forked from mystiq/dex
Extend OpenLDAP example for LDAPS
Signed-off-by: Martin Heide <martin.heide@faro.com>
This commit is contained in:
Martin Heide
parent
3650fe2287
commit
c12c340e3c
2 changed files with 28 additions and 2 deletions
|
|
@ -11,10 +11,23 @@ connectors:
|
||||||
name: OpenLDAP
|
name: OpenLDAP
|
||||||
id: ldap
|
id: ldap
|
||||||
config:
|
config:
|
||||||
|
# The following configurations seem to work with OpenLDAP:
|
||||||
|
#
|
||||||
|
# 1) Plain LDAP, without TLS:
|
||||||
host: localhost:389
|
host: localhost:389
|
||||||
|
|
||||||
# No TLS for this setup.
|
|
||||||
insecureNoSSL: true
|
insecureNoSSL: true
|
||||||
|
#
|
||||||
|
# 2) LDAPS without certificate validation:
|
||||||
|
#host: localhost:636
|
||||||
|
#insecureNoSSL: false
|
||||||
|
#insecureSkipVerify: true
|
||||||
|
#
|
||||||
|
# 3) LDAPS with certificate validation:
|
||||||
|
#host: YOUR-HOSTNAME:636
|
||||||
|
#insecureNoSSL: false
|
||||||
|
#insecureSkipVerify: false
|
||||||
|
#rootCAData: 'CERT'
|
||||||
|
# ...where CERT="$( base64 -w 0 your-cert.crt )"
|
||||||
|
|
||||||
# This would normally be a read-only user.
|
# This would normally be a read-only user.
|
||||||
bindDN: cn=admin,dc=example,dc=org
|
bindDN: cn=admin,dc=example,dc=org
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,24 @@
|
||||||
version: "3"
|
version: "3"
|
||||||
|
|
||||||
|
# For LDAPS with certificate validation:
|
||||||
|
# How to extract the TLS certificate from the OpenLDAP container, and encode it for the Dex config (`rootCAData`):
|
||||||
|
# $ docker-compose exec ldap cat /container/run/service/slapd/assets/certs/ca.crt | base64 -w 0
|
||||||
|
# But note this issue: https://github.com/osixia/docker-openldap/issues/506
|
||||||
|
|
||||||
services:
|
services:
|
||||||
ldap:
|
ldap:
|
||||||
image: osixia/openldap:1.4.0
|
image: osixia/openldap:1.4.0
|
||||||
# Copying is required because the entrypoint modifies the *.ldif files.
|
# Copying is required because the entrypoint modifies the *.ldif files.
|
||||||
# For verbose output, use: command: ["--copy-service", "--loglevel", "debug"]
|
# For verbose output, use: command: ["--copy-service", "--loglevel", "debug"]
|
||||||
command: ["--copy-service"]
|
command: ["--copy-service"]
|
||||||
|
environment:
|
||||||
|
# Required if using LDAPS:
|
||||||
|
# Since Dex doesn't use a client TLS certificate, downgrade from "demand" to "try".
|
||||||
|
LDAP_TLS_VERIFY_CLIENT: try
|
||||||
|
# The hostname is required if using LDAPS with certificate validation.
|
||||||
|
# In Dex, use the same hostname (with port) for `connectors[].config.host`.
|
||||||
|
#hostname: YOUR-HOSTNAME
|
||||||
|
#
|
||||||
# https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif
|
# https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif
|
||||||
# Option 1: Add custom seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/custom/
|
# Option 1: Add custom seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/custom/
|
||||||
# Option 2: Overwrite default seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/
|
# Option 2: Overwrite default seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue