sjones/docker_ldap_testing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
857c71484a9099afa92358fc379d228c367c970a
docker_ldap_testing/QUICKREF.md

7.8 KiB
Raw Blame History

LDAP Docker Quick Reference

Quick reference for common operations and configurations.

🚀 Quick Start

# Complete setup
make dev-setup

# Or step by step
make install              # Install dependencies
make certs-generate       # Generate certificates
make start                # Start server
make test-connection      # Test it works

🎯 Common Commands

Server Management

make start                # Start LDAP server
make stop                 # Stop LDAP server
make restart              # Restart LDAP server
make down                 # Stop and remove containers
make logs                 # View logs (follow mode)
make status               # Check container status

Testing

make test-connection      # Test LDAP connection
make test-auth            # Test authentication
make test-users           # List all users
make test-all             # Run all tests

Certificates

make certs-generate       # Generate self-signed certs
make certs-check          # Verify certificates

🔑 Default Credentials

Admin Access

  • DN: cn=admin,dc=testing,dc=local
  • Password: admin_password
  • Base DN: dc=testing,dc=local

phpLDAPadmin

👥 Test Users

All users have password: password123

Username Full Name Email DN
admin Admin User admin@testing.local uid=admin,ou=people,dc=testing,dc=local
jdoe John Doe jdoe@testing.local uid=jdoe,ou=people,dc=testing,dc=local
jsmith Jane Smith jsmith@testing.local uid=jsmith,ou=people,dc=testing,dc=local
testuser Test User testuser@testing.local uid=testuser,ou=people,dc=testing,dc=local

🌐 Service Ports

Service Port URL/Connection
LDAP 389 ldap://localhost:389
LDAPS 636 ldaps://localhost:636
phpLDAPadmin 8080 http://localhost:8080

🔍 Common LDAP Queries

Search All Users

ldapsearch -H ldap://localhost:389 \
  -D "cn=admin,dc=testing,dc=local" \
  -w admin_password \
  -b "ou=people,dc=testing,dc=local" \
  "(objectClass=inetOrgPerson)"

Search Specific User

ldapsearch -H ldap://localhost:389 \
  -D "cn=admin,dc=testing,dc=local" \
  -w admin_password \
  -b "dc=testing,dc=local" \
  "(uid=jdoe)"

Search All Groups

ldapsearch -H ldap://localhost:389 \
  -D "cn=admin,dc=testing,dc=local" \
  -w admin_password \
  -b "ou=groups,dc=testing,dc=local" \
  "(objectClass=groupOfNames)"

Anonymous Bind (Read-Only)

ldapsearch -H ldap://localhost:389 \
  -x \
  -b "dc=testing,dc=local" \
  "(objectClass=*)"

🔒 LDAPS/SSL Testing

Test SSL Connection

openssl s_client -connect localhost:636 -CAfile certs/ca.crt

LDAPS Search

ldapsearch -H ldaps://localhost:636 \
  -D "cn=admin,dc=testing,dc=local" \
  -w admin_password \
  -b "dc=testing,dc=local"

Verify Certificate

openssl verify -CAfile certs/ca.crt certs/server.crt
openssl x509 -in certs/server.crt -text -noout

🐍 Python LDAP3 Examples

Simple Connection

from ldap3 import Server, Connection

server = Server('ldap://localhost:389')
conn = Connection(server, 
                  user='cn=admin,dc=testing,dc=local',
                  password='admin_password',
                  auto_bind=True)
print("Connected!")
conn.unbind()

Search Users

from ldap3 import Server, Connection

server = Server('ldap://localhost:389')
conn = Connection(server, 
                  user='cn=admin,dc=testing,dc=local',
                  password='admin_password',
                  auto_bind=True)

conn.search('dc=testing,dc=local',
            '(objectClass=inetOrgPerson)',
            attributes=['uid', 'cn', 'mail'])

for entry in conn.entries:
    print(f"{entry.cn}: {entry.mail}")

conn.unbind()

Authenticate User

from ldap3 import Server, Connection

server = Server('ldap://localhost:389')
conn = Connection(server,
                  user='uid=jdoe,ou=people,dc=testing,dc=local',
                  password='password123')

if conn.bind():
    print("Authentication successful!")
else:
    print("Authentication failed!")
conn.unbind()

🐳 Docker Commands

View Logs

docker-compose logs -f openldap        # Follow LDAP logs
docker-compose logs --tail=100 openldap  # Last 100 lines
docker-compose logs phpldapadmin       # Admin UI logs

Container Shell Access

docker-compose exec openldap bash      # Shell in LDAP container
docker ps                              # List running containers
docker-compose ps                      # List project containers

Volume Management

docker volume ls                       # List volumes
docker-compose down -v                 # Remove volumes (deletes data!)

🔧 Troubleshooting Quick Fixes

Server Won't Start

# Check if ports are in use
lsof -i :389
lsof -i :636
lsof -i :8080

# Check Docker is running
docker version

# View error logs
docker-compose logs openldap

Certificate Errors

# Verify certificates exist
ls -la certs/

# Regenerate certificates
make certs-generate --force

# Check certificate validity
openssl x509 -in certs/server.crt -noout -dates

Connection Refused

# Check container is running
docker-compose ps

# Wait for initialization (can take 10-30 seconds)
make logs

# Restart server
make restart

Authentication Fails

# Verify credentials
# Default: cn=admin,dc=testing,dc=local / admin_password

# Check if users are loaded
make test-users

# View LDAP directory structure
ldapsearch -H ldap://localhost:389 -x -b "dc=testing,dc=local" -s base

Data Not Appearing

# Check if LDIF files were loaded
docker-compose logs openldap | grep -i ldif

# Rebuild with fresh data
make down-volumes  # WARNING: Deletes all data!
make start

📁 File Locations

Configuration Files

  • docker-compose.yml - Docker services configuration
  • pyproject.toml - Python dependencies
  • .env.example - Environment variables template

Data Files

  • ldif/01-users.ldif - Initial LDAP data
  • certs/ - SSL certificates (git-ignored)

Scripts

  • scripts/cli.py - CLI management tool
  • scripts/generate_certs.py - Certificate generator
  • quickstart.sh - Interactive setup script

🎓 LDAP Basics

DN (Distinguished Name)

Format: attribute=value,ou=unit,dc=domain,dc=tld

Examples:

  • cn=admin,dc=testing,dc=local - Admin user
  • uid=jdoe,ou=people,dc=testing,dc=local - Regular user
  • cn=developers,ou=groups,dc=testing,dc=local - Group

Common Object Classes

  • inetOrgPerson - Person with internet attributes
  • posixAccount - Unix/Linux account
  • groupOfNames - Group with members

Common Attributes

  • uid - User ID (username)
  • cn - Common Name (full name)
  • sn - Surname (last name)
  • mail - Email address
  • userPassword - Hashed password
  • member - Group member DN

🔗 Useful Links

💡 Tips

  1. Use LDAPS in applications: Always prefer ldaps:// over ldap://
  2. Test with anonymous bind first: Use -x flag with ldapsearch
  3. Check logs when troubleshooting: make logs is your friend
  4. Certificate hostname must match: Ensure SAN includes ldap.testing.local
  5. Wait after starting: Server needs 10-30 seconds to initialize
  6. Backup before experimenting: Use make down not make down-volumes

Need more help? See full documentation in README.md

Reference in New Issue View Git Blame Copy Permalink