LDAP Docker Image With Populated Users
Let Us Start Using LDAP Docker Images That Includes Predefined Object Resources
For the last several months I worked with several services and applications that are authenticating users using LDAP. and I needed to deploy the LDAP server a couple of times to my local machine and populate the users each time 😢.
LDAP data and users is a time-consuming process and this also depends on the amount of the data that need to be populated. But even with a very simple data, doing the same thing more than once manually motivate me to automate that process to optimize and reduce the efforts needed for the job 😆.
Therefore, I started looking for a way that can help me deploy LDAP servers with populated data. After some digging, I found that the LDAP docker image
osixia/openldap support bootstrapping the LDAP server with existing LDAP data. Below are the steps to implement the
LDAP bootstrapping using the docker image
- Prepare a bootstrap file: Create a bootstrap file
ldifthat contains all the needed data that need to be imported to the LDAP server once it is started.
- Add the bootstrap file under the following path inside the custom docker image
- Build the docker image.
LDAPserver using the custom docker image.
Content of the bootstrap file
The content of the bootstrap file can include any valid LDAP objects, for instance, inetOrgPerson, organizationalUnit, groupOfUniqueNames or groupOfNames. For the sake of simplicity, I will illustrate how we can define LDAP users and groups using
Since we are going to have
Groups objects in the LDAP server, it makes sense to organize these objects in different categories or unis. LDAP provides an object type called
organizationalUnit for this purpose, The below snippet will create two organizational units in the LDAP server one for the users and the other is for the groups (In case you need more units you can duplicate the code below and modify the
ou fields to meet your needs). It is also important and required to have
changetype: add as the second attribute for each of the entries. otherwise, the bootstrap process will fail and the
LDAP server will be down (This applies for all the entries in the bootstrap file).
ou: Groupsdn: ou=Groups,dc=shihadeh,dc=intern
The next step is to start defining the
LDAP users, the below snippet can be used to define LDAP users, you can duplicate it and modify the attribute values to create multiple users. Users
objectclass should stay the same (
inetOrgPerson) for all created users, other fields can be changed based on your needs.
displayname: Developer User
The next step is to define the LDAP groups and assign users to these groups, for defining the groups we can use either the LDAP object class
groupsofUniqueNames or the object class
groupsofNames. The below snippet defines two LDAP groups and assigns different LDAP users for each of the groups.
uniqueMember: cn=admin,dc=shihadeh,dc=interndn: cn=Maintaners,ou=Groups,dc=shihadeh,dc=intern
Another way for generating the bootstrap file is to create the
LDAP objects form the LDAP user interface and then export the LDAP data. Once the bootstrap file is ready we need to save it in a “ldif” file with a name like
bootstrap.ldif. The complete file may look like the below file.
The next step is to create the
Dockerfile for building the custom docker image. The most important action is to copy the bootstrap file to the correct path. The below docker file can be used to build the LDAP custom docker image that includes the bootstrap file which will be used during the
LDAP server startup time.
FROM osixia/openldapLABEL maintainer="firstname.lastname@example.org"ENV LDAP_ORGANISATION="Al-waleed Test Org" \ LDAP_DOMAIN="shihadeh.intern"COPY bootstrap.ldif /container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif
The last step is to deploy the LDAP server and test if the users are created, we can achieve this simply by deploying the below docker-compose file using the command
docker-compose up -d.
After deploying the services, the LDAP server will be available on the following URL:
http://127.0.0.1:389. In addition, you will be able to browse the LDAP server, view its resources and create new ones by connecting to the following URL
Deploying the LDAP server with populated data is a good idea to save time especially for development and testing environments. This is possible by adding a bootstrap file with the needed data to the
LDAP docker image. Here you can find the full implementation proposed by this post.
To join our community Slack team chat 🗣️ read our weekly Faun topics 🗞️, and connect with the community 📣 click here⬇