LDAP examples
12 Feb 2022CLI
ldapsearch -x -w password -H ldap://localhost -D cn=admin,dc=k8s,dc=com -b ou=authelia,dc=k8s,dc=com
ldapwhoami -x -w password -D cn=admin,cn=config
ldapwhoami -x -w password -D cn=admin,dc=k8s,dc=com
ldapwhoami -x -w kuster -D cn=ShihtaKuan,ou=group0,dc=k8s,dc=com
slappasswd -o module-load=pw-argon2 -h {ARGON2} -s abc
Some configuration
ldapmodify -x -w password -D cn=admin,cn=config -f ldap_disable_bind_anon.ldif
ldapmodify -x -w password -D cn=admin,cn=config -f argon2.ldif
change password
ldappasswd -x -D cn=admin,dc=k8s,dc=com -w password -S cn=ShihtaKuan,ou=group0,dc=k8s,dc=com
docker run
docker run -d \
--network host \
--env LDAP_ORGANISATION="Kubernetes LDAP" \
--env LDAP_DOMAIN="k8s.com" \
--env LDAP_ADMIN_PASSWORD="password" \
--env LDAP_CONFIG_PASSWORD="password" \
--name openldap-server \
-v $PWD/data/ldap:/var/lib/ldap -v $PWD/data/slapd.d:/etc/ldap/slapd.d \
osixia-openldap:test0
docker run -d \
-p 0.0.0.0:8443:443 \
--env PHPLDAPADMIN_LDAP_HOSTS=10.103.3.101 \
--name phpldapadmin \
osixia/phpldapadmin
[[email protected] ~]# docker ps |grep ldap
e444229214a5 osixia/openldap:1.2.2 "/container/tool/run" 24 hours ago Up 24 hours 389/tcp, 636/tcp my-openldap-container
[[email protected] ~]# docker exec -it my-openldap-container sh
# ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch (May 23 2018 04:25:19) $
Debian OpenLDAP Maintainers <[email protected]>
(LDAP library: OpenLDAP 20444)
#
# slaptest
config file testing succeeded
#
# slapcat -v
# id=00000001
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example
structuralObjectClass: organization
entryUUID: f8f7b81c-6a92-1038-9a4d-81d6b41cd327
creatorsName: cn=admin,dc=example,dc=org
createTimestamp: 20181022221004Z
entryCSN: 20181022221004.555004Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=org
modifyTimestamp: 20181022221004Z
# id=00000002
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9RTBJMTlqaW1BTVlaZ0h2aEhPbm5YVVdWRmQxaEtBRnM=
structuralObjectClass: organizationalRole
entryUUID: f8f818b6-6a92-1038-9a4e-81d6b41cd327
creatorsName: cn=admin,dc=example,dc=org
createTimestamp: 20181022221004Z
entryCSN: 20181022221004.557498Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=org
modifyTimestamp: 20181022221004Z
#
References
- How to disable anonymous access
- ARGON2: Update password hashing algorithms
- https://manpages.debian.org/testing/slapd-contrib/slapd-pw-argon2.5.en.html#t=
- https://www.mail-archive.com/openldap-technical@openldap.org/msg24715.html
: