This Docker image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain planetexpress.com with data from the Futurama Wiki.
Parts of the image are based on the work from Nick Stenning docker-slapd and Bertrand Gouny docker-openldap.
The Flask extension flask-ldapconn use this image for unit tests.
Features
Initialized with data from Futurama
Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
memberOf overlay support
MS-AD style groups support
Supports Forced STARTTLS
Supports custom domain and custom directory structure
In case you want to use this OpenLDAP server for testing with a Java-based
application using JAAS and the LdapLoginModule, here's a working configuration
file you can use to connect.
This config uses the admin credentials to connect to the OpenLDAP server and to
submit the search query for the user that enters their credentials. As username
the uid attribute of each entry is used.
I'm a newbie by using docker and openldap and i'm trying to use this project with a J2EE project in localhost. But the project returns an UnknownHostException and I would like to know what is the FQDN I must give for establishing the connection ?
050-openldap-populate appears to configure the memberOf overlay, then create the users and groups afterwards, but when I query my docker container for all users, I don't see a memberOf attribute on any of them.
Replication steps
Run the docker container:
docker run -d --rm -p 10389:10389 -p 10636:10636 rroemhild/test-openldap
We build the actual state of the repo planing to make some small changes in the user/group structure.
When starting the image with no modifications slapd fails:
For testing purposes, I use this docker container to test LDAP authorization but the documented password is invalid and will result in a error 49 "invalid credentials".
I would advise against using VOLUMES in Dockerfile, as not all users are interested in having persistency on these paths, and it looks like it is not possible to just ignore them. Without the volumes the error would not happen.
Hello, thanks for this docker image. I'm now using it to test a draft R package LDAP client here. On local windows machine, the few integration tests i've run work, but on Travis-CI (see https://travis-ci.org/eblondel/ldap4R), on linux OS, the LDAP request to list of person objects:
Hello, looks like memberof configuration is not populating under user records. Is that expected or is there anything needed to be done to get that to work?
I am fairly confident this is an issue with my setup, but I am struggling to get this setup and working. We are really wanting to use this for our integration testing of our project.
I have the container running on my Intel Mac. It seems to be running fine. I started it with the command line provided, and it is using port 389.
The port is in use:
$ lsof -i:389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
com.docke 37827 xxxxxx 187u IPv6 0x35efde1bfd4dcf0d 0t0 TCP *:ldap (LISTEN)
I see logs every minute (which seems to indicate it is running):
2023-07-21 12:54:49 64bab859 conn=1046 fd=16 ACCEPT from IP=127.0.0.1:53282 (IP=0.0.0.0:10389)
2023-07-21 12:54:49 64bab859 conn=1046 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128
2023-07-21 12:54:49 64bab859 conn=1046 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0
2023-07-21 12:54:49 64bab859 conn=1046 op=0 RESULT tag=97 err=0 text=
2023-07-21 12:54:49 64bab859 conn=1046 op=1 SRCH base="cn=admin,dc=planetexpress,dc=com" scope=2 deref=0 filter="(objectClass=*)"
2023-07-21 12:54:49 64bab859 conn=1046 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
2023-07-21 12:54:49 64bab859 conn=1046 op=2 UNBIND
2023-07-21 12:54:49 64bab859 conn=1046 fd=16 closed
However, when I attempt a simple ldapsearch, I get an error. I have tried several variations.
$ ldapsearch -x -b "dc=planetexpress,dc=com" -h localhost -p 389 -D "cn=admin,dc=planetexpress,dc=com" -W "(&(objectClass=person))"
Enter LDAP Password:
ldap_result: Can't contact LDAP server (-1)
I also tried (which I found in an older issue here):
$ ldapsearch -x -h localhost -p 389 -D "cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com" -w "professor" -b "dc=planetexpress,dc=com" -s sub '(objectClass=*)' givenName
ldap_result: Can't contact LDAP server (-1)
I apologize for opening the issue for a case when I am confident I am doing something wrong, but I am not sure where to go from here.
It fails because variables LDAP_BASEDN and LDAP_DOMAIN are not set, but script /rootfs/etc/cont-init.d/050-openldap-populate references them.
Reason is the set -eux on top which makes every non-set variable an error.
Therefore the script breaks and does not stop the database, which, as consequence, raises the database already in use error.
Hi, I'm trying to use you docker image to setup a quick ldap authentication !
I did successfully run a container and can access it's data when i login anonymously through phpLDAPadmin, though i cannot access it with my app because it requires a username and a password for the root DN.
Is there a way you could help me with that please ?
Thanks a lot for this repository and for you attention !
I've tried a few alternative dockerized ldap images, this one is actually working out of the box with an planetexpress.com -> localhost mapping in /etc/hosts.
Is there a better way to be able to use this from TestContainers with localhost?
And is there a convenient way to load our own ldif, instead of the provided one?
I'm trying to build the image locally for this project from the master branch, the only changes I've made is to the docker-compose file to simplify it:
When I try and run the resulting image I keep getting the following Error in the container logs:
: No such file or directory bash
when trying to run the s6-overlay
I've looked at the information on s6 and I've even trying upgrading to v3 but still getting this error, do you know how to get past it?
Below is the log output for the container
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 000-slapd-package-config: executing...
: No such file or directory bash
[cont-init.d] 000-slapd-package-config: exited 127.
[cont-init.d] 010-tls-certificates: executing...
: No such file or directory bash
[cont-init.d] 010-tls-certificates: exited 127.
[cont-init.d] 020-filesystem-perms: executing...
: No such file or directory bash
[cont-init.d] 020-filesystem-perms: exited 127.
[cont-init.d] 050-openldap-populate: executing...
: No such file or directory bash
[cont-init.d] 050-openldap-populate: exited 127.
[cont-init.d] done.
[services.d] starting services
: No such file or directory bash
[services.d] done.
: No such file or directory bash
: No such file or directory bash
Hi,
I was trying to test locally scenario of disabling users that hasn't logged on for a while via AD based on lastLogonTimestamp
Though, after login via LDAP (ldapsearch and python client), I can see that in list of attributes
I guess this is the AD setting
Any quick fix to enable this or code change that can be done?
P.S: I've seen on the web that this timestamp can lag and is not always the most reliable. But, as there are not many other alternatives to do this via LDAP, still want to try this approach. Poweshell on server is not an option at the moment
I have not changed anything aside from altering the docker-compose.yml
version: '2'
services:
ldap:
container_name: ldap-test
# use the image tag to pull directly from the repo
# image: rroemhild/test-openldap
environment:
LDAP_FORCE_STARTTLS: "false"
LDAP_DOMAIN: "planetexpress.com"
LDAP_BASEDN: "dc=planetexpress,dc=com"
LDAP_ORGANISATION: "Planet Express, Inc."
LDAP_BINDDN: "cn=admin,dc=planetexpress,dc=com"
# use build tag to use the local repo
build:
context: ./
dockerfile: ./Dockerfile
ports:
- '10389:10389'
- '10636:10636'
volumes:
- data_volume:/var/lib/ldap/
volumes:
data_volume:
I cannot connect to LDAPS port 636 from outside the running container.
It's working "fine" (meaning I can at least get the SSL certificate error) but connection is refused when I try this from my host machine (running Docker on Mac).