Skip to content

Commit 219ed8f

Browse files
BertrandGounyBertrandGouny
committed
replication
1 parent b594287 commit 219ed8f

File tree

1 file changed

+56
-3
lines changed

1 file changed

+56
-3
lines changed

README.md

Lines changed: 56 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ A docker image to run OpenLDAP.
66
Fork of Nick Stenning docker-slapd :
77
https://github.com/nickstenning/docker-slapd
88

9-
Add support of tls. Use docker 1.5.0
9+
Add support of TLS and multi master replication.
1010

1111
## Quick start
1212
Run OpenLDAP docker image :
@@ -87,7 +87,7 @@ You can also use data volume containers. Please refer to :
8787
### Using TLS
8888

8989
#### Use autogenerated certificate
90-
By default TLS is enable, a certificate is created with the container hostname eg: ldap.example.org.
90+
By default TLS is enable, a certificate is created with the container hostname (set by -h option eg: ldap.example.org).
9191

9292
docker run -h ldap.example.org -e SERVER_NAME=ldap.my-compagny.com -d osixia/openldap
9393

@@ -108,6 +108,53 @@ Add -e USE_TLS=false to the run command :
108108

109109
docker run -h ldap.example.org -e USE_TLS=false -d osixia/openldap
110110

111+
### Multi master replication
112+
Quick example, with the default config.
113+
114+
Create the first ldap server, save the container id in LDAP_CID and get its IP:
115+
116+
LDAP_CID=$(docker run -h ldap.example.org -e USE_REPLICATION=true -d osixia/openldap)
117+
LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
118+
119+
Create the second ldap server, save the container id in LDAP2_CID and get its IP:
120+
121+
LDAP2_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -d osixia/openldap)
122+
LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
123+
124+
Add the pair "ip hostname" to /etc/hosts on each containers,
125+
beacause ldap.example.org and ldap2.example.org are fake hostnames
126+
127+
docker exec $LDAP_CID /osixia/test/add-host.sh $LDAP2_IP ldap2.example.org
128+
docker exec $LDAP2_CID /osixia/test/add-host.sh $LDAP_IP ldap.example.org
129+
130+
We reload slapd to let him take into consideration /etc/hosts changes
131+
132+
docker exec $LDAP_CID pkill slapd
133+
docker exec $LDAP2_CID pkill slapd
134+
135+
That's it ! But a litle test to be sure :
136+
137+
Add a new user "billy" on the first ldap server
138+
139+
docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/test/new-user.ldif -h ldap.example.org -ZZ
140+
141+
Search on the second ldap server, and billy should show up !
142+
143+
docker exec $LDAP2_CID ldapsearch -x -h ldap2.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin -ZZ
144+
145+
[...]
146+
147+
# billy, example.org
148+
dn: uid=billy,dc=example,dc=org
149+
uid: billy
150+
cn: billy
151+
sn: 3
152+
objectClass: top
153+
objectClass: posixAccount
154+
objectClass: inetOrgPerson
155+
[...]
156+
157+
111158
## Administrate your ldap server
112159
If you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image :
113160
> [osixia/phpldapadmin](https://github.com/osixia/docker-phpLDAPadmin)
@@ -119,7 +166,7 @@ Environement variables defaults are set in **image/env.yml**. You can modify env
119166
General container configuration :
120167
- **LDAP_LOG_LEVEL**: Slap log level. defaults to `-1`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
121168

122-
Required for new ldap server :
169+
Required and used for new ldap server only :
123170
- **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.`
124171
- **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org`
125172
- **LDAP_ADMIN_PASSWORD** Admin password. Defaults to `admin`
@@ -130,6 +177,12 @@ TLS options :
130177
- **SSL_KEY_FILENAME**: Ldap ssl certificate private key filename. Defaults to `ldap.key`
131178
- **SSL_CA_CRT_FILENAME**: Ldap ssl CA certificate filename. Defaults to `ca.crt`
132179

180+
Replication options :
181+
- **USE_REPLICATION**: Add openldap replication capabilities. Defaults to `false`
182+
- **REPLICATION_CONFIG_SYNCPROV**: olcSyncRepl options used for the config database. Without **rid** and **provider** which are automaticaly added based on REPLICATION_HOSTS. Defaults to `binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 starttls=critical`
183+
- **REPLICATION_HDB_SYNCPROV**: olcSyncRepl options used for the HDB database. Without **rid** and **provider** which are automaticaly added based on REPLICATION_HOSTS. Defaults to `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1 starttls=critical`
184+
- **REPLICATION_HOSTS**: list of replication hosts, must contains the current container hostname set by -h on docker run command. Defaults to `['ldap://ldap.example.org', 'ldap://ldap2.example.org']`
185+
133186
### Set environment variables at run time :
134187

135188
Environment variable can be set directly by adding the -e argument in the command line, for example :

0 commit comments

Comments
 (0)