Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rroemhild/docker-test-openldap
Docker OpenLDAP Server for testing LDAP applications
https://github.com/rroemhild/docker-test-openldap
ci docker futurama ldap openldap slapd testing
Last synced: about 1 month ago
JSON representation
Docker OpenLDAP Server for testing LDAP applications
- Host: GitHub
- URL: https://github.com/rroemhild/docker-test-openldap
- Owner: rroemhild
- License: mit
- Created: 2015-02-21T18:01:35.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-09-16T10:57:38.000Z (12 months ago)
- Last Synced: 2024-06-02T04:35:17.544Z (3 months ago)
- Topics: ci, docker, futurama, ldap, openldap, slapd, testing
- Language: Dockerfile
- Size: 199 KB
- Stars: 335
- Watchers: 9
- Forks: 137
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# OpenLDAP Docker Image for testing
This Docker image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain `planetexpress.com` with data from the [Futurama Wiki][futuramawikia].
Parts of the image are based on the work from Nick Stenning [docker-slapd][slapd] and Bertrand Gouny [docker-openldap][openldap].
The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit tests.
[slapd]: https://github.com/nickstenning/docker-slapd
[openldap]: https://github.com/osixia/docker-openldap
[flaskldapconn]: https://github.com/rroemhild/flask-ldapconn
[futuramawikia]: http://futurama.wikia.com
## Features
* Initialized with data from Futurama
* Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
* memberOf overlay support
* MS-AD style groups support
* Supports Forced STARTTLS
* Supports custom domain and custom directory structure
## Usage
```
docker pull ghcr.io/rroemhild/docker-test-openldap:master
docker run --rm -p 10389:10389 -p 10636:10636 ghcr.io/rroemhild/docker-test-openldap:master
```
## Testing
```
# List all Users
ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Request StartTLS
ldapsearch -H ldap://localhost:10389 -Z -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS
ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS with self-signed cert
LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
```
## Exposed ports
* 10389 (ldap)
* 10636 (ldaps)
## Exposed volumes
* /etc/ldap/slapd.d
* /etc/ldap/ssl
* /var/lib/ldap
* /run/slapd
## LDAP structure
### dc=planetexpress,dc=com
| Admin | Secret |
| ---------------- | ---------------- |
| cn=admin,dc=planetexpress,dc=com | GoodNewsEveryone |
### ou=people,dc=planetexpress,dc=com
#### cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | inetOrgPerson |
| cn | Hubert J. Farnsworth |
| sn | Farnsworth |
| description | Human |
| displayName | Professor Farnsworth |
| employeeType | Owner |
| employeeType | Founder |
| givenName | Hubert |
| jpegPhoto | JPEG-Photo (630x507 Pixel, 26780 Bytes) |
| mail | [email protected] |
| mail | [email protected] |
| ou | Office Management |
| title | Professor |
| uid | professor |
| userPassword | professor |
### cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | inetOrgPerson |
| cn | Philip J. Fry |
| sn | Fry |
| description | Human |
| displayName | Fry |
| employeeType | Delivery boy |
| givenName | Philip |
| jpegPhoto | JPEG-Photo (429x350 Pixel, 22132 Bytes) |
| mail | [email protected] |
| ou | Delivering Crew |
| uid | fry |
| userPassword | fry |
### cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | inetOrgPerson |
| cn | John A. Zoidberg |
| sn | Zoidberg |
| description | Decapodian |
| displayName | Zoidberg |
| employeeType | Doctor |
| givenName | John |
| jpegPhoto | JPEG-Photo (343x280 Pixel, 26438 Bytes) |
| mail | [email protected] |
| ou | Staff |
| title | Ph. D. |
| uid | zoidberg |
| userPassword | zoidberg |
### cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | inetOrgPerson |
| cn | Hermes Conrad |
| sn | Conrad |
| description | Human |
| employeeType | Bureaucrat |
| employeeType | Accountant |
| givenName | Hermes |
| mail | [email protected] |
| ou | Office Management |
| uid | hermes |
| userPassword | hermes |
### cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | inetOrgPerson |
| cn | Turanga Leela |
| sn | Turanga |
| description | Mutant |
| employeeType | Captain |
| employeeType | Pilot |
| givenName | Leela |
| jpegPhoto | JPEG-Photo (429x350 Pixel, 26526 Bytes) |
| mail | [email protected] |
| ou | Delivering Crew |
| uid | leela |
| userPassword | leela |
### cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | inetOrgPerson |
| cn | Bender Bending Rodríguez |
| sn | Rodríguez |
| description | Robot |
| employeeType | Ship's Robot |
| givenName | Bender |
| jpegPhoto | JPEG-Photo (436x570 Pixel, 26819 Bytes) |
| mail | [email protected] |
| ou | Delivering Crew |
| uid | bender |
| userPassword | bender |
### cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com
Amy has a multi-valued DN
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | inetOrgPerson |
| cn | Amy Wong |
| sn | Kroker |
| description | Human |
| givenName | Amy |
| mail | [email protected] |
| ou | Intern |
| uid | amy |
| userPassword | amy |
### cn=admin_staff,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | Group |
| cn | admin_staff |
| member | cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com |
| member | cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com |
### cn=ship_crew,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
| ---------------- | ---------------- |
| objectClass | Group |
| cn | ship_crew |
| member | cn=Turanga Leela,ou=people,dc=planetexpress,dc=com |
| member | cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com |
| member | cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com |
## JAAS configuration
In case you want to use this OpenLDAP server for testing with a Java-based
application using JAAS and the `LdapLoginModule`, here's a working configuration
file you can use to connect.
```
other {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://localhost:10389/ou=people,dc=planetexpress,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
useSSL=false
java.naming.security.principal="cn=admin,dc=planetexpress,dc=com"
java.naming.security.credentials="GoodNewsEveryone"
debug=true
;
};
```
This config uses the admin credentials to connect to the OpenLDAP server and to
submit the search query for the user that enters their credentials. As username
the `uid` attribute of each entry is used.