-
Notifications
You must be signed in to change notification settings - Fork 1
/
openldap-osixia.xml
199 lines (199 loc) · 11.9 KB
/
openldap-osixia.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
<?xml version="1.0"?>
<Container version="2">
<Name>openldap</Name>
<Repository>osixia/openldap</Repository>
<Registry>https://hub.docker.com/r/osixia/openldap/</Registry>
<Network>bridge</Network>
<MyIP/>
<Shell>bash</Shell>
<Privileged>false</Privileged>
<Support>https://github.com/osixia/docker-openldap</Support>
<Project>https://www.openldap.org/</Project>
<Overview> A docker image to run OpenLDAP, The container default log level is info. Available levels are: none, error, warning, info, debug and trace.

The --copy-service post argument allows your certs to be mounted read only and copied into a directory in the container before changing ownership, do not remove.</Overview>
<Category>Security: Tools: Network:Management Status:Stable</Category>
<WebUI/>
<TemplateURL>https://github.com/CHBMB/docker-templates/blob/master/openldap.xml</TemplateURL>
<Icon>https://raw.githubusercontent.com/CHBMB/docker-templates/master/img/openldap.png</Icon>
<ExtraParams/>
<PostArgs>--copy-service --loglevel info</PostArgs>
<CPUset/>
<DonateText/>
<DonateLink/>
<Description> A docker image to run OpenLDAP, The container default log level is info. Available levels are: none, error, warning, info, debug and trace.

The --copy-service post argument allows your certs to be mounted read only and copied into a directory in the container before changing ownership, do not remove.</Description>
<Networking>
<Mode>bridge</Mode>
<Publish>
<Port>
<HostPort>389</HostPort>
<ContainerPort>389</ContainerPort>
<Protocol>tcp</Protocol>
</Port>
<Port>
<HostPort>636</HostPort>
<ContainerPort>636</ContainerPort>
<Protocol>tcp</Protocol>
</Port>
</Publish>
</Networking>
<Data>
<Volume>
<HostDir>/mnt/cache/appdata/openldap/database/</HostDir>
<ContainerDir>/var/lib/ldap/</ContainerDir>
<Mode>rw</Mode>
</Volume>
<Volume>
<HostDir>/mnt/cache/appdata/openldap/config/</HostDir>
<ContainerDir>/etc/ldap/slapd.d/</ContainerDir>
<Mode>rw</Mode>
</Volume>
<Volume>
<HostDir>/mnt/cache/appdata/letsencrypt/etc/letsencrypt/live/SERVER.COM/</HostDir>
<ContainerDir>/container/service/slapd/assets/certs</ContainerDir>
<Mode>ro</Mode>
</Volume>
</Data>
<Environment>
<Variable>
<Value>server.com</Value>
<Name>LDAP_ORGANISATION</Name>
<Mode/>
</Variable>
<Variable>
<Value>server.com</Value>
<Name>LDAP_DOMAIN</Name>
<Mode/>
</Variable>
<Variable>
<Value>admin</Value>
<Name>LDAP_ADMIN_PASSWORD</Name>
<Mode/>
</Variable>
<Variable>
<Value>config</Value>
<Name>LDAP_CONFIG_PASSWORD</Name>
<Mode/>
</Variable>
<Variable>
<Value>readonly</Value>
<Name>LDAP_READONLY_USER_USERNAME</Name>
<Mode/>
</Variable>
<Variable>
<Value>readonly</Value>
<Name>LDAP_READONLY_USER_PASSWORD</Name>
<Mode/>
</Variable>
<Variable>
<Value>server.com</Value>
<Name>HOSTNAME</Name>
<Mode/>
</Variable>
<Variable>
<Value/>
<Name>LDAP_BASE_DN</Name>
<Mode/>
</Variable>
<Variable>
<Value>true</Value>
<Name>LDAP_READONLY_USER</Name>
<Mode/>
</Variable>
<Variable>
<Value>true</Value>
<Name>LDAP_RFC2307BIS_SCHEMA</Name>
<Mode/>
</Variable>
<Variable>
<Value>mdb</Value>
<Name>LDAP_BACKEND</Name>
<Mode/>
</Variable>
<Variable>
<Value>true</Value>
<Name>LDAP_TLS</Name>
<Mode/>
</Variable>
<Variable>
<Value>cert.pem</Value>
<Name>LDAP_TLS_CRT_FILENAME</Name>
<Mode/>
</Variable>
<Variable>
<Value>privkey.pem</Value>
<Name>LDAP_TLS_KEY_FILENAME</Name>
<Mode/>
</Variable>
<Variable>
<Value>fullchain.pem</Value>
<Name>LDAP_TLS_CA_CRT_FILENAME</Name>
<Mode/>
</Variable>
<Variable>
<Value>false</Value>
<Name>LDAP_TLS_ENFORCE</Name>
<Mode/>
</Variable>
<Variable>
<Value>SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC</Value>
<Name>LDAP_TLS_CIPHER_SUITE</Name>
<Mode/>
</Variable>
<Variable>
<Value>try</Value>
<Name>LDAP_TLS_VERIFY_CLIENT</Name>
<Mode/>
</Variable>
<Variable>
<Value>false</Value>
<Name>KEEP_EXISTING_CONFIG</Name>
<Mode/>
</Variable>
<Variable>
<Value>true</Value>
<Name>LDAP_REMOVE_CONFIG_AFTER_SETUP</Name>
<Mode/>
</Variable>
<Variable>
<Value>ldap</Value>
<Name>LDAP_SSL_HELPER_PREFIX</Name>
<Mode/>
</Variable>
<Variable>
<Value>false</Value>
<Name>DISABLE_CHOWN</Name>
<Mode/>
</Variable>
</Environment>
<Labels/>
<Config Name="LDAP Port" Target="389" Default="" Mode="tcp" Description="LDAP Port: 389" Type="Port" Display="always" Required="false" Mask="false">389</Config>
<Config Name="LDAPS Port" Target="636" Default="" Mode="tcp" Description="LDAPS Port: 636" Type="Port" Display="always" Required="false" Mask="false">636</Config>
<Config Name="LDAP database files" Target="/var/lib/ldap/" Default="" Mode="rw" Description="LDAP database files" Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/openldap/database/</Config>
<Config Name="LDAP config files" Target="/etc/ldap/slapd.d/" Default="" Mode="rw" Description="LDAP config files" Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/openldap/config/</Config>
<Config Name="Certs" Target="/container/service/slapd/assets/certs" Default="" Mode="ro" Description="Mount your letsencrypt appdata/etc/letsencrypt/live/SERVER.COM/ folder to map your certs (read only). Change SERVER.COM to your domain name." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/letsencrypt/etc/letsencrypt/live/SERVER.COM/</Config>
<Config Name="LDAP_ORGANISATION" Target="LDAP_ORGANISATION" Default="" Mode="" Description="Organisation name. Defaults to Example Inc." Type="Variable" Display="always" Required="false" Mask="false">server.com</Config>
<Config Name="LDAP_DOMAIN" Target="LDAP_DOMAIN" Default="" Mode="" Description="Ldap domain. Defaults to example.org" Type="Variable" Display="always" Required="false" Mask="false">server.com</Config>
<Config Name="LDAP_ADMIN_PASSWORD" Target="LDAP_ADMIN_PASSWORD" Default="" Mode="" Description="Ldap Admin password. Defaults to admin" Type="Variable" Display="always" Required="false" Mask="true">admin</Config>
<Config Name="LDAP_CONFIG_PASSWORD" Target="LDAP_CONFIG_PASSWORD" Default="" Mode="" Description="Ldap Config password. Defaults to config" Type="Variable" Display="always" Required="false" Mask="true">config</Config>
<Config Name="LDAP_READONLY_USER_USERNAME" Target="LDAP_READONLY_USER_USERNAME" Default="" Mode="" Description="Read only user username. Defaults to readonly" Type="Variable" Display="always" Required="false" Mask="false">readonly</Config>
<Config Name="LDAP_READONLY_USER_PASSWORD" Target="LDAP_READONLY_USER_PASSWORD" Default="" Mode="" Description="Read only user password. Defaults to readonly" Type="Variable" Display="always" Required="false" Mask="true">readonly</Config>
<Config Name="HOSTNAME" Target="HOSTNAME" Default="" Mode="" Description="Set the hostname of the running openldap server. Defaults to whatever docker creates." Type="Variable" Display="always" Required="false" Mask="false">server.com</Config>
<Config Name="LDAP_BASE_DN" Target="LDAP_BASE_DN" Default="" Mode="" Description="LDAP_BASE_DN: Ldap base DN. If empty automatically set from LDAP_DOMAIN value. Defaults to (empty) " Type="Variable" Display="advanced" Required="false" Mask="false"/>
<Config Name="LDAP_READONLY_USER" Target="LDAP_READONLY_USER" Default="" Mode="" Description="Add a read only user. Defaults to false" Type="Variable" Display="advanced" Required="false" Mask="false">true</Config>
<Config Name="LDAP_RFC2307BIS_SCHEMA" Target="LDAP_RFC2307BIS_SCHEMA" Default="false" Mode="" Description="Use rfc2307bis schema instead of nis schema. Defaults to false" Type="Variable" Display="advanced" Required="false" Mask="false">true</Config>
<Config Name="LDAP_BACKEND" Target="LDAP_BACKEND" Default="mdb" Mode="" Description="Ldap backend. Defaults to mdb (previously hdb in image versions up to v1.1.10)" Type="Variable" Display="advanced" Required="false" Mask="false">mdb</Config>
<Config Name="LDAP_TLS" Target="LDAP_TLS" Default="true" Mode="" Description="Add openldap TLS capabilities. Can't be removed once set to true. Defaults to true." Type="Variable" Display="advanced" Required="false" Mask="false">true</Config>
<Config Name="LDAP_TLS_CRT_FILENAME" Target="LDAP_TLS_CRT_FILENAME" Default="ldap.crt" Mode="" Description="Ldap ssl certificate filename. Change SERVER.COM to your hostname." Type="Variable" Display="advanced" Required="false" Mask="false">cert.pem</Config>
<Config Name="LDAP_TLS_KEY_FILENAME" Target="LDAP_TLS_KEY_FILENAME" Default="ldap.key" Mode="" Description="Ldap ssl certificate private key filename. Change SERVER.COM to your hostname." Type="Variable" Display="advanced" Required="false" Mask="false">privkey.pem</Config>
<Config Name="LDAP_TLS_CA_CRT_FILENAME" Target="LDAP_TLS_CA_CRT_FILENAME" Default="ca.crt" Mode="" Description="Ldap ssl CA certificate filename. Change SERVER.COM to your hostname." Type="Variable" Display="advanced" Required="false" Mask="false">fullchain.pem</Config>
<Config Name="LDAP_TLS_ENFORCE" Target="LDAP_TLS_ENFORCE" Default="false" Mode="" Description="Enforce TLS but except ldapi connections. Can't be disabled once set to true. Defaults to false." Type="Variable" Display="advanced" Required="false" Mask="false">false</Config>
<Config Name="LDAP_TLS_CIPHER_SUITE" Target="LDAP_TLS_CIPHER_SUITE" Default="SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC" Mode="" Description="TLS cipher suite. Defaults to SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC" Type="Variable" Display="advanced" Required="false" Mask="false">SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC</Config>
<Config Name="LDAP_TLS_VERIFY_CLIENT" Target="LDAP_TLS_VERIFY_CLIENT" Default="demand" Mode="" Description="TLS verify client. Defaults to demand" Type="Variable" Display="advanced" Required="false" Mask="false">try</Config>
<Config Name="KEEP_EXISTING_CONFIG" Target="KEEP_EXISTING_CONFIG" Default="false" Mode="" Description="Do not change the ldap config. Defaults to false if set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run. The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data. if set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run. " Type="Variable" Display="advanced" Required="false" Mask="false">false</Config>
<Config Name="LDAP_REMOVE_CONFIG_AFTER_SETUP" Target="LDAP_REMOVE_CONFIG_AFTER_SETUP" Default="true" Mode="" Description="Delete config folder after setup. Defaults to true" Type="Variable" Display="advanced" Required="false" Mask="false">true</Config>
<Config Name="LDAP_SSL_HELPER_PREFIX" Target="LDAP_SSL_HELPER_PREFIX" Default="ldap" Mode="" Description="ssl-helper environment variables prefix. Defaults to ldap, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables." Type="Variable" Display="advanced" Required="false" Mask="false">ldap</Config>
<Config Name="DISABLE_CHOWN" Target="DISABLE_CHOWN" Default="" Mode="" Description="Do not perform any chown to fix file ownership. Defaults to false" Type="Variable" Display="advanced" Required="false" Mask="false">false</Config>
</Container>