This is essentially an Apache Directory Server (ApacheDS) with some Active Directory (AD) specific attributes added to make it feel like AD ; done primarily for testing purposes.
- embedded ApacheDS from https://github.com/intoolswetrust/ldap-server
- http://stackoverflow.com/questions/11174835/add-memberof-attribute-to-apacheds
- The work to add memberOf attribute in ApacheDS is tracked here https://issues.apache.org/jira/browse/DIRSERVER-1844
A Makefile is provided for convenience, though a part of me considers it abusing Makefiles.
- Run
make helpto see various supported commands. - For the uninitiated,
make docker [img=<img> tag=<tag>]builds the image as<img>:<tag>(defaultrkoul/adldap-docker:1.0.0dev) andmake run [img=<img> tag=<tag>]runs it. make runssl [img=<img> tag=<tag>]starts the TLS listener as well.
you may want to check out the help menu for more details
you can run it with the default data and config
docker run -it --rm -p 127.0.0.1:10389:10389 rkoul/adldap-docker:1.0.1
Or pass your own users/groups ldif file via a bind mount (see attributes in data/records.ldif)
docker run -v /tmp/data:/ldap/data \
-e LDAP_USER_LDIF=myusers.ldif \
-e LDAP_ADMIN_PASSWORD=secret \
-e LDAP_DEBUG=true \
-it --rm -p 127.0.0.1:10389:10389 rkoul/adldap-docker:1.0.1
For LDAPS, you can add a java keystore file in the mounted dir. (see make keystore)
docker run -v /tmp/data:/ldap/data \
-e LDAP_USER_LDIF=myusers.ldif \
-e LDAP_ADMIN_PASSWORD=secret \
-e LDAP_KEYSTORE=mykeystore.jks \
-e LDAP_KEYSTORE_PASSWORD=mypass \
-e LDAP_DEBUG=true \
-it --rm -p 127.0.0.1:10636:10636 rkoul/adldap-docker:1.0.1
if you make changes, you can clone this repo and build a new version as under:
docker build -t adldap:0.0.1 .
- default LDAP admin bind credentials are
uid=admin,ou=systemand whatever is passed asLDAP_ADMIN_PASSWORD - the rest of the sample data is in
data/records.ldif(the schema gets created viaextensions.ldifwhich you can completely replace with another bind mount on:/ldap/extensions.ldif) - user basedn =
ou=users,dc=example,dc=com - groups basedn =
ou=groups,dc=example,dc=com - user password =
secret
| cn | full name | uid | groups | |
|---|---|---|---|---|
| rohit | Rohit Koul | rkoul | [email protected] | piedpiper, trinity, threecommaclub |
| richard | Richard Hendricks | rhendricks | [email protected] | piedpiper, trinity |
| gilfoyle | Bertram Gilfoyle | bgilfoyle | [email protected] | piedpiper |
| erlich | Erlich Bachman | ebachman | [email protected] | piedpiper, aviato |
| jianyang | Jian Yang | jyang | [email protected] | piedpiper |
| gavin | Gavin Belson | gbelson | [email protected] | hooli |
| russ | Russ Hanneman | rhanneman | [email protected] | threecommaclub |
| bighead | Nelson Bighetti | bnelson | [email protected] | hooli |
| jared | Donald Dunn | jared | [email protected] | piedpiper, hooli |
| dinesh | Dinesh Chugtai | dchugtai | [email protected] | piedpiper |
| monica | Monica Hall | mhall | [email protected] | raviga |
| laurie | Laurie Bream | lbream | [email protected] | raviga |
| anton | Anton Server | anton | [email protected] | - |
There are also users adminuser, testuser & groups admins and testers should you just care for generic ones. Use an LDAP browser and look at it.