fixes #52 add docker-compose.yml example and update kubernetes examples

example/docker-compose.yml

@@ -0,0 +1,50 @@
+version: '2'
+services:
+  openldap:
+    image: osixia/openldap:1.1.3
+    container_name: openldap
+    environment:
+      LDAP_LOG_LEVEL: "256"
+      LDAP_ORGANISATION: "Example Inc."
+      LDAP_DOMAIN: "example.org"
+      LDAP_BASE_DN: ""
+      LDAP_ADMIN_PASSWORD: "admin"
+      LDAP_CONFIG_PASSWORD: "config"
+      LDAP_READONLY_USER: "false"
+      #LDAP_READONLY_USER_USERNAME: "readonly"
+      #LDAP_READONLY_USER_PASSWORD: "readonly"
+      LDAP_BACKEND: "hdb"
+      LDAP_TLS: "true"
+      LDAP_TLS_CRT_FILENAME: "ldap.crt"
+      LDAP_TLS_KEY_FILENAME: "ldap.key"
+      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
+      LDAP_TLS_ENFORCE: "false"
+      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
+      LDAP_TLS_PROTOCOL_MIN: "3.1"
+      LDAP_TLS_VERIFY_CLIENT: "demand"
+      LDAP_REPLICATION: "false"
+      #LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
+      #LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
+      #LDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
+      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+      LDAP_CFSSL_PREFIX: "ldap"
+    tty: true
+    stdin_open: true
+    volumes:
+      - /var/lib/ldap
+      - /etc/ldap/slapd.d
+      - /container/service/slapd/assets/certs/
+    ports:
+      - "389:389"
+      - "639:639"
+    hostname: "example.org"
+  phpldapadmin:
+    image: osixia/phpldapadmin:latest
+    container_name: phpldapadmin
+    environment:
+      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
+      PHPLDAPADMIN_HTTPS: "false"
+    ports:
+      - "8080:80"
+    depends_on:
+      - openldap

example/kubernetes/simple/ldap-rc.yaml

@@ -43,6 +43,8 @@ spec:
               value: "readonly"
             - name: LDAP_READONLY_USER_PASSWORD
               value: "readonly"
+            - name: LDAP_BACKEND
+              value: "hdb"
             - name: LDAP_TLS
               value: "true"
             - name: LDAP_TLS_CRT_FILENAME
@@ -69,6 +71,8 @@ spec:
               value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
             - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
               value: "true"
+            - name: LDAP_CFSSL_PREFIX
+              value: "ldap"
         - name: ldap-backup
           image: osixia/openldap-backup:0.1.8
           volumeMounts:

example/kubernetes/using-secrets/environment/my-env.yaml

@@ -7,4 +7,4 @@
 
 # General container configuration
 # see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
-LDAP_LOG_LEVEL: 0
+LDAP_LOG_LEVEL: 256

example/kubernetes/using-secrets/environment/my-env.yaml.startup

@@ -9,23 +9,28 @@
 # Required and used for new ldap server only
 LDAP_ORGANISATION: Example Inc.
 LDAP_DOMAIN: example.org
-LDAP_ADMIN_PASSWORD: Adm1n!
-LDAP_CONFIG_PASSWORD: c0nfig
+LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
 
-LDAP_READONLY_USER: true
+LDAP_ADMIN_PASSWORD: admin
+LDAP_CONFIG_PASSWORD: config
+
+LDAP_READONLY_USER: false
 LDAP_READONLY_USER_USERNAME: readonly
-LDAP_READONLY_USER_PASSWORD: passwr0rd!
+LDAP_READONLY_USER_PASSWORD: readonly
+
+# Backend
+LDAP_BACKEND: hdb
 
 # Tls
 LDAP_TLS: true
-LDAP_TLS_CRT_FILENAME: cert.crt
-LDAP_TLS_KEY_FILENAME: cert.key
+LDAP_TLS_CRT_FILENAME: ldap.crt
+LDAP_TLS_KEY_FILENAME: ldap.key
 LDAP_TLS_CA_CRT_FILENAME: ca.crt
 
 LDAP_TLS_ENFORCE: false
 LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
 LDAP_TLS_PROTOCOL_MIN: 3.1
-LDAP_TLS_VERIFY_CLIENT: never
+LDAP_TLS_VERIFY_CLIENT: demand
 
 # Replication
 LDAP_REPLICATION: false
@@ -43,4 +48,7 @@ LDAP_REPLICATION_HOSTS:
 
 
 # Remove config after setup
-LDAP_REMOVE_CONFIG_AFTER_SETUP: false
+LDAP_REMOVE_CONFIG_AFTER_SETUP: true
+
+# cfssl environment variables prefix
+LDAP_CFSSL_PREFIX: ldap # cfssl-helper first search config from LDAP_CFSSL_* variables, before CFSSL_* variables.