Docker Compose

Template

version: '3'
services:
  openldap:
    container_name: openldap
    image: osixia/openldap:latest
    expose: 
      - 389
      - 636
    volumes:
      - /opt/appdata/openldap/certificates:/container/service/slapd/assets/certs
      - /opt/appdata/openldap/slapd/database:/var/lib/ldap
      - /opt/appdata/openldap/slapd/config:/etc/ldap/slapd.d
    environment: 
      LDAP_ORGANISATION: "YOUR_LDAP_ORGANISATION"
      LDAP_DOMAIN: "YOUR_LDAP_DOMAIN"
      LDAP_ADMIN_USERNAME: "YOUR_LDAP_ADMIN_USERNAME"
      LDAP_ADMIN_PASSWORD: "YOUR_LDAP_ADMIN_PASSWORD"
      LDAP_CONFIG_PASSWORD: "YOUR_LDAP_CONFIG_PASSWORD"
      LDAP_BASE_DN: "YOUR_LDAP_BASE_DN"
      LDAP_TLS_CRT_FILENAME: "YOUR_LDAP_TLS_CRT_FILENAME"
      LDAP_TLS_KEY_FILENAME: "YOUR_LDAP_TLS_KEY_FILENAME"
      LDAP_TLS_CA_CRT_FILENAME: "YOUR_LDAP_TLS_CA_CRT_FILENAME"
    networks:
      - proxy
    restart: unless-stopped
  
  ldapadmin:
    container_name: ldapadmin
    image: osixia/phpldapadmin:latest
    ports: 
      - "8399:80"
    labels:
      traefik.enable: true
      traefik.http.routers.ldapadmin.entryPoints: https
      traefik.http.routers.ldapadmin.middlewares: auth@file
    environment: 
      - PHPLDAPADMIN_LDAP_HOSTS=openldap
      - PHPLDAPADMIN_HTTPS=false
    volumes:
      - /opt/appdata/openldap/admin:/var/www/phpldapadmin # used to be able to make edits to the config file 
    depends_on:
      - openldap
    networks:
      - proxy
    restart: unless-stopped

networks:
  proxy:
    driver: bridge
    external: true

Example (with information filled in)

version: '3'
services:
  openldap:
    container_name: openldap
    image: osixia/openldap:latest
    expose: 
      - 389
      - 636
    volumes:
      - /opt/appdata/openldap/certificates:/container/service/slapd/assets/certs
      - /opt/appdata/openldap/slapd/database:/var/lib/ldap
      - /opt/appdata/openldap/slapd/config:/etc/ldap/slapd.d
    environment: 
      LDAP_ORGANISATION: "ibracorp"
      LDAP_DOMAIN: "ibracorp.io"
      LDAP_ADMIN_USERNAME: "admin"
      LDAP_ADMIN_PASSWORD: "SomeSuperSecurePassword"
      LDAP_CONFIG_PASSWORD: "AnotherSuperSecurePassword"
      LDAP_BASE_DN: "dc=ibracorp,dc=io"
      LDAP_TLS_CRT_FILENAME: "server.crt"
      LDAP_TLS_KEY_FILENAME: "server.key"
      LDAP_TLS_CA_CRT_FILENAME: "ibracorp.io.ca.crt"
    networks:
      - proxy
    restart: unless-stopped
  
  ldapadmin:
    container_name: ldapadmin
    image: osixia/phpldapadmin:latest
    ports: 
      - "8399:80"
    labels:
      traefik.enable: true
      traefik.http.routers.ldapadmin.entryPoints: https
      traefik.http.routers.ldapadmin.middlewares: auth@file
    environment: 
      PHPLDAPADMIN_LDAP_HOSTS: openldap
      PHPLDAPADMIN_HTTPS: false
    volumes:
      - /opt/appdata/openldap/admin:/var/www/phpldapadmin # used to be able to make edits to the config file 
    depends_on:
      - openldap
    networks:
      - proxy
    restart: unless-stopped

networks:
  proxy:
    driver: bridge
    external: true

To have you login format inserted automatically we can edit the ldapadmin config.php file located at /opt/appdata/openldap/admin/config/config.php and adding in the following lines below to the end of the config file to automatically fill in out login information as below:

/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
   'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
   BLANK. If you specify a login_attr in conjunction with a cookie or session
   auth_type, then you can also specify the bind_id/bind_pass here for searching
   the directory for users (ie, if your LDAP server does not allow anonymous
   binds. */
// $servers->setValue('login','bind_id','');
$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');

Last updated