commit
1bc26a314e
|
@ -0,0 +1,18 @@
|
||||||
|
# domain of LDAP database root entry, will be converted to dc=...,dc=...
|
||||||
|
LDAP_DOMAIN=my-domain.com
|
||||||
|
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
|
||||||
|
LDAP_BASE_DN=dc=my-domain,dc=com
|
||||||
|
# LDAP server URL
|
||||||
|
LDAP_SERVER=ldap://ldap:389
|
||||||
|
# LDAP admin user (set as login user for LAM)
|
||||||
|
LDAP_USER=cn=admin111,dc=my-domain,dc=com
|
||||||
|
# LDAP admin password
|
||||||
|
LDAP_ADMIN_PASSWORD=adminpw
|
||||||
|
|
||||||
|
# LAM configuration master password and password for server profile "lam"
|
||||||
|
LAM_PASSWORD=lam
|
||||||
|
|
||||||
|
# docker-compose only, LDAP organisation name for OpenLDAP
|
||||||
|
LDAP_ORGANISATION="LDAP Account Manager Demo"
|
||||||
|
# docker-compose only, password for LDAP read-only user
|
||||||
|
LDAP_READONLY_USER_PASSWORD=readonlypw
|
|
@ -25,32 +25,59 @@
|
||||||
# You can change the port 8080 if needed.
|
# You can change the port 8080 if needed.
|
||||||
#
|
#
|
||||||
|
|
||||||
FROM debian:stretch
|
FROM debian:buster-slim
|
||||||
MAINTAINER Roland Gruber <post@rolandgruber.de>
|
LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
|
||||||
|
|
||||||
ARG LAM_RELEASE=6.9
|
ARG LAM_RELEASE=6.9
|
||||||
|
|
||||||
# update OS
|
ENV \
|
||||||
RUN apt-get update \
|
DEBIAN_FRONTEND=noninteractive \
|
||||||
&& apt-get upgrade -y
|
DEBUG=''
|
||||||
|
|
||||||
# install requirements
|
RUN apt-get update && \
|
||||||
RUN apt-get install -y wget apache2 libapache2-mod-php php php-ldap php-zip php-xml php-curl php-gd php-imagick php-mcrypt php-tcpdf php-phpseclib fonts-dejavu php-monolog
|
apt-get install --no-install-recommends -y \
|
||||||
|
apache2 \
|
||||||
|
ca-certificates \
|
||||||
|
dumb-init \
|
||||||
|
fonts-dejavu \
|
||||||
|
libapache2-mod-php \
|
||||||
|
php \
|
||||||
|
php-curl \
|
||||||
|
php-gd \
|
||||||
|
php-imagick \
|
||||||
|
php-ldap \
|
||||||
|
php-monolog \
|
||||||
|
php-phpseclib \
|
||||||
|
php-xml \
|
||||||
|
php-zip \
|
||||||
|
wget \
|
||||||
|
&& \
|
||||||
|
rm /etc/apache2/sites-enabled/*default* && \
|
||||||
|
rm -rf /var/cache/apt /var/lib/apt/lists/*
|
||||||
|
|
||||||
# install LAM
|
# install LAM
|
||||||
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \
|
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
|
||||||
&& dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
|
-O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
|
||||||
|
dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
|
||||||
|
rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
|
||||||
|
|
||||||
# cleanup
|
# redirect Apache logging
|
||||||
RUN apt-get autoremove -y && apt-get clean all \
|
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
|
||||||
&& rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \
|
# because there is no logging set in the lam vhost logging goes to other_vhost_access.log
|
||||||
&& rm /etc/apache2/sites-enabled/*default*
|
RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
|
||||||
|
|
||||||
# add redirect for /
|
# add redirect for /
|
||||||
RUN a2enmod rewrite
|
RUN a2enmod rewrite
|
||||||
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
|
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
|
||||||
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
|
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
|
||||||
|
|
||||||
# start Apache when container starts
|
COPY start.sh /usr/local/bin/start.sh
|
||||||
ENTRYPOINT service apache2 start && sleep infinity
|
|
||||||
|
|
||||||
|
WORKDIR /var/lib/ldap-account-manager/config
|
||||||
|
|
||||||
|
# start Apache when container starts
|
||||||
|
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||||
|
CMD [ "/usr/local/bin/start.sh" ]
|
||||||
|
|
||||||
|
HEALTHCHECK --interval=1m --timeout=10s \
|
||||||
|
CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
version: '3.5'
|
||||||
|
services:
|
||||||
|
ldap-account-manager:
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
args:
|
||||||
|
- LAM_RELEASE=6.9
|
||||||
|
image: ldapaccountmanager/lam:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "8080:80"
|
||||||
|
volumes:
|
||||||
|
- lametc/:/etc/ldap-account-manager
|
||||||
|
- lamconfig/:/var/lib/ldap-account-manager/config
|
||||||
|
- lamsession/:/var/lib/ldap-account-manager/sess
|
||||||
|
environment:
|
||||||
|
- LAM_PASSWORD=${LAM_PASSWORD}
|
||||||
|
- LAM_LANG=en_US
|
||||||
|
- LDAP_SERVER=${LDAP_SERVER}
|
||||||
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||||
|
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||||
|
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
|
||||||
|
- DEBUG=true
|
||||||
|
ldap:
|
||||||
|
image: osixia/openldap:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
||||||
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||||
|
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||||
|
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
||||||
|
- LDAP_READONLY_USER=true
|
||||||
|
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
||||||
|
command: "--loglevel info --copy-service"
|
||||||
|
volumes:
|
||||||
|
- ldap:/var/lib/ldap
|
||||||
|
- slapd:/etc/ldap/slapd.d
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
lametc:
|
||||||
|
lamconfig:
|
||||||
|
lamsession:
|
||||||
|
ldap:
|
||||||
|
slapd:
|
|
@ -0,0 +1,54 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Docker start script for LDAP Account Manager
|
||||||
|
|
||||||
|
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
|
# Copyright (C) 2019 Felix Bartels
|
||||||
|
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
|
|
||||||
|
set -eu # unset variables are errors & non-zero return values exit the whole script
|
||||||
|
[ "$DEBUG" ] && set -x
|
||||||
|
|
||||||
|
LAM_LANG="${LAM_LANG:-en_US}"
|
||||||
|
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
|
||||||
|
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
|
||||||
|
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
|
||||||
|
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
|
||||||
|
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
|
||||||
|
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
|
||||||
|
|
||||||
|
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
|
||||||
|
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
|
||||||
|
EOF
|
||||||
|
unset LAM_PASSWORD
|
||||||
|
|
||||||
|
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
|
||||||
|
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
|
||||||
|
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
|
||||||
|
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
|
||||||
|
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
|
||||||
|
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
|
||||||
|
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
|
||||||
|
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Starting Apache"
|
||||||
|
rm -f /run/apache2/apache2.pid
|
||||||
|
set +u
|
||||||
|
# shellcheck disable=SC1091
|
||||||
|
source /etc/apache2/envvars
|
||||||
|
exec /usr/sbin/apache2 -DFOREGROUND
|
|
@ -4,6 +4,7 @@ December 2019 7.0
|
||||||
- YubiKey: support to configure multiple verification servers
|
- YubiKey: support to configure multiple verification servers
|
||||||
- Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
|
- Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
|
||||||
Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
|
Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
|
||||||
|
- Docker updates
|
||||||
- Fixed bugs:
|
- Fixed bugs:
|
||||||
-> Missing CSS for Duo
|
-> Missing CSS for Duo
|
||||||
-> Editing of DNs with comma on Windows (210)
|
-> Editing of DNs with comma on Windows (210)
|
||||||
|
|
|
@ -318,6 +318,10 @@
|
||||||
|
|
||||||
<para>You can run LAM inside Docker.</para>
|
<para>You can run LAM inside Docker.</para>
|
||||||
|
|
||||||
|
<para>Possible environment variables are documented in the <ulink
|
||||||
|
url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample
|
||||||
|
.env</ulink> file.</para>
|
||||||
|
|
||||||
<para>See here:</para>
|
<para>See here:</para>
|
||||||
|
|
||||||
<para><ulink
|
<para><ulink
|
||||||
|
|
Loading…
Reference in New Issue