This image can be used to run simple integration tests for LDAP clients.
It's a fork of https://github.com/rroemhild/docker-test-openldap to fix
- upstream still consideres the image on DockerHub to be the primary one, even though it is very outdated and does not match the README.
- upstream's new image on gchr.io is broken at the moment.
The docker image can be found on quay.io/kubermatic-labs/openldap-test
.
This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain planetexpress.com
with data from the Futurama Wiki.
Parts of the image are based on the work from Nick Stenning docker-slapd and Bertrand Gouny docker-openldap.
The Flask extension flask-ldapconn use this image for unit tests.
- Initialized with data from Futurama
- Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
- memberOf overlay support
- MS-AD style groups support
- Supports Forced STARTTLS
- Supports custom domain and custom directory structure
docker pull rroemhild/test-openldap
docker run --rm -p 10389:10389 -p 10636:10636 rroemhild/test-openldap
# List all Users
ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Request StartTLS
ldapsearch -H ldap://localhost:10389 -Z -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS
ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
# Enforce StartTLS with self-signed cert
LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
- 10389 (ldap)
- 10636 (ldaps)
- /etc/ldap/slapd.d
- /etc/ldap/ssl
- /var/lib/ldap
- /run/slapd
Admin | Secret |
---|---|
cn=admin,dc=planetexpress,dc=com | GoodNewsEveryone |
Attribute | Value |
---|---|
objectClass | inetOrgPerson |
cn | Hubert J. Farnsworth |
sn | Farnsworth |
description | Human |
displayName | Professor Farnsworth |
employeeType | Owner |
employeeType | Founder |
givenName | Hubert |
jpegPhoto | JPEG-Photo (630x507 Pixel, 26780 Bytes) |
professor@planetexpress.com | |
hubert@planetexpress.com | |
ou | Office Management |
title | Professor |
uid | professor |
userPassword | professor |
Attribute | Value |
---|---|
objectClass | inetOrgPerson |
cn | Philip J. Fry |
sn | Fry |
description | Human |
displayName | Fry |
employeeType | Delivery boy |
givenName | Philip |
jpegPhoto | JPEG-Photo (429x350 Pixel, 22132 Bytes) |
fry@planetexpress.com | |
ou | Delivering Crew |
uid | fry |
userPassword | fry |
Attribute | Value |
---|---|
objectClass | inetOrgPerson |
cn | John A. Zoidberg |
sn | Zoidberg |
description | Decapodian |
displayName | Zoidberg |
employeeType | Doctor |
givenName | John |
jpegPhoto | JPEG-Photo (343x280 Pixel, 26438 Bytes) |
zoidberg@planetexpress.com | |
ou | Staff |
title | Ph. D. |
uid | zoidberg |
userPassword | zoidberg |
Attribute | Value |
---|---|
objectClass | inetOrgPerson |
cn | Hermes Conrad |
sn | Conrad |
description | Human |
employeeType | Bureaucrat |
employeeType | Accountant |
givenName | Hermes |
hermes@planetexpress.com | |
ou | Office Management |
uid | hermes |
userPassword | hermes |
Attribute | Value |
---|---|
objectClass | inetOrgPerson |
cn | Turanga Leela |
sn | Turanga |
description | Mutant |
employeeType | Captain |
employeeType | Pilot |
givenName | Leela |
jpegPhoto | JPEG-Photo (429x350 Pixel, 26526 Bytes) |
leela@planetexpress.com | |
ou | Delivering Crew |
uid | leela |
userPassword | leela |
Attribute | Value |
---|---|
objectClass | inetOrgPerson |
cn | Bender Bending Rodríguez |
sn | Rodríguez |
description | Robot |
employeeType | Ship's Robot |
givenName | Bender |
jpegPhoto | JPEG-Photo (436x570 Pixel, 26819 Bytes) |
bender@planetexpress.com | |
ou | Delivering Crew |
uid | bender |
userPassword | bender |
Amy has a multi-valued DN
Attribute | Value |
---|---|
objectClass | inetOrgPerson |
cn | Amy Wong |
sn | Kroker |
description | Human |
givenName | Amy |
amy@planetexpress.com | |
ou | Intern |
uid | amy |
userPassword | amy |
Attribute | Value |
---|---|
objectClass | Group |
cn | admin_staff |
member | cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com |
member | cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com |
Attribute | Value |
---|---|
objectClass | Group |
cn | ship_crew |
member | cn=Turanga Leela,ou=people,dc=planetexpress,dc=com |
member | cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com |
member | cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com |
In case you want to use this OpenLDAP server for testing with a Java-based
application using JAAS and the LdapLoginModule
, here's a working configuration
file you can use to connect.
other {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://localhost:10389/ou=people,dc=planetexpress,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
useSSL=false
java.naming.security.principal="cn=admin,dc=planetexpress,dc=com"
java.naming.security.credentials="GoodNewsEveryone"
debug=true
;
};
This config uses the admin credentials to connect to the OpenLDAP server and to
submit the search query for the user that enters their credentials. As username
the uid
attribute of each entry is used.