Skip to content

kubermatic-labs/docker-test-openldap

 
 

Repository files navigation

OpenLDAP Test Image

This image can be used to run simple integration tests for LDAP clients.

It's a fork of https://github.com/rroemhild/docker-test-openldap to fix

  • upstream still consideres the image on DockerHub to be the primary one, even though it is very outdated and does not match the README.
  • upstream's new image on gchr.io is broken at the moment.

The docker image can be found on quay.io/kubermatic-labs/openldap-test.


OpenLDAP Docker Image for testing

Docker Build Status Docker Stars Docker Pulls

This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with the example domain planetexpress.com with data from the Futurama Wiki.

Parts of the image are based on the work from Nick Stenning docker-slapd and Bertrand Gouny docker-openldap.

The Flask extension flask-ldapconn use this image for unit tests.

Features

  • Initialized with data from Futurama
  • Support for LDAP over TLS (STARTTLS) using a self-signed cert, or valid certificates (LetsEncrypt, etc)
  • memberOf overlay support
  • MS-AD style groups support
  • Supports Forced STARTTLS
  • Supports custom domain and custom directory structure

Usage

docker pull rroemhild/test-openldap
docker run --rm -p 10389:10389 -p 10636:10636 rroemhild/test-openldap

Testing

# List all Users
ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

# Request StartTLS
ldapsearch -H ldap://localhost:10389 -Z -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

# Enforce StartTLS
ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

# Enforce StartTLS with self-signed cert
LDAPTLS_REQCERT=never ldapsearch -H ldap://localhost:10389 -ZZ -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"

Exposed ports

  • 10389 (ldap)
  • 10636 (ldaps)

Exposed volumes

  • /etc/ldap/slapd.d
  • /etc/ldap/ssl
  • /var/lib/ldap
  • /run/slapd

LDAP structure

dc=planetexpress,dc=com

Admin Secret
cn=admin,dc=planetexpress,dc=com GoodNewsEveryone

ou=people,dc=planetexpress,dc=com

cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Hubert J. Farnsworth
sn Farnsworth
description Human
displayName Professor Farnsworth
employeeType Owner
employeeType Founder
givenName Hubert
jpegPhoto JPEG-Photo (630x507 Pixel, 26780 Bytes)
mail professor@planetexpress.com
mail hubert@planetexpress.com
ou Office Management
title Professor
uid professor
userPassword professor

cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Philip J. Fry
sn Fry
description Human
displayName Fry
employeeType Delivery boy
givenName Philip
jpegPhoto JPEG-Photo (429x350 Pixel, 22132 Bytes)
mail fry@planetexpress.com
ou Delivering Crew
uid fry
userPassword fry

cn=John A. Zoidberg,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn John A. Zoidberg
sn Zoidberg
description Decapodian
displayName Zoidberg
employeeType Doctor
givenName John
jpegPhoto JPEG-Photo (343x280 Pixel, 26438 Bytes)
mail zoidberg@planetexpress.com
ou Staff
title Ph. D.
uid zoidberg
userPassword zoidberg

cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Hermes Conrad
sn Conrad
description Human
employeeType Bureaucrat
employeeType Accountant
givenName Hermes
mail hermes@planetexpress.com
ou Office Management
uid hermes
userPassword hermes

cn=Turanga Leela,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Turanga Leela
sn Turanga
description Mutant
employeeType Captain
employeeType Pilot
givenName Leela
jpegPhoto JPEG-Photo (429x350 Pixel, 26526 Bytes)
mail leela@planetexpress.com
ou Delivering Crew
uid leela
userPassword leela

cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass inetOrgPerson
cn Bender Bending Rodríguez
sn Rodríguez
description Robot
employeeType Ship's Robot
givenName Bender
jpegPhoto JPEG-Photo (436x570 Pixel, 26819 Bytes)
mail bender@planetexpress.com
ou Delivering Crew
uid bender
userPassword bender

cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com

Amy has a multi-valued DN

Attribute Value
objectClass inetOrgPerson
cn Amy Wong
sn Kroker
description Human
givenName Amy
mail amy@planetexpress.com
ou Intern
uid amy
userPassword amy

cn=admin_staff,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass Group
cn admin_staff
member cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
member cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com

cn=ship_crew,ou=people,dc=planetexpress,dc=com

Attribute Value
objectClass Group
cn ship_crew
member cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
member cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
member cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com

JAAS configuration

In case you want to use this OpenLDAP server for testing with a Java-based application using JAAS and the LdapLoginModule, here's a working configuration file you can use to connect.

other {
  com.sun.security.auth.module.LdapLoginModule REQUIRED
    userProvider="ldap://localhost:10389/ou=people,dc=planetexpress,dc=com"
    userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
    useSSL=false
    java.naming.security.principal="cn=admin,dc=planetexpress,dc=com"
    java.naming.security.credentials="GoodNewsEveryone"
    debug=true
    ;
};

This config uses the admin credentials to connect to the OpenLDAP server and to submit the search query for the user that enters their credentials. As username the uid attribute of each entry is used.

About

Docker OpenLDAP Server for testing LDAP applications

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Dockerfile 100.0%