OpenLDAP slapd for COmanage Registry
Intended to build an OpenLDAP slapd image to use with COmanage Registry.
Build Arguments
No arguments are required for building the image.
The following arguments may be supplied during the build:
--build-arg COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=<slapd base image version>
Build Requirements
This image uses a multi-stage build. It requires that the OpenLDAP slapd base image be built first.
Building
docker build \
--build-arg COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=<slapd base image version> \
-t comanage-registry-slapd:<tag> .
Building Example
export COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=1
export COMANAGE_REGISTRY_SLAPD_IMAGE_VERSION=1
TAG="${COMANAGE_REGISTRY_SLAPD_IMAGE_VERSION}"
docker build \
--build-arg COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION=${COMANAGE_REGISTRY_SLAPD_BASE_IMAGE_VERSION} \
-t comanage-registry-slapd:$TAG .
Volumes and Data Persistence
See OpenLDAP slapd for COmanage Registry Volumes and Data Persistence.
Environment Variables
See the list of environment variables common to slapd images including this image.
Ports
By default the container instantiated from the image binds to 127.0.0.1 and listens for LDAP protocol traffic on port 389 only. To bind to other or all network interfaces and listen on port 636 as well override the default command for the image (see below for details).
Running
See other documentation in this repository for details on how to orchestrate running this image with other images using an orchestration tool like Docker Compose, Docker Swarm, or Kubernetes.
To run this image:
docker run -d \
--name comanage-registry-ldap \
-e OLC_ROOT_DN=cn=admin,dc=my,dc=org \
-e OLC_SUFFIX=dc=my,dc=org \
-e OLC_ROOT_PW={SSHA}emcy1JA+mxbHH0PMPcnasE9apBStAMks \
-v /opt/docker/var/lib/ldap:/var/lib/ldap \
-v /opt/docker/etc/ldap/slapd.d:/etc/ldap/slapd.d \
-p 389:389 \
comanage-registry-slapd:2 \
slapd -d 256 -h 'ldapi:/// ldap:///' -u openldap -g openldap
To run this image with slapd using TLS and listening on port 636
docker run -d \
--name comanage-registry-ldap \
-e OLC_ROOT_DN=cn=admin,dc=my,dc=org \
-e OLC_SUFFIX=dc=my,dc=org \
-e OLC_ROOT_PW={SSHA}emcy1JA+mxbHH0PMPcnasE9apBStAMks \
-e SLAPD_CERT_FILE=/run/secrets/slapd_cert_file \
-e SLAPD_CHAIN_FILE=/run/secrets/slapd_chain_file \
-e SLAPD_PRIVKEY_FILE=/run/secrets/slapd_privkey_file \
-v /opt/docker/var/lib/ldap:/var/lib/ldap \
-v /opt/docker/etc/ldap/slapd.d:/etc/ldap/slapd.d \
-p 389:389 \
-p 636:636 \
comanage-registry-slapd:2 \
slapd -d 256 -h 'ldapi:/// ldap:/// ldaps:///' -u openldap -g openldap
Executing LDIF Files
See Executing LDIF Files.
Logging
The slapd daemon logs to the stdout and stderr of the container.
TLS Configuration
See the section on environment variables and the SLAPD_CERT_FILE
, SLAPD_CHAIN_FILE
,
and SLAPD_PRIVKEY_FILE
variables.
Additionally you may bind mount or COPY in an X.509 certificate file, CA chain file, and associated private key file. For example
COPY cert.pem /etc/ldap/slapd.crt
COPY chain.pem /etc/ldap/slapd.ca.crt
COPY privkey.pem /etc/ldap/slapd.key