Build an OpenLDAP Docker Image That’s Populated With Users
For the last several months I’ve been working with several services and applications that authenticate users with an LDAP server. This meant deploying the LDAP server a couple of times to my local machine and populating the users every single time. I needed to deploy the LDAP server to log in and use my services in my development environment.
LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications.
There are a couple of commonly-used implementations for the LDAP protocol, including ApacheDS, OpenLDAP, OpenDJ and Active Directory.
LDAP data and users is a time-consuming process. It also depends on the amount of data that needs to be populated. But even with very simple data, having to do the same thing more than once manually motivated me to automate that process — reduce the effort needed to complete the job.
I started looking for a way to help me deploy LDAP servers with populated data. After some digging, I discovered that the LDAP Docker image
osixia/openldap supports bootstrapping the LDAP server with the existing LDAP data. Below are the steps to implement the
LDAP bootstrapping using the docker image
- Prepare a bootstrap file. Create a bootstrap file
ldifthat contains all the needed data that need to be imported to the LDAP server once it’s started.
- Add the bootstrap file under the following path inside the custom Docker image
- Build the Docker image.
LDAPserver using the custom Docker image.
Content of the Bootstrap File
The content of the bootstrap file can include any valid LDAP objects, for instance,
groupOfNames. For the sake of simplicity, I will use
ldif to illustrate how we can define LDAP users and groups.
Since we’re going to have
Groups objects in the LDAP server, it makes sense to organize these objects in different categories or units. LDAP provides an object type called
organizationalUnit for this purpose.
The below snippet will create two organizational units in the LDAP server — one for the users and one for the groups (if you need more units you can duplicate the code below and modify the
ou fields to meet your needs).
It’s also important and required to have
changetype: add as the second attribute for each of the entries, otherwise, the bootstrap process will fail and the
LDAP server will be down (this applies for all the entries in the bootstrap file).
ou: Groupsdn: ou=Users,dc=shihadeh,dc=intern
The next step is to start defining the
LDAP users. The snippet below can be used to define LDAP users — duplicate it and modify the attribute values to create multiple users. Users
objectclass should stay the same (
inetOrgPerson) for all created users, other fields can be changed according to your needs.
displayname: Developer User
The next step is to define the LDAP groups and assign users to these groups. To define the groups we can use either the LDAP object class
groupsofUniqueNames or the object class
groupsofNames. The snippet below defines two LDAP groups and assigns different LDAP users for each of the groups.
uniqueMember: cn=admin,dc=shihadeh,dc=interndn: cn=Maintaners,ou=Groups,dc=shihadeh,dc=intern
Another way for generating the bootstrap file is to create the
LDAP objects form the LDAP user interface and then export the LDAP data. Once the bootstrap file is ready we need to save it in a
ldif file with a name like
bootstrap.ldif. The complete file may look like this:
The next step is to create the
Dockerfile for building the custom Docker image. The most important action is to copy the bootstrap file to the correct path. The Docker file below can be used to build the LDAP custom docker image, including the bootstrap file which will be used during the
LDAP server startup time.
FROM osixia/openldapLABEL maintainer="email@example.com"ENV LDAP_ORGANISATION="Al-waleed Test Org" \ LDAP_DOMAIN="shihadeh.intern"COPY bootstrap.ldif /container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif
The last step is to deploy the LDAP server and test if the users have been created. We can achieve this simply by deploying the below
docker-compose file using the command
docker-compose up -d.
After deploying the services, the LDAP server will be available on the following URL:
In addition, you will be able to browse the LDAP server, view its resources and create new ones by connecting to the following URL
Deploying the LDAP server with populated data is a good idea to save time, especially for development and testing environments. This is possible by adding a bootstrap file with the needed data to the
LDAP docker image. Here you can find the full implementation.