Merge pull request #1947 from faro-oss/feature/ldaps-example

Extend OpenLDAP example for LDAPS
This commit is contained in:
Márk Sági-Kazár 2021-02-10 13:39:29 +01:00 committed by GitHub
commit 1c9fb499b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 2 deletions

View file

@ -11,10 +11,23 @@ connectors:
name: OpenLDAP name: OpenLDAP
id: ldap id: ldap
config: config:
# The following configurations seem to work with OpenLDAP:
#
# 1) Plain LDAP, without TLS:
host: localhost:389 host: localhost:389
# No TLS for this setup.
insecureNoSSL: true insecureNoSSL: true
#
# 2) LDAPS without certificate validation:
#host: localhost:636
#insecureNoSSL: false
#insecureSkipVerify: true
#
# 3) LDAPS with certificate validation:
#host: YOUR-HOSTNAME:636
#insecureNoSSL: false
#insecureSkipVerify: false
#rootCAData: 'CERT'
# ...where CERT="$( base64 -w 0 your-cert.crt )"
# This would normally be a read-only user. # This would normally be a read-only user.
bindDN: cn=admin,dc=example,dc=org bindDN: cn=admin,dc=example,dc=org

View file

@ -1,11 +1,24 @@
version: "3" version: "3"
# For LDAPS with certificate validation:
# How to extract the TLS certificate from the OpenLDAP container, and encode it for the Dex config (`rootCAData`):
# $ docker-compose exec ldap cat /container/run/service/slapd/assets/certs/ca.crt | base64 -w 0
# But note this issue: https://github.com/osixia/docker-openldap/issues/506
services: services:
ldap: ldap:
image: osixia/openldap:1.4.0 image: osixia/openldap:1.4.0
# Copying is required because the entrypoint modifies the *.ldif files. # Copying is required because the entrypoint modifies the *.ldif files.
# For verbose output, use: command: ["--copy-service", "--loglevel", "debug"] # For verbose output, use: command: ["--copy-service", "--loglevel", "debug"]
command: ["--copy-service"] command: ["--copy-service"]
environment:
# Required if using LDAPS:
# Since Dex doesn't use a client TLS certificate, downgrade from "demand" to "try".
LDAP_TLS_VERIFY_CLIENT: try
# The hostname is required if using LDAPS with certificate validation.
# In Dex, use the same hostname (with port) for `connectors[].config.host`.
#hostname: YOUR-HOSTNAME
#
# https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif # https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif
# Option 1: Add custom seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/custom/ # Option 1: Add custom seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/custom/
# Option 2: Overwrite default seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/ # Option 2: Overwrite default seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/