Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add option to use starttls for ldap connection #100

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add option to use starttls for ldap connection #100

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,20 @@ You can also authorize against an Active Directory / LDAP. The following Paramet
| `LDAP_BIND_PW` | LDAP Password | SuperSecretPassword |
| `LDAP_BACKUPPC_ADMIN` | LDAP user with with backuppc admin rights | backuppcadmin |

#### STARTTLS with LDAP

You can also use STARTTLS for the LDAP connection. In order to do so, set the optional parameter `LDAP_STARTTLS=1` and mount the CA file, which is used by the server, as a volume into the container.

```bash
docker run \
--name backuppc \
--publish 80:8080 \
--volume /path/to/cafile/ca.pem:/etc/ldap/ca.pem:ro \
--env 'LDAP_STARTTLS=1' \
--env […other LDAP parameter…] \
adferrand/backuppc
```

### Advanced configuration

One may need more advanced authentication/authorization on Backuppc Web UI, for instance several *normal* users allowing operations on backups, and an *admin* user to parameterize BackupPC.
Expand Down
2 changes: 2 additions & 0 deletions files/auth-ldap.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ server.modules += ( "mod_authn_ldap" )

auth.backend = "ldap"
auth.backend.ldap.hostname = "LDAP_HOSTNAME"
auth.backend.ldap.starttls = "LDAP_STARTTLS"
auth.backend.ldap.ca-file = "/etc/ldap/ca.pem"
auth.backend.ldap.base-dn = "LDAP_BASE_DN"
auth.backend.ldap.filter = "LDAP_FILTER"
auth.backend.ldap.allow-empty-pw = "disable"
Expand Down
7 changes: 7 additions & 0 deletions files/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,13 @@ if [ -f /firstrun ]; then
if [ "$AUTH_METHOD" == "ldap" ]; then

sed -i 's#LDAP_HOSTNAME#'"$LDAP_HOSTNAME"'#g' /etc/lighttpd/auth-ldap.conf

if [ "$LDAP_STARTTLS" == "1" ]; then
sed -i 's#LDAP_STARTTLS#1#g' /etc/lighttpd/auth-ldap.conf
else
sed -i 's#LDAP_STARTTLS#0#g' /etc/lighttpd/auth-ldap.conf
fi

sed -i 's#LDAP_BASE_DN#'"$LDAP_BASE_DN"'#g' /etc/lighttpd/auth-ldap.conf
LDAP_FILTER=$(sed 's#&#\\&#g' <<< "$LDAP_FILTER")
sed -i 's#LDAP_FILTER#'"$LDAP_FILTER"'#g' /etc/lighttpd/auth-ldap.conf
Expand Down
Loading