LDAP Docker Image With Populated Users

Let Us Start Using LDAP Docker Images That Includes Predefined Object Resources

Al-Waleed Shihadeh
Jan 19 Β· 4 min read
Photo by Shahadat Rahman on Unsplash

For the last several months I worked with several services and applications that are authenticating users using LDAP. and I needed to deploy the LDAP server a couple of times to my local machine and populate the users each time 😒.

Populating LDAP data and users is a time-consuming process and this also depends on the amount of the data that need to be populated. But even with a very simple data, doing the same thing more than once manually motivate me to automate that process to optimize and reduce the efforts needed for the job πŸ˜†.

Therefore, I started looking for a way that can help me deploy LDAP servers with populated data. After some digging, I found that the LDAP docker image osixia/openldap support bootstrapping the LDAP server with existing LDAP data. Below are the steps to implement the LDAP bootstrapping using the docker image osixia/openldap.

  • Prepare a bootstrap file: Create a bootstrap file ldif that contains all the needed data that need to be imported to the LDAP server once it is started.
  • Add the bootstrap file under the following path inside the custom docker image /container/service/sldap/assets/cofig/bootstrap/ldif/.
  • Build the docker image.
  • Deploy LDAP server using the custom docker image.

Content of the bootstrap file

The content of the bootstrap file can include any valid LDAP objects, for instance, inetOrgPerson, organizationalUnit, groupOfUniqueNames or groupOfNames. For the sake of simplicity, I will illustrate how we can define LDAP users and groups using ldif

Since we are going to have Users and Groups objects in the LDAP server, it makes sense to organize these objects in different categories or unis. LDAP provides an object type called organizationalUnit for this purpose, The below snippet will create two organizational units in the LDAP server one for the users and the other is for the groups (In case you need more units you can duplicate the code below and modify the dn and ou fields to meet your needs). It is also important and required to have changetype: add as the second attribute for each of the entries. otherwise, the bootstrap process will fail and the LDAP server will be down (This applies for all the entries in the bootstrap file).

The next step is to start defining the LDAP users, the below snippet can be used to define LDAP users, you can duplicate it and modify the attribute values to create multiple users. Users objectclass should stay the same ( inetOrgPerson) for all created users, other fields can be changed based on your needs.

The next step is to define the LDAP groups and assign users to these groups, for defining the groups we can use either the LDAP object class groupsofUniqueNames or the object class groupsofNames. The below snippet defines two LDAP groups and assigns different LDAP users for each of the groups.

Another way for generating the bootstrap file is to create the LDAP objects form the LDAP user interface and then export the LDAP data. Once the bootstrap file is ready we need to save it in a β€œldif” file with a name like bootstrap.ldif. The complete file may look like the below file.

The next step is to create the Dockerfile for building the custom docker image. The most important action is to copy the bootstrap file to the correct path. The below docker file can be used to build the LDAP custom docker image that includes the bootstrap file which will be used during the LDAP server startup time.

The last step is to deploy the LDAP server and test if the users are created, we can achieve this simply by deploying the below docker-compose file using the command docker-compose up -d.

After deploying the services, the LDAP server will be available on the following URL: http://127.0.0.1:389. In addition, you will be able to browse the LDAP server, view its resources and create new ones by connecting to the following URL http://127.0.0.1:8090.

Conclusion

Deploying the LDAP server with populated data is a good idea to save time especially for development and testing environments. This is possible by adding a bootstrap file with the needed data to the LDAP docker image. Here you can find the full implementation proposed by this post.

Follow us on Twitter 🐦 and Facebook πŸ‘₯ and Instagram πŸ“· and join our Facebook and Linkedin Groups πŸ’¬.

To join our community Slack team chat πŸ—£οΈ read our weekly Faun topics πŸ—žοΈ, and connect with the community πŸ“£ click here⬇

If this post was helpful, please click the clap πŸ‘ button below a few times to show your support for the author! ⬇

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Al-Waleed Shihadeh

Written by

Team Lead & Product Owner

Faun

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium β€” and support writers while you’re at it. Just $5/month. Upgrade