OpenLDAP Proxy -- Installation and configuration

  sonic0002        2017-11-03 20:26:41       20,452        0    

After understanding what the configuration would be for an OpenLDAP proxy, it's time to explain the installation of OpenLDAP proxy and how to make it run. In this post, we will cover how to install OpenLDAP proxy both locally and using docker.

Local installation

The installation is quite easy, there are a few packages to be installed including the ldap server, ldap client and some utilities. Below steps are for CentOS, the instructions for other platforms should be similar with minor differences on packages names and package locations.

  1. Install openldap openldap-clients openldap-servers
    yum install openldap openldap-clients openldap-servers
  2. Create /etc/openldap/slapd.conf if not existing.
  3. Update /etc/openldap/slapd.conf add LDAP entries (Check the previous post on what the configuration would be)
  4. Remove the current /etc/openldap/slapd.d/ contents
    rm -rf /etc/openldap/slapd.d/*
  5. Regenerating configs
    slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
  6. Change owner of the config directory to ldap. For Ubuntu, it is openldap.
    chown -R ldap:ldap /etc/openldap/slapd.d
  7. Restart slapd service
    /etc/init.d/slapd restart

This should bring up the OpenLDAP proxy with the configurations you want. If you don't want to use the LDIF style of configuration, you can delete the /etc/ldap/slapd.d folder after updating the /etc/ldap/slapd.conf file.

Docker setup

Docker has become a popular method of hosting one single service for a specific purpose. The OpenLDAP proxy fits perfectly in this model. Hence we would also introduce the way of setting up OpenLDAP proxy using Docker and docker-compose. If you are not aware of these utilities, please read some resource online first.

The steps for setting up OpenLDAP proxy are:

  1. Create a directory named openldap_proxy, you can choose whatever name you want. And go into the openldap_proxy directory.
  2. Create a Dockerfile and put following contents(This is just a sample)
    # Pull base image from authorized source
    FROM centos:7
    
    # Install the necessary packages for LDAP Proxy server
    RUN yum install openldap openldap-clients openldap-servers -y
    
    # Make necessary directories
    RUN mkdir -p /root/openldap_proxy && \
        mkdir -p /root/openldap_proxy/tmp && \
        mkdir -p /root/openldap_proxy/data && \
        mkdir -p /root/openldap_proxy/data/certs
    
    # Remove unneeded directories
    RUN rm -rf /etc/openldap/slapd.d
    
    # Copy files to container
    COPY ./start.sh /root/openldap_proxy/start.sh
    COPY ./slapd.conf /etc/openldap/slapd.conf
    
    # Add execution permission
    RUN chmod 755 /root
    RUN chmod +x /root/openldap_proxy/start.sh
    
    # Entry point
    ENTRYPOINT ["/root/openldap_proxy/start.sh"]
  3. Save Dockerfile
  4. Put the slapd.conf file in the openldap_proxy directory and create a file named start.sh in openldap_proxy
  5. In start.sh, put below contents
    #!/bin/bash
    
    TOPDIR=$(dirname $0)
    cd $TOPDIR && TOPDIR=$PWD
    
    # Generate certificates if not existing
    DESTDIR="$TOPDIR/data/certs"
    APP_FQDN=$(hostname -f)
    
    [[ -d $DESTDIR ]] || mkdir -p $DESTDIR
    
    APP_GEN_CERT='openssl req -x509 -nodes -days 365 -newkey rsa:2048'
    APP_GEN_CERT="$APP_GEN_CERT -keyout $DESTDIR/ldap.key -out $DESTDIR/ldap.crt"
    APP_GEN_CERT="$APP_GEN_CERT -subj '/CN=$APP_FQDN/OU=TestOU/O=Organization/L=Location/ST=State/C=Country'"
    APP_GEN_CERT="[[ -f $DESTDIR/ldap.crt ]] || $APP_GEN_CERT"
    
    eval $APP_GEN_CERT
    
    # Run docker-compose command
    exec "$@"
  6. The start.sh is the entry point of the Docker container and it will be copied to the container and run when docker container starts. The script will first generate a certificate which would be used by the proxy if it serves SSL requests and then it handles the execution to the command passed to start.sh which would be the command option in docker-compose.yml to be created later 
  7. Create a docker image named my_openldap_proxy. 
    docker build -t my_openldap_proxy .
  8. Next go out one level of the openpldap_proxy directory (cd ../)
  9. Create a docker-compose.yml file with below contents
    my_openldap_proxy:
      image: my_openldap_proxy:latest
      container_name: my_openldap_proxy
      ports:
        - '389:389'
        - "636:636"
      volumes:
        - shared_data:/root/openldap_proxy/data
      command: bash -l -c "cd /root/openldap_proxy && /usr/sbin/slapd -h 'ldap:/// ldapi:/// ldaps:///' -g ldap -u ldap -d 2"
  10. Save it and then run docker-compose up -d command. This command will build the container if it's not existing and start it in detached mode. 

Pretty easy installation steps. There would be some other settings if you want to add SSL enabled remote LDAP server in your configuration, we would cover them in a future post. Stay tuned.

OPENLDAP PROXY  OPENLDAP  DOCKER  CENTOS  INSTALLATION 

       

  RELATED


  0 COMMENT


No comment for this article.



  RANDOM FUN

Looks like useless code remaining after refactor