computer-playbook/roles/docker-ldap/README.md

# Docker LDAP Role

This Ansible role provides a streamlined implementation of an LDAP server with TLS support. It leverages Docker Compose to deploy a pre-configured OpenLDAP server and phpLDAPadmin for easy management.

---

## 🚀 **Features**

- **Secure LDAP with TLS**:
  - Automatically configures TLS certificates for secure communication.
  - Provides configurable support for LDAPS on port 636.

- **phpLDAPadmin Integration**:
  - Includes a Dockerized phpLDAPadmin setup for easy user and group management.

- **Healthcheck Support**:
  - Ensures that the LDAP service is healthy and accessible using `ldapsearch`.

--
## Maintanance
### Show all Entires
```bash 
docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" -b 'dc=veen,dc=world'
```

### Delete Groups and Subgroup
To delete the group inclusive all subgroups use:
```bash
docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" -b 'ou=applications,ou=groups,dc=veen,dc=world' dn | sed -n 's/^dn: //p' | tac | while read -r dn; do echo \"Deleting \$dn\"; ldapdelete -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" \"\$dn\"; done"

```

--

## 🛠️ **Technical Details**

### **Services Configured**

1. **OpenLDAP**
   - TLS enabled on port 636.
   - Configuration driven by environment variables.

2. **phpLDAPadmin**
   - Accessible on port 443.
   - Simplifies LDAP management via a web interface.

3. **Healthchecks**
   - Uses `ldapsearch` to validate LDAP functionality.

### **Directory Structure**

The following directories are mounted in the container:
- **LDAP Data:** `data:/bitnami/openldap` for persistent data storage.

---

## 🔒 **Security Recommendations**
- Always use strong passwords for `applications.ldap.administrator_password`.
- Restrict access to phpLDAPadmin by binding it to `127.0.0.1` or using a reverse proxy.

---

## 📜 **References**
- [Bitnami OpenLDAP](https://hub.docker.com/r/bitnami/openldap)
- [phpLDAPadmin Documentation](https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container)
- [LDAP Account Manager](https://github.com/LDAPAccountManager/docker)
---


## 👨‍💻 **Author**

Kevin Veen-Birkenbach - [veen.world](https://www.veen.world)

Feel free to report issues, suggest features, or contribute to the repository! 😊
Added LDAP integration 2025-01-21 19:44:47 +01:00			`# Docker LDAP Role`

			`This Ansible role provides a streamlined implementation of an LDAP server with TLS support. It leverages Docker Compose to deploy a pre-configured OpenLDAP server and phpLDAPadmin for easy management.`

			`---`

			`## 🚀 Features`

			`- Secure LDAP with TLS:`
			`- Automatically configures TLS certificates for secure communication.`
			`- Provides configurable support for LDAPS on port 636.`

			`- phpLDAPadmin Integration:`
			`- Includes a Dockerized phpLDAPadmin setup for easy user and group management.`

			`- Healthcheck Support:`
			- Ensures that the LDAP service is healthy and accessible using `ldapsearch`.

Added ldap roles draft 2025-02-11 16:19:08 +01:00			`--`
			`## Maintanance`
			`### Show all Entires`
			```bash
			`docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" -b 'dc=veen,dc=world'`
Added LDAP integration 2025-01-21 19:44:47 +01:00			```

Added ldap roles draft 2025-02-11 16:19:08 +01:00			`### Delete Groups and Subgroup`
			`To delete the group inclusive all subgroups use:`
			```bash
			`docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" -b 'ou=applications,ou=groups,dc=veen,dc=world' dn \| sed -n 's/^dn: //p' \| tac \| while read -r dn; do echo \"Deleting \$dn\"; ldapdelete -x -D 'cn=administrator,dc=veen,dc=world' -w \"\$LDAP_ADMIN_PASSWORD\" \"\$dn\"; done"`
Added LDAP integration 2025-01-21 19:44:47 +01:00
			```

Added ldap roles draft 2025-02-11 16:19:08 +01:00			`--`
Added LDAP integration 2025-01-21 19:44:47 +01:00
			`## 🛠️ Technical Details`

			`### Services Configured`

			`1. OpenLDAP`
			`- TLS enabled on port 636.`
			`- Configuration driven by environment variables.`

			`2. phpLDAPadmin`
Updated README.md 2025-01-21 23:41:58 +01:00			`- Accessible on port 443.`
Added LDAP integration 2025-01-21 19:44:47 +01:00			`- Simplifies LDAP management via a web interface.`

			`3. Healthchecks`
			- Uses `ldapsearch` to validate LDAP functionality.

			`### Directory Structure`

			`The following directories are mounted in the container:`
			- LDAP Data: `data:/bitnami/openldap` for persistent data storage.

			`---`

			`## 🔒 Security Recommendations`
Refactored application variables 2025-02-03 11:44:13 +01:00			- Always use strong passwords for `applications.ldap.administrator_password`.
Added LDAP integration 2025-01-21 19:44:47 +01:00			- Restrict access to phpLDAPadmin by binding it to `127.0.0.1` or using a reverse proxy.

			`---`

			`## 📜 References`
			`- [Bitnami OpenLDAP](https://hub.docker.com/r/bitnami/openldap)`
			`- [phpLDAPadmin Documentation](https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container)`
			`- [LDAP Account Manager](https://github.com/LDAPAccountManager/docker)`
			`---`


			`## 👨‍💻 Author`

			`Kevin Veen-Birkenbach - [veen.world](https://www.veen.world)`

Updated README.md 2025-01-21 23:41:58 +01:00			`Feel free to report issues, suggest features, or contribute to the repository! 😊`