Build an OpenLDAP Docker Image That’s Populated With Users

Docker images with predefined object resources

Al-Waleed Shihadeh
Jan 19, 2020 · 4 min read
Image for post
Image for post
Photo by Shahadat Rahman on Unsplash

For the last several months I’ve been working with several services and applications that authenticate users with an LDAP server. This meant deploying the LDAP server a couple of times to my local machine and populating the users every single time. I needed to deploy the LDAP server to log in and use my services in my development environment.

LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications.

https://ldap.com/

There are a couple of commonly-used implementations for the LDAP protocol, including ApacheDS, OpenLDAP, OpenDJ and Active Directory.

Populating LDAP data and users is a time-consuming process. It also depends on the amount of data that needs to be populated. But even with very simple data, having to do the same thing more than once manually motivated me to automate that process — reduce the effort needed to complete the job.

I started looking for a way to help me deploy LDAP servers with populated data. After some digging, I discovered that the LDAP Docker image osixia/openldap supports bootstrapping the LDAP server with the existing LDAP data. Below are the steps to implement the LDAP bootstrapping using the docker image osixia/openldap:

  • Prepare a bootstrap file. Create a bootstrap file ldif that contains all the needed data that need to be imported to the LDAP server once it’s started.
  • Add the bootstrap file under the following path inside the custom Docker image /container/service/sldap/assets/cofig/bootstrap/ldif/.
  • Build the Docker image.
  • Deploy LDAP server using the custom Docker image.

Content of the Bootstrap File

The content of the bootstrap file can include any valid LDAP objects, for instance, inetOrgPerson, organizationalUnit, groupOfUniqueNames, and groupOfNames. For the sake of simplicity, I will use ldif to illustrate how we can define LDAP users and groups.

Since we’re going to have Users and Groups objects in the LDAP server, it makes sense to organize these objects in different categories or units. LDAP provides an object type called organizationalUnit for this purpose.

The below snippet will create two organizational units in the LDAP server — one for the users and one for the groups (if you need more units you can duplicate the code below and modify the dn and ou fields to meet your needs).

It’s also important and required to have changetype: add as the second attribute for each of the entries, otherwise, the bootstrap process will fail and the LDAP server will be down (this applies for all the entries in the bootstrap file).

dn: ou=Groups,dc=shihadeh,dc=intern
changetype: add
objectclass: organizationalUnit
ou: Groups
dn: ou=Users,dc=shihadeh,dc=intern
changetype: add
objectclass: organizationalUnit
ou: Users

The next step is to start defining the LDAP users. The snippet below can be used to define LDAP users — duplicate it and modify the attribute values to create multiple users. Users objectclass should stay the same (inetOrgPerson) for all created users, other fields can be changed according to your needs.

dn: cn=developer,dc=shihadeh,dc=intern
changetype: add
objectclass: inetOrgPerson
cn: developer
givenname: developer
sn: Developer
displayname: Developer User
mail: developer@gmail.com
userpassword: developer_pass

The next step is to define the LDAP groups and assign users to these groups. To define the groups we can use either the LDAP object class groupsofUniqueNames or the object class groupsofNames. The snippet below defines two LDAP groups and assigns different LDAP users for each of the groups.

dn: cn=Admins,ou=Groups,dc=shihadeh,dc=intern
changetype: add
cn: Admins
objectclass: groupOfUniqueNames
uniqueMember: cn=admin,dc=shihadeh,dc=intern
dn: cn=Maintaners,ou=Groups,dc=shihadeh,dc=intern
changetype: add
cn: Maintaners
objectclass: groupOfUniqueNames
uniqueMember: cn=maintainer,dc=shihadeh,dc=intern
uniqueMember: cn=developer,dc=shihadeh,dc=intern

Another way for generating the bootstrap file is to create the LDAP objects form the LDAP user interface and then export the LDAP data. Once the bootstrap file is ready we need to save it in a ldif file with a name like bootstrap.ldif. The complete file may look like this:

The next step is to create the Dockerfile for building the custom Docker image. The most important action is to copy the bootstrap file to the correct path. The Docker file below can be used to build the LDAP custom docker image, including the bootstrap file which will be used during the LDAP server startup time.

FROM osixia/openldapLABEL maintainer="wshihadeh.devx@gmail.com"ENV LDAP_ORGANISATION="Al-waleed Test Org" \     LDAP_DOMAIN="shihadeh.intern"COPY bootstrap.ldif /container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif

The last step is to deploy the LDAP server and test if the users have been created. We can achieve this simply by deploying the below docker-compose file using the command docker-compose up -d.

After deploying the services, the LDAP server will be available on the following URL: http://127.0.0.1:389.

In addition, you will be able to browse the LDAP server, view its resources and create new ones by connecting to the following URL http://127.0.0.1:8090.

Conclusion

Deploying the LDAP server with populated data is a good idea to save time, especially for development and testing environments. This is possible by adding a bootstrap file with the needed data to the LDAP docker image. Here you can find the full implementation.

Better Programming

Advice for programmers.

Sign up for The Best of Better Programming

By Better Programming

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Al-Waleed Shihadeh

Written by

Team Lead & Product Owner

Better Programming

Advice for programmers.

Al-Waleed Shihadeh

Written by

Team Lead & Product Owner

Better Programming

Advice for programmers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store