Home Explore Help
Register Sign In
Apq
/
docker-openldap
mirror of https://github.com/osixia/docker-openldap.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

replication

ofreax 10 years ago
parent
b594287d50
commit
219ed8fcf7
1 changed files with 56 additions and 3 deletions
Split View Show Diff Stats
  1. 56 3
      README.md

+ 56 - 3
README.md
View File 

@@ -6,7 +6,7 @@ A docker image to run OpenLDAP.
 
 Fork of Nick Stenning docker-slapd :
 
 https://github.com/nickstenning/docker-slapd
 
 
-Add support of tls. Use docker 1.5.0
 
+Add support of TLS and multi master replication.
 
 
 ## Quick start
 
 Run OpenLDAP docker image :
 
@@ -87,7 +87,7 @@ You can also use data volume containers. Please refer to :
 
 ### Using TLS
 
 
 #### Use autogenerated certificate
 
-By default TLS is enable, a certificate is created with the container hostname eg: ldap.example.org.
 
+By default TLS is enable, a certificate is created with the container hostname (set by -h option eg: ldap.example.org).
 
 
 	docker run -h ldap.example.org -e SERVER_NAME=ldap.my-compagny.com -d osixia/openldap
 
 
@@ -108,6 +108,53 @@ Add -e USE_TLS=false to the run command :
 
 
 	docker run -h ldap.example.org  -e USE_TLS=false -d osixia/openldap
 
 
+### Multi master replication
 
+Quick example, with the default config.
 
+
 
+Create the first ldap server, save the container id in LDAP_CID and get its IP:
 
+
 
+	LDAP_CID=$(docker run -h ldap.example.org -e USE_REPLICATION=true -d osixia/openldap)
 
+	LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
+
 
+Create the second ldap server, save the container id in LDAP2_CID and get its IP:
 
+
 
+	LDAP2_CID=$(docker run -h ldap2.example.org -e USE_REPLICATION=true -d osixia/openldap)
 
+	LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
 
+
 
+Add the pair "ip hostname" to /etc/hosts on each containers,
 
+beacause ldap.example.org and ldap2.example.org are fake hostnames
 
+
 
+	docker exec $LDAP_CID /osixia/test/add-host.sh $LDAP2_IP ldap2.example.org
 
+	docker exec $LDAP2_CID /osixia/test/add-host.sh $LDAP_IP ldap.example.org
 
+
 
+We reload slapd to let him take into consideration /etc/hosts changes
 
+
 
+	docker exec $LDAP_CID pkill slapd
 
+	docker exec $LDAP2_CID pkill slapd
 
+
 
+That's it ! But a litle test to be sure :
 
+
 
+Add a new user "billy" on the first ldap server
 
+
 
+	docker exec $LDAP_CID ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /osixia/test/new-user.ldif -h ldap.example.org -ZZ
 
+
 
+Search on the second ldap server, and billy should show up !
 
+
 
+	docker exec $LDAP2_CID ldapsearch -x -h ldap2.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin -ZZ
 
+
 
+	[...]
 
+
 
+	# billy, example.org
 
+	dn: uid=billy,dc=example,dc=org
 
+	uid: billy
 
+	cn: billy
 
+	sn: 3
 
+	objectClass: top
 
+	objectClass: posixAccount
 
+	objectClass: inetOrgPerson
 
+	[...]
 
+
 
+
 
 ## Administrate your ldap server
 
 If you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image :
 
 > [osixia/phpldapadmin](https://github.com/osixia/docker-phpLDAPadmin)
 
@@ -119,7 +166,7 @@ Environement variables defaults are set in **image/env.yml**. You can modify env
 
 General container configuration :
 
 - **LDAP_LOG_LEVEL**: Slap log level. defaults to  `-1`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
 
 
-Required for new ldap server :
 
+Required and used for new ldap server only :
 
 - **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.`
 
 - **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org`
 
 - **LDAP_ADMIN_PASSWORD** Admin password. Defaults to `admin`
 
@@ -130,6 +177,12 @@ TLS options :
 
 - **SSL_KEY_FILENAME**: Ldap ssl certificate private key filename. Defaults to `ldap.key`
 
 - **SSL_CA_CRT_FILENAME**: Ldap ssl CA certificate  filename. Defaults to `ca.crt`
 
 
+Replication options :
 
+- **USE_REPLICATION**: Add openldap replication capabilities. Defaults to `false`
 
+- **REPLICATION_CONFIG_SYNCPROV**: olcSyncRepl options used for the config database. Without **rid** and **provider** which are automaticaly added based on REPLICATION_HOSTS.  Defaults to `binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 starttls=critical`
 
+- **REPLICATION_HDB_SYNCPROV**: olcSyncRepl options used for the HDB database. Without **rid** and **provider** which are automaticaly added based on REPLICATION_HOSTS.  Defaults to `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1  starttls=critical`
 
+- **REPLICATION_HOSTS**: list of replication hosts, must contains the current container hostname set by -h on docker run command. Defaults to `['ldap://ldap.example.org', 'ldap://ldap2.example.org']`
 
+
 
 ### Set environment variables at run time :
 
 
 Environment variable can be set directly by adding the -e argument in the command line, for example :