78 lines
2.7 KiB
YAML
78 lines
2.7 KiB
YAML
services:
|
|
openldap:
|
|
image: osixia/openldap:1.5.0
|
|
container_name: openldap
|
|
restart: unless-stopped
|
|
command: --loglevel debug --copy-service
|
|
environment:
|
|
LDAP_LOG_LEVEL: "256"
|
|
LDAP_ORGANISATION: "Alice"
|
|
LDAP_DOMAIN: "alice.ufsj"
|
|
LDAP_BASE_DN: "dc=alice,dc=ufsj"
|
|
LDAP_ADMIN_PASSWORD_FILE: "/run/secrets/ldap-admin"
|
|
LDAP_CONFIG_PASSWORD_FILE: "/run/secrets/ldap-config"
|
|
LDAP_READONLY_USER: "true"
|
|
LDAP_READONLY_USER_USERNAME: "alice"
|
|
LDAP_READONLY_USER_PASSWORD_FILE: "/run/secrets/ldap-readonly"
|
|
LDAP_RFC2307BIS_SCHEMA: "true"
|
|
LDAP_BACKEND: "mdb"
|
|
LDAP_TLS: "false"
|
|
|
|
# LDAP_TLS_CRT_FILENAME: "fullchain1.pem"
|
|
# LDAP_TLS_KEY_FILENAME: "privkey1.pem"
|
|
# LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
|
|
# LDAP_TLS_CA_CRT_FILENAME: "ca/ca-certificates.crt"
|
|
# LDAP_TLS_ENFORCE: "false"
|
|
# LDAP_TLS_VERIFY_CLIENT: "demand"
|
|
# LDAP_REPLICATION: "false"
|
|
#LDAP_REPLICATION_CONFIG_SYNCPROV: 'binddn="cn=admin,cn=config" bindmethod=simple credentials="$$LDAP_CONFIG_PASSWORD" searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical'
|
|
#LDAP_REPLICATION_DB_SYNCPROV: 'binddn="cn=admin,$$LDAP_BASE_DN" bindmethod=simple credentials="$$LDAP_ADMIN_PASSWORD" searchbase="$$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical'
|
|
#LDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
|
|
KEEP_EXISTING_CONFIG: "false"
|
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
|
LDAP_SSL_HELPER_PREFIX: "ldap"
|
|
tty: true
|
|
stdin_open: true
|
|
secrets:
|
|
- ldap-admin
|
|
- ldap-config
|
|
- ldap-readonly
|
|
volumes:
|
|
- data:/var/lib/ldap
|
|
- config:/etc/ldap/slapd.d
|
|
- ./templates:/templates
|
|
- ./custom:/container/service/slapd/assets/config/bootstrap/ldif/custom
|
|
networks:
|
|
- traefik-public
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.tcp.routers.ldaps.entrypoints: ldaps
|
|
traefik.tcp.routers.ldaps.tls: true
|
|
traefik.tcp.routers.ldaps.rule: HostSNI(`*`)
|
|
traefik.tcp.services.ldaps.loadbalancer.server.port: 389
|
|
|
|
# ports:
|
|
# - "389:389"
|
|
# - "636:636"
|
|
|
|
# For replication to work correctly, domainname and hostname must be
|
|
# set correctly so that "hostname"."domainname" equates to the
|
|
# fully-qualified domain name for the host.
|
|
# domainname: "example.org"
|
|
# hostname: "ldap-server"
|
|
volumes:
|
|
data:
|
|
config:
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|
|
|
|
secrets:
|
|
ldap-admin:
|
|
file: ./secrets/ldap-admin
|
|
ldap-config:
|
|
file: ./secrets/ldap-config
|
|
ldap-readonly:
|
|
file: ./secrets/ldap-readonly
|