kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-04 04:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c35eb10343615e284403c17d21c29bd37df8c4fe
computer-playbook/roles/docker-ldap
History
Kevin Veen-Birkenbach 27a31725c0 Deactivated default users
2025-01-22 11:25:39 +01:00
..
tasks
Moved certificate management behind nginx proxy
2025-01-21 23:33:24 +01:00
templates
Deactivated default users
2025-01-22 11:25:39 +01:00
vars
Removed deprecated certs
2025-01-21 23:38:16 +01:00
README.md
Updated README.md
2025-01-21 23:41:58 +01:00

README.md

Docker LDAP Role

This Ansible role provides a streamlined implementation of an LDAP server with TLS support. It leverages Docker Compose to deploy a pre-configured OpenLDAP server and phpLDAPadmin for easy management.

🚀 Features

  • Secure LDAP with TLS:

    • Automatically configures TLS certificates for secure communication.
    • Provides configurable support for LDAPS on port 636.

  • phpLDAPadmin Integration:

    • Includes a Dockerized phpLDAPadmin setup for easy user and group management.

  • Healthcheck Support:

    • Ensures that the LDAP service is healthy and accessible using ldapsearch.

📋 Requirements

Prerequisites

  • A valid domain name.
  • Ansible installed on the deployment host.
  • Docker and Docker Compose installed on the target host.

🔧 Role Variables

Key Variables

Variable Description Default Value
docker_compose_project_name Name of the Docker Compose project. ldap
ldap_root Base DN for the LDAP directory. dc={{primary_domain_sld}},dc={{primary_domain_tld}}
ldap_admin_dn Distinguished Name (DN) for the LDAP administrator. cn={{ldap_administrator_username}},{{ldap_root}}
cert_mount_directory Directory to mount SSL/TLS certificates. {{docker_compose_instance_directory}}/certs/
ldap_administrator_username Username for the LDAP admin. admin
ldap_administrator_password Password for the LDAP admin. Required
ldap_admin_version Version of phpLDAPadmin Docker image. latest
ldap_version Version of OpenLDAP Docker image. latest

📂 Role Structure

roles/
  docker-ldap/
    README.md
    vars/
      main.yml
    tasks/
      main.yml
    templates/
      docker-compose.yml.j2
      nginx.stream.conf.j2

📖 Usage

Heres an example playbook to use this role:

- name: Deploy LDAP
  hosts: ldap_servers
  roles:
    - role: docker-ldap
      vars:
        docker_compose_instance_directory: "/home/administrator/docker-compose/ldap/"
        primary_domain_sld: "veen"
        primary_domain_tld: "world"
        ldap_administrator_username: "administrator"
        ldap_administrator_password: "secure_password_here"
        ldap_admin_version: "latest"
        ldap_version: "latest"

Steps to Deploy:

  1. Clone your playbook repository to the target server.
  2. Run the playbook: 
    ansible-playbook -i inventory playbook.yml
  3. Access phpLDAPadmin:
    • URL: http://localhost:8080 (or your configured port)
    • Login: Use the admin DN and password.

🛠️ Technical Details

Services Configured

  1. OpenLDAP

    • TLS enabled on port 636.
    • Configuration driven by environment variables.

  2. phpLDAPadmin

    • Accessible on port 443.
    • Simplifies LDAP management via a web interface.

  3. Healthchecks

    • Uses ldapsearch to validate LDAP functionality.

Directory Structure

The following directories are mounted in the container:

  • LDAP Data: data:/bitnami/openldap for persistent data storage.

🔒 Security Recommendations

  • Always use strong passwords for ldap_administrator_password.
  • Restrict access to phpLDAPadmin by binding it to 127.0.0.1 or using a reverse proxy.

📜 References

👨‍💻 Author

Kevin Veen-Birkenbach - veen.world

Feel free to report issues, suggest features, or contribute to the repository! 😊