ome / apacheds-docker Goto Github PK

View Code? Open in Web Editor NEW

This project forked from flecharoja/apacheds

42.0 8.0 60.0 76 KB

Dockerfile to build an ApacheDS container providing an LDAP and optionally a Kerberos service.

Home Page: https://hub.docker.com/r/openmicroscopy/apacheds/

Shell 21.46% Python 65.58% Dockerfile 12.96%

ome docker ldap testing

apacheds-docker's Introduction

ApacheDS

This Docker image provides an ApacheDS LDAP server. Optionally it could be used to provide a Kerberos server as well.

The project sources can be found on GitHub. The Docker image on Docker Hub.

Build

git clone https://github.com/openmicroscopy/apacheds-docker.git
docker build -t openmicroscopy/apacheds:2.0.0.AM26 apacheds-docker

Installation

The folder /var/lib/apacheds contains the runtime data and thus has been defined as a volume. The image uses exactly the file system structure defined by the ApacheDS documentation.

The container can be started issuing the following command:

docker run --name ldap -d -p 389:10389 openmicroscopy/apacheds

Usage

You can manage the ldap server with the admin user uid=admin,ou=system and the default password secret. The default instance comes with a pre-configured partition dc=openmicroscopy,dc=org.

An individual admin password should be set following this manual.

Then you can import entries into that partition via your own ldif file:

ldapadd -v -h <your-docker-ip>:389 -c -x -D uid=admin,ou=system -w <your-admin-password> -f sample.ldif

Customization

Custom Root DC

This image uses openmicroscopy.org as the root DC. To customize Apache with a different root DC, you will need to extend and rebuild your image.

First find and replace a number of strings within ome.ldif, instance/config.ldif and instance/ads-contextentry.decoded. Specifically find and replace dc=org, dc: org, openmicroscopy.org and openmicroscopy e.g for a custom root DC of example.com:

$ sed -i 's/openmicroscopy/example/g' ome.ldif ./instance/config.ldif ./instance/ads-contextentry.decoded
$ sed -i 's/dc=org/dc=com/g' ome.ldif ./instance/config.ldif ./instance/ads-contextentry.decoded
$ sed -i 's/dc: org/dc: com/g' ome.ldif ./instance/config.ldif ./instance/ads-contextentry.decoded

Then build, install and use as you normally would.

Custom Apache DS instances

It is also possible to start up your own defined Apache DS instance with your own configuration for partitions and services - see the ApacheDS documentation for more details. You need to mount your config.ldif replacing the default and set the APACHEDS_INSTANCE environment variable properly.

In the provided sample configuration, the instance is named default. Assuming your custom instance is called yourinstance the following command will do the trick:

docker run --name ldap -d -p 389:10389 -e APACHEDS_INSTANCE=yourinstance -v /path/to/your/config.ldif:/bootstrap/conf/config.ldif:ro openmicroscopy/apacheds

It would be possible to use this ApacheDS image to provide a Kerberos server as well. Just provide your own config.ldif file for that. Don't forget to expose the right port, then.

Also other services are possible. For further information read the configuration documentation.

apacheds-docker's People

Contributors

Stargazers

Watchers

Forkers

sbesson joshmoore conxgit derekjwilliams rwunsch atryputsen goodideal pwalczysko crowdcode-de curso007 akram aehrc udomph ahmadabutaha wangbonny examan007 clonm smalltimecharlie bxtp4p gvo3d kelepirci netsec klarrio greencandle969 poudelmuskan ormi-cloud acampos9 beauli saschaherr powdereasytechs lucazamm ekline-expnet narendrapsgim tomhollingworth leo-orellana vijay-kattula andrengine jhyate longjinbing githilman jburel bmaggard amarzook1 ligzy alexohneander marcelomrwin tamer-dev-dibsi cevheri krishnamurtyp newexploring2020 nativeit orcascope jonnynch demesg plkumar backend-souls miraidoncorp jcruzcruz luckcyq dnrahamim

apacheds-docker's Issues

Drop version from data directory

/var/lib/apacheds-${VERSION} is currently where data is stored. To simplify deployments a la https://github.com/openmicroscopy/apacheds-k8s-app this should be simplified to /var/lib/apacheds.

LDAP Backups

Hi! Is there any way to make LDAP Backups from scripts?

ApacheDS documentation sais:

$ ldapsearch -D "uid=admin,ou=system" -w secret -p 10389 -h localhost -b "dc=example,dc=com" -s sub "(ObjectClass=*)" * + > backup.ldif

But ldapsearch command is not found inside the container.

Thanks!!

Custom dc not working

I'm trying to get familiar w/ ApacheDS and I thought it would be simple to take the existing openmicroscopy and simply change the name. However, simply changing the name in config.ldif, and ome.ldif and I don't have a top level object anymore.

Building w/o any changes, and the top level object appears. Effectively doing s/openmicroscopy/controller/ in the config.ldif, and all I see is the schema, config, and system in the RootDSE - no dc=controller,dc=org.

What am I missing?

K8s Volume and initialization of /var/lib/apache

I am setting a volumeMount already populated with my own partition(via an initContainer process). I am also setting a config-map arg for my server name 'APACHEDS_INSTANCE: myLDAP'.

But, it appears this is getting replaced with the bootstrap data I think? Is there a way to avoid the bootstrap process over-writing my volume mount(if that is what is going on?)

If I mount it into some other directory, (like just /var), I can see the files I expect, with the partition I expect; so I know the information is in the volume.

'/bootstrap/cache' -> '/var/lib/apacheds/myLDAP/cache'
'/bootstrap/conf' -> '/var/lib/apacheds/myLDAP/conf'
'/bootstrap/conf/log4j.properties' -> '/var/lib/apacheds/myLDAP/conf/log4j.properties'
'/bootstrap/conf/wrapper-instance.conf' -> '/var/lib/apacheds/myLDAP/conf/wrapper-instance.conf'
'/bootstrap/conf/config.ldif' -> '/var/lib/apacheds/myLDAP/conf/config.ldif'
'/bootstrap/log' -> '/var/lib/apacheds/myLDAP/log'
'/bootstrap/ome.ldif' -> '/var/lib/apacheds/myLDAP/ome.ldif'
'/bootstrap/partitions' -> '/var/lib/apacheds/myLDAP/partitions'
'/bootstrap/run' -> '/var/lib/apacheds/myLDAP/run'
changed ownership of '/var/lib/apacheds/myLDAP/partitions' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/ome.ldif' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/conf/log4j.properties' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/conf/wrapper-instance.conf' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/conf/config.ldif' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/conf' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/run' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/cache' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP/log' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/myLDAP' from root:root to apacheds:apacheds
Starting ApacheDS - myLDAP...

Is there a way to avoid the bootstrap process over-writing my volume mount(if that is what is going on?)

Thanks!

Move to Ubuntu 18.04

I think the base image should move to Ubuntu 18.04 since 16.04 EOL this April. And maybe move to openjdk 11 too?

Mount data/configuration directory

Hi,
Is there any way we can mount the volume to persist changes done to the configuration?
I run container with -v :/var/lib/apacheds. it seems not working. First time container starts correctly but when restart container it fails to start. I see error ERR_216_ID_FOR_PARENT_NOT_FOUND in the logs.

Set password on startup

Currently there's no way on container startup to reset the admin password

How to enable schemas on 0.8.0 version?

Hi,
For previous versions default enabled many default schema, but this 0.8.0 version isn't enable that. I tried this, but i can't do this.
I would like to use latest version, but i can't import my datas from 0.6.0 version, but schemas (example samba) not found.
I am waiting for your help!
Thanks, Peter

Adding custom interceptor

Hi,
Is there any way to add custom interceptor (actually custom Authenticator) to the docker image?
Thanks!

Database breaks the more users are stored

from @githilman:

I have using this repo for build my apacheds docker for running in kubernetes. My problem is the database always break. The more user stored on LDAP the more often the data break. I have implement backup and secured all my user but the break is too often. Maybe anyone have a tweak for this issue.

Migrated from #27

Can't run image

Hi,
I'm trying to use this image but I'm unable to start it. here is the listing:

$docker run --name ldap -d -p 389:10389 -v .../people.ldif:/bootstrap/conf/config.ldif:ro openmicroscopy/apacheds
92040fe8e5c10537f1924f0ec429f727bfe2750920a176f271a96fd93452e522
$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
$docker logs ldap --details --follow 
'/bootstrap/cache' -> '/var/lib/apacheds/default/cache'
'/bootstrap/conf' -> '/var/lib/apacheds/default/conf'
'/bootstrap/conf/ads-contextentry.decoded' -> '/var/lib/apacheds/default/conf/ads-contextentry.decoded'
'/bootstrap/conf/config.ldif' -> '/var/lib/apacheds/default/conf/config.ldif'
'/bootstrap/conf/log4j.properties' -> '/var/lib/apacheds/default/conf/log4j.properties'
'/bootstrap/conf/wrapper-instance.conf' -> '/var/lib/apacheds/default/conf/wrapper-instance.conf'
'/bootstrap/log' -> '/var/lib/apacheds/default/log'
'/bootstrap/ome.ldif' -> '/var/lib/apacheds/default/ome.ldif'
'/bootstrap/partitions' -> '/var/lib/apacheds/default/partitions'
'/bootstrap/run' -> '/var/lib/apacheds/default/run'
changed ownership of '/var/lib/apacheds/default/run' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/cache' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/log' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/partitions' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/ome.ldif' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/conf/wrapper-instance.conf' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/conf/log4j.properties' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/conf/config.ldif' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/conf/ads-contextentry.decoded' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default/conf' from root:root to apacheds:apacheds
changed ownership of '/var/lib/apacheds/default' from root:root to apacheds:apacheds
Starting ApacheDS - default...

I've paste above the log file but, as shown, there is no any error. however, the container exists after one second. Did I miss any parameter ? I didn't set the instance name as I don't think I'd need it but, anyway, even if I do it, the result is the same.
Any idea ?
Many thanks in advance.

kubernetes customization

Trying to launch a container in kubernetes matching the documented docker customization (which works great).

docker run --name ldap -d -p 389:10389 -e APACHEDS_INSTANCE=yourinstance -v /path/to/your/config.ldif:/bootstrap/conf/config.ldif:ro openmicroscopy/apacheds

has anyone tried something similar to this to get the your own config.ldif into the bootstrap and it launch error free?

  - image: openmicroscopy/apacheds
    name: ldap-server
    volumeMounts:
    - name: ldap-pvc
      mountPath: /bootstrap/conf/
      subPath: config.ldif
      readOnly: true
    ports:
    - containerPort: 10389
      protocol: TCP
    env:
    - name: APACHEDS_INSTANCE
      value: myLDAP

Latest update (AM26) to docker registry

Any chance of you building and pushing up a new version of the container to the registry? I saw that the source was updated 12 days ago with the new version (AM26) of ApacheDS.

ERR_250_ENTRY_ALREADY_EXISTS ou=system already exists

we have a docker-compose.yml will some services in which we are using this image for one service as below
version: '3.6'
services:
ldap:
image: openmicroscopy/apacheds
ports:
- "10389:10389"
- "10636:10636"
- "60088:60088"
- "60464:60464"
- "9090:8080"
- "8443:8443"
volumes:
- ./myconfig.ldif:/bootstrap/conf/config.ldif:ro
- myconfigdata:/var/lib/apacheds
//other services//
volumes:
myconfigdata:

The first time it starts perfectly but later on, it gives ERR_250_ENTRY_ALREADY_EXISTS ou=system already exists and gets terminated. Kindly help us.

full logs
{"log":"Cleaning up /var/lib/apacheds/default/run/apacheds-default.pid\n","stream":"stdout","time":"2018-06-21T07:38:21.869608788Z"}
{"log":"Starting ApacheDS - default...\n","stream":"stdout","time":"2018-06-21T07:38:24.91363281Z"}
{"log":"[07:39:43] ERROR [org.apache.directory.server.wrapper.ApacheDsTanukiWrapper] - Failed to start the service.\n","stream":"stdout","time":"2018-06-21T07:39:43.894071776Z"}
{"log":"org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException: ERR_250_ENTRY_ALREADY_EXISTS ou=system already exists!\n","stream":"stdout","time":"2018-06-21T07:39:43.894094076Z"}
{"log":"\u0009at org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition.add(AbstractBTreePartition.java:698)\n","stream":"stdout","time":"2018-06-21T07:39:43.894106484Z"}
{"log":"\u0009at org.apache.directory.server.core.DefaultDirectoryService.initializeSystemPartition(DefaultDirectoryService.java:1764)\n","stream":"stdout","time":"2018-06-21T07:39:43.894110423Z"}
{"log":"\u0009at org.apache.directory.server.core.DefaultDirectoryService.initialize(DefaultDirectoryService.java:1824)\n","stream":"stdout","time":"2018-06-21T07:39:43.894113929Z"}
{"log":"\u0009at org.apache.directory.server.core.DefaultDirectoryService.startup(DefaultDirectoryService.java:1251)\n","stream":"stdout","time":"2018-06-21T07:39:43.89411724Z"}
{"log":"\u0009at org.apache.directory.server.ApacheDsService.initDirectoryService(ApacheDsService.java:364)\n","stream":"stdout","time":"2018-06-21T07:39:43.89412127Z"}
{"log":"\u0009at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:197)\n","stream":"stdout","time":"2018-06-21T07:39:43.894125062Z"}
{"log":"\u0009at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:153)\n","stream":"stdout","time":"2018-06-21T07:39:43.894128718Z"}
{"log":"\u0009at org.apache.directory.server.wrapper.ApacheDsTanukiWrapper.start(ApacheDsTanukiWrapper.java:175)\n","stream":"stdout","time":"2018-06-21T07:39:43.894146597Z"}
{"log":"\u0009at org.tanukisoftware.wrapper.WrapperManager$12.run(WrapperManager.java:2788)\n","stream":"stdout","time":"2018-06-21T07:39:43.894150444Z"}

How to build apacheds:2.0.0-M23?

Could anyone help me how to bulid apacheds:2.0.0-M23?