Project

General

Profile

Actions
Copy link

Task #1582

open

New testing environment - 389DS LDAP

Added by Petr Fišer about 5 years ago. Updated almost 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/26/2019
Due date:
% Done:

0%

Estimated time:
Owner:

Description

Create docker image and compose file for use in CzechIdM testing environment.
This image works fine: https://hub.docker.com/r/minkwe/389ds/ , build atop of it.

Actions
Copy link
 #1

Updated by Petr Fišer about 5 years ago

Image works fine. Setup:

git clone https://github.com/michel4j/389ds.git
cd 389ds
mkdir certs
cd certs

#setup certificates
openssl genrsa -out ca.pem 4096
openssl req -new -key ca.pem -out ca.csr
openssl x509 -req -in ca.csr -signkey ca.pem -days 10000 -sha256 -out ca.crt

openssl genrsa -out server.key 2048
openssl req -new -key server.key  -out server.csr
... CZ, Czech Republic, Prague, BCV, , ldap.example.com, root@ldap.example.com ...

openssl x509 -req -CA ca.crt -CAkey ca.pem -in server.csr -days 1000 -sha256 -set_serial 1 -out server.crt

cd ..

vim docker-compose.yml
    DIR_SUFFIX: c=cz
    DIR_ADMIN_USERNAME: "admin" 
    DIR_MANAGER_PASSWORD: "demodemo" 

docker-compose up

LDAP supports only TLS1.2 and strong ciphers. Only quirk is that it does not present whole certificate chain when accessed through LDAPS.
It has some example entries created - we can tweak this through the confd and templates (located in confd/templates/ ). We can definitelly use this to fill in some demo data.

Actions
Copy link

Also available in: Atom PDF