Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

comanage-registry-docker/comanage-registry-slapd-proxy/README.md

Go to file
 
 
Cannot retrieve contributors at this time
OpenLDAP slapd proxy for COmanage Registry Build Arguments Build Requirements Building Building Example Volumes and Data Persistence Environment Variables Ports Running Executing LDIF Files Logging TLS Configuration
123 lines (89 sloc) 3.91 KB
Raw Blame
Open in GitHub Desktop

OpenLDAP slapd proxy for COmanage Registry

Intended to build an OpenLDAP slapd image configured to run as an LDAP proxy server.

Build Arguments

No arguments are required for building the image.

The following arguments may be supplied during the build:

--build-arg COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=<slapd base image version>

Build Requirements

This image uses a multi-stage build. It requires that the OpenLDAP slapd base image be built first.

Building

docker build \
  --build-arg COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=<slapd base image version> \
  -t comanage-registry-slapd-proxy:<tag> .

Building Example

export COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=1
export COMANAGE_REGISTRY_SLAPD_PROXY_IMAGE_VERSION=1
TAG="${COMANAGE_REGISTRY_SLAPD_IMAGE_VERSION}"
docker build \
  --build-arg COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=${COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION} \
  -t comanage-registry-slapd-proxy:$TAG .

Volumes and Data Persistence

This image does not require volume or data persistence when used soley as an LDAP proxy server and all necessary configuration is injected at run time.

More complicated deployments may wish to persist some data or configuration. For such deployments see OpenLDAP slapd for COmanage Registry Volumes and Data Persistence.

Environment Variables

See the list of environment variables common to slapd images including this image.

Ports

By default the container instantiated from the image binds to 127.0.0.1 and listens for LDAP protocol traffic on port 389 only. To bind to other or all network interfaces and listen on port 636 as well override the default command for the image (see below for details).

Running

See other documentation in this repository for details on how to orchestrate running this image with other images using an orchestration tool like Docker Compose, Docker Swarm, or Kubernetes.

To run this image:

docker run -d \
  --name ldapgateway \
  -e SLAPD_CERT_FILE=/run/secrets/slapd_cert_file \
  -e SLAPD_CHAIN_FILE=/run/secrets/slapd_chain_file \
  -e SLAPD_PRIVKEY_FILE=/run/secrets/slapd_privkey_file \
  -v /opt/docker/ldif/proxy_config.ldif:/ldif/config/ldap_gateway_proxy_config.ldif \
  -p 389:389 \
  -p 636:636 \
  comanage-registry-slapd-proxy:2 \
  slapd -d 0 -h 'ldapi:/// ldap:/// ldaps:///' -u openldap -g openldap

Executing LDIF Files

See Executing LDIF Files.

Logging

The slapd daemon logs to the stdout and stderr of the container.

TLS Configuration

See the section on environment variables and the SLAPD_CERT_FILE, SLAPD_CHAIN_FILE, and SLAPD_PRIVKEY_FILE variables.

Additionally you may bind mount or COPY in an X.509 certificate file, CA chain file, and associated private key file. For example

COPY cert.pem /etc/ldap/slapd.crt
COPY chain.pem /etc/ldap/slapd.ca.crt
COPY privkey.pem /etc/ldap/slapd.key