Add: OpenLdap and tools

openldap/.env

@@ -0,0 +1,11 @@
+APP_IMAGE=traefik
+APP_VERSION=v2.6.1
+
+APP_PUBLIC_IP="127.0.0.1"
+APP_NETWORK=''
+
+APP_DOMAIN=dev
+APP_ADMIN_EMAIL=admin@dev
+
+TRAEFIK_CERTRESOLV=default
+TRAEFIK_CERTRESOLV_PROVIDER=''

openldap/README.md

@@ -0,0 +1,10 @@
+# OpenLDAP Server
+
+
+## Self-serve configuration
+
+## LUM configuration
+
+For lUM, an initial config step is required:
+
+https://lum.dev.box/setup/

openldap/docker-compose.debug.yml

@@ -0,0 +1,4 @@
+services:
+  openldap:
+    command: --loglevel debug
+      

openldap/docker-compose.expose.yml

@@ -0,0 +1,5 @@
+services:
+  openldap:
+    ports:
+      - 389:389
+      

openldap/docker-compose.lemon-ldap.yml

@@ -0,0 +1,36 @@
+
+
+
+
+
+services:
+
+  lemon:
+    image: coudot/lemonldap-ng:2.0.14
+    restart: always
+
+    volumes:
+      - ./lemonldap-etc/:/etc/lemonldap-ng
+      - ./lemonldap-conf/:/var/lib/lemonldap-ng/conf
+        #- ./lemonldap-psessions/:/var/lib/lemonldap-ng/psessions
+        #- ./lemonldap-sessions/:/var/lib/lemonldap-ng/sessions
+      - ./lemonldap-logs:/var/log/nginx
+
+    environment:
+      - SSODOMAIN=$APP_TOP_DOMAIN
+      - PORTAL_HOSTNAME=auth.$APP_TOP_DOMAIN
+      - MANAGER_HOSTNAME=lemon.$APP_TOP_DOMAIN
+      - HANDLER_HOSTNAME=handler.$APP_TOP_DOMAIN
+      - TEST1_HOSTNAME=mytest1.$APP_TOP_DOMAIN
+      - TEST2_HOSTNAME=mytest2.$APP_TOP_DOMAIN
+      - LOGLEVEL=debug
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.lemon.entrypoints: front-http,front-https
+        #traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$APP_TOP_DOMAIN`)
+      traefik.http.routers.lemon.rule: Host(`auth.$APP_TOP_DOMAIN`,`lemon.$APP_TOP_DOMAIN`,`handler.$APP_TOP_DOMAIN`)
+        #traefik.http.routers.lemon.rule: Host(`lemon.$APP_TOP_DOMAIN`)
+      traefik.http.routers.lemon.service: lemon
+      traefik.http.routers.lemon.tls: "true"
+      traefik.http.routers.lemon.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.services.lemon.loadbalancer.server.port: '80'

openldap/docker-compose.lum.yml

@@ -0,0 +1,40 @@
+
+
+networks:
+  proxy:
+    name: ${APP_PROXY_NETWORK}
+
+services:
+
+  manager:
+    image: wheelybird/ldap-user-manager:latest
+    restart: always
+
+    networks:
+      proxy:
+      default:
+
+    environment:
+      - "SERVER_HOSTNAME=lum.$APP_TOP_DOMAIN"
+      - "LDAP_URI=$LDAP_SERVER_URI"
+      - "LDAP_BASE_DN=$LDAP_BASE_DN"
+      - "LDAP_ADMINS_GROUP=admins"
+      - "LDAP_ADMIN_BIND_DN=cn=admin,$LDAP_BASE_DN"
+      - "LDAP_ADMIN_BIND_PWD=$LDAP_ADMIN_PASSWORD"
+        #- "LDAP_ADMIN_BIND_PWD=admin"
+      - "LDAP_IGNORE_CERT_ERRORS=true"
+      - "NO_HTTPS=true"
+      - "ACCEPT_WEAK_PASSWORDS=true"
+
+      # MrJK Tweaking
+      - "USERNAME_REGEX=^[a-z][a-zA-Z0-9._-]{2,32}$$"
+
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.lum.entrypoints: front-http,front-https
+      traefik.http.routers.lum.rule: Host(`lum.$APP_TOP_DOMAIN`)
+      traefik.http.routers.lum.service: lum
+      traefik.http.routers.lum.tls: "true"
+      traefik.http.routers.lum.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.services.lum.loadbalancer.server.port: '80'
+

openldap/docker-compose.self-service.yml

@@ -0,0 +1,28 @@
+
+networks:
+  proxy:
+    name: ${APP_PROXY_NETWORK}
+
+
+services:
+
+  selfservice:
+    image: docker.io/ltbproject/self-service-password:latest
+    restart: always
+    networks:
+      proxy:
+      default:
+
+    volumes:
+      - ./selfserve/config.inc.php:/var/www/conf/config.inc.local.php
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.selfserve.entrypoints: front-http,front-https
+        #traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$APP_TOP_DOMAIN`)
+      traefik.http.routers.selfserve.rule: Host(`self.$APP_TOP_DOMAIN`)
+        #traefik.http.routers.selfserve.rule: Host(`selfserve.$APP_TOP_DOMAIN`)
+      traefik.http.routers.selfserve.service: selfserve
+      traefik.http.routers.selfserve.tls: "true"
+      traefik.http.routers.selfserve.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.services.selfserve.loadbalancer.server.port: '80'
+

openldap/docker-compose.yml

@@ -0,0 +1,27 @@
+version: "3.9"
+
+networks:
+  default:
+    name: ${APP_NETWORK}
+
+
+services:
+  openldap:
+    image: osixia/openldap:latest
+    restart: always
+    networks:
+      default:
+        aliases:
+          - ldap
+    environment:
+      - "LDAP_ORGANISATION=$LDAP_ORGANISATION"
+      - "LDAP_DOMAIN=$LDAP_DOMAIN"
+      - "LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD"
+      - "LDAP_RFC2307BIS_SCHEMA=true"
+      - "LDAP_REMOVE_CONFIG_AFTER_SETUP=true"
+      - "LDAP_TLS_VERIFY_CLIENT=never"
+      - "LDAP_TLS=false"
+    volumes:
+      - ./ldap_data:/var/lib/ldap
+      - ./ldap_config:/etc/ldap/slapd.d
+