This script set allows for easy deployment of an LDAP server with or without TLS, and LDAP admin web UI in docker containers.
This script can be used on its own, or as part of an aerolab-buildenv
script, or in combination with aerolab
commands.
./runme.sh
Usage: ./runme.sh start|stop|destroy|run|get
run - create and start LDAP stack
start - start an existing, stopped, LDAP stack
stop - stop a running LDAP stack, without destroying it
get - get the IPs of LDAP stack
help - get a list of useful commands for cli ldapsearch
destroy - stop and destroy the LDAP stack
git clone https://github.com/aerospike/aerolab.git
cd aerolab/scripts/aerolab-ldap
./runme.sh
./runme.sh run
./runme.sh destroy
certs/
directory.ldap1
.runme.sh run
, a useful list of commands and IPs is printed to access the ldap and web UI.runme.sh get
to get the useful list again.ldap://ldap1:389
or ldaps://ldap1:636
in the LDAP server name.ldap1
host pointing at the IP of the LDAP server in the /etc/hosts
file.
This is because Aerospike will only be able to connect and verify if the hostname of the
LDAP server matches the CN of certificate the LDAP server uses, which is ldap1
.LDAP_TLS_VERIFY_CLIENT: try
in docker-compose.yml. If that is set to demand
,
the LDAP server requires mutual certificate authentication with the Aerospike server. The server will need
a proper certificate for that, not just the CA.From the ldap-admin UI you can export ldif
files. You can then import those files by putting
your definitions in the ldif/
directory. These will be automatically deployed when you do
the run
command again.