Awesome
OpenLDAP Docker Image for testing
This Docker image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain planetexpress.com with data from the Futurama Wiki.
Parts of the image are based on the work from Nick Stenning docker-slapd and Bertrand Gouny docker-openldap.
The Flask extension flask-ldapconn use this image for unit tests.
Features
- Initialized with data from Futurama
- Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
- memberOf overlay support
- MS-AD style groups support
- Supports Forced STARTTLS
- Supports custom domain and custom directory structure
Usage
docker pull ghcr.io/rroemhild/docker-test-openldap:master
docker run --rm -p 10389:10389 -p 10636:10636 ghcr.io/rroemhild/docker-test-openldap:master
Testing
# List all Users
ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Request StartTLS
ldapsearch -H ldap://localhost:10389 -Z -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS
ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS with self-signed cert
LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
Exposed ports
- 10389 (ldap)
- 10636 (ldaps)
Exposed volumes
- /etc/ldap/slapd.d
- /etc/ldap/ssl
- /var/lib/ldap
- /run/slapd
LDAP structure
dc=planetexpress,dc=com
| Admin | Secret |
|---|
| cn=admin,dc=planetexpress,dc=com | GoodNewsEveryone |
ou=people,dc=planetexpress,dc=com
cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | inetOrgPerson |
| cn | Hubert J. Farnsworth |
| sn | Farnsworth |
| description | Human |
| displayName | Professor Farnsworth |
| employeeType | Owner |
| employeeType | Founder |
| givenName | Hubert |
| jpegPhoto | JPEG-Photo (630x507 Pixel, 26780 Bytes) |
| mail | professor@planetexpress.com |
| mail | hubert@planetexpress.com |
| ou | Office Management |
| title | Professor |
| uid | professor |
| userPassword | professor |
cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | inetOrgPerson |
| cn | Philip J. Fry |
| sn | Fry |
| description | Human |
| displayName | Fry |
| employeeType | Delivery boy |
| givenName | Philip |
| jpegPhoto | JPEG-Photo (429x350 Pixel, 22132 Bytes) |
| mail | fry@planetexpress.com |
| ou | Delivering Crew |
| uid | fry |
| userPassword | fry |
cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | inetOrgPerson |
| cn | John A. Zoidberg |
| sn | Zoidberg |
| description | Decapodian |
| displayName | Zoidberg |
| employeeType | Doctor |
| givenName | John |
| jpegPhoto | JPEG-Photo (343x280 Pixel, 26438 Bytes) |
| mail | zoidberg@planetexpress.com |
| ou | Staff |
| title | Ph. D. |
| uid | zoidberg |
| userPassword | zoidberg |
cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | inetOrgPerson |
| cn | Hermes Conrad |
| sn | Conrad |
| description | Human |
| employeeType | Bureaucrat |
| employeeType | Accountant |
| givenName | Hermes |
| mail | hermes@planetexpress.com |
| ou | Office Management |
| uid | hermes |
| userPassword | hermes |
cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | inetOrgPerson |
| cn | Turanga Leela |
| sn | Turanga |
| description | Mutant |
| employeeType | Captain |
| employeeType | Pilot |
| givenName | Leela |
| jpegPhoto | JPEG-Photo (429x350 Pixel, 26526 Bytes) |
| mail | leela@planetexpress.com |
| ou | Delivering Crew |
| uid | leela |
| userPassword | leela |
cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | inetOrgPerson |
| cn | Bender Bending Rodríguez |
| sn | Rodríguez |
| description | Robot |
| employeeType | Ship's Robot |
| givenName | Bender |
| jpegPhoto | JPEG-Photo (436x570 Pixel, 26819 Bytes) |
| mail | bender@planetexpress.com |
| ou | Delivering Crew |
| uid | bender |
| userPassword | bender |
cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com
Amy has a multi-valued DN
| Attribute | Value |
|---|
| objectClass | inetOrgPerson |
| cn | Amy Wong |
| sn | Kroker |
| description | Human |
| givenName | Amy |
| mail | amy@planetexpress.com |
| ou | Intern |
| uid | amy |
| userPassword | amy |
cn=admin_staff,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | Group |
| cn | admin_staff |
| member | cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com |
| member | cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com |
cn=ship_crew,ou=people,dc=planetexpress,dc=com
| Attribute | Value |
|---|
| objectClass | Group |
| cn | ship_crew |
| member | cn=Turanga Leela,ou=people,dc=planetexpress,dc=com |
| member | cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com |
| member | cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com |
JAAS configuration
In case you want to use this OpenLDAP server for testing with a Java-based
application using JAAS and the LdapLoginModule, here's a working configuration
file you can use to connect.
other {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://localhost:10389/ou=people,dc=planetexpress,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
useSSL=false
java.naming.security.principal="cn=admin,dc=planetexpress,dc=com"
java.naming.security.credentials="GoodNewsEveryone"
debug=true
;
};
This config uses the admin credentials to connect to the OpenLDAP server and to
submit the search query for the user that enters their credentials. As username
the uid attribute of each entry is used.