixia/light-baseimage\n\nThis image is based on osixia/light-baseimage.\nIt uses the following features:\n\n- **ssl-tools** service to generate tls certificates\n- **log-helper** tool to print log messages based on the log level\n- **run** tool as entrypoint to init the container environment\n\nTo fully understand how this image works take a look at:\nhttps://github.com/osixia/docker-light-baseimage\n\n## Security\nIf you discover a security vulnerability within this docker image, please send an email to the Osixia! team at security@osixia.net. For minor vulnerabilities feel free to add an issue here on github.\n\nPlease include as many details as possible.\n\n### Known security issues\nOpenLDAP on debian creates two admin users with the same password, if you changed admin password after bootstrap you may be concerned by issue #161.\n\n## Changelog\n\nPlease refer to: [CHANGELOG.md](CHANGELOG.md)\n","funding_links":[],"categories":["Shell","docker"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fosixia%2Fdocker-openldap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fosixia%2Fdocker-openldap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fosixia%2Fdocker-openldap/lists"}