Skip to content
Snippets Groups Projects
Unverified Commit 1a01f707 authored by Andrej Ramašeuski's avatar Andrej Ramašeuski
Browse files

Initial commit

parents
No related branches found
No related tags found
No related merge requests found
Pipeline #114 passed
image: docker:19.03.1
variables:
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
services:
- docker:19.03.1-dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build:
stage: build
script:
- docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG
FROM debian:buster-slim AS builder
MAINTAINER Andrej Ramašeuski <andrej.ramaseuski@pirati.cz>
ARG BUILD_ENV
ENV BUILD_ENV=${BUILD_ENV:-"prod"}
ENV PREFIX=/opt
ENV OPENLDAP_INSTALL_DIR=${PREFIX}/ldap
ENV OPENLDAP_VERSION=2.4.48
# Temporary install deps
RUN apt-get update
RUN apt-get install -y wget build-essential git libtool libdb-dev groff groff-base
# Build tmp OpenLDAP
RUN mkdir -p ${PREFIX}
WORKDIR ${PREFIX}
RUN wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-${OPENLDAP_VERSION}.tgz
RUN tar xzf openldap-${OPENLDAP_VERSION}.tgz
RUN mv openldap-${OPENLDAP_VERSION} ldap
WORKDIR ${OPENLDAP_INSTALL_DIR}
RUN ./configure --prefix=${PREFIX} --enable-modules
RUN make depend
RUN make
RUN make install
# Build bcrypt OpenLDAP
RUN mkdir -p ${OPENLDAP_INSTALL_DIR}/contrib/slapd-modules/passwd
WORKDIR ${OPENLDAP_INSTALL_DIR}/contrib/slapd-modules/passwd
RUN git clone https://github.com/wclarie/openldap-bcrypt.git bcrypt
WORKDIR ${OPENLDAP_INSTALL_DIR}/contrib/slapd-modules/passwd/bcrypt
RUN make
RUN make install
FROM osixia/openldap:1.3.0
MAINTAINER Andrej Ramašeuski <andrej.ramaseuski@pirati.cz>
# Osixia/OpenLDAP extension
COPY --from=builder /usr/local/libexec/openldap/pw-bcrypt.so /usr/lib/ldap/pw-bcrypt.so
ADD bootstrap /container/service/slapd/assets/config/bootstrap
ADD environment /container/environment/01-custom
WORKDIR /
# Add bcrypt support
dn: cn=module{0},cn=config
changetype: modify
#changetype: add
#objectClass: olcModuleLoad
add: olcModuleLoad
#cn: module{0}
olcModuleLoad: /usr/lib/ldap/pw-bcrypt.so
# Default hash
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcPasswordHash
olcPasswordHash: {BCRYPT}
# Required and used for new ldap server only
LDAP_ORGANISATION: Ceska piratska strana
LDAP_DOMAIN: pirati
LDAP_ADMIN_PASSWORD: Adm1n!
LDAP_CONFIG_PASSWORD: c0nfii9
LDAP_READONLY_USER: false
# Tls
LDAP_TLS: true
LDAP_TLS_CRT_FILENAME: cert.crt
LDAP_TLS_KEY_FILENAME: cert.key
LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
LDAP_TLS_CA_CRT_FILENAME: ca.crt
LDAP_TLS_ENFORCE: true
LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
LDAP_TLS_VERIFY_CLIENT: demand
# This is the default image configuration file
# These values will persists in container environment.
# All environment variables used after the container first start
# must be defined here.
# more information : https://github.com/osixia/docker-light-baseimage
# General container configuration
# see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
LDAP_LOG_LEVEL: 0
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment