From 980c3274415a5857b63e03e92b036aedf28f740d Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Mon, 2 Sep 2024 15:11:14 +0800
Subject: [PATCH] update openldap

---
 openldap/README.md          | 57 -------------------------------------
 openldap/docker-compose.yml | 54 ++++++++++++-----------------------
 2 files changed, 18 insertions(+), 93 deletions(-)

diff --git a/openldap/README.md b/openldap/README.md
index 681e9d1..3a87d6f 100644
--- a/openldap/README.md
+++ b/openldap/README.md
@@ -26,63 +26,6 @@ OpenLDAP Software is an open source implementation of the Lightweight Directory
 └── docker-compose.yml
 ```
 
-## docker-compose.yml
-
-```yaml
-version: "3.8"
-
-services:
-
-  openldap:
-    image: osixia/openldap
-    command: "--loglevel debug"
-    hostname: ldap.easypi.duckdns.org
-    ports:
-      - "389:389"
-      - "636:636"
-    volumes:
-      - ./data/certs:/container/service/slapd/assets/certs
-      - ./data/etc:/etc/ldap/slapd.d
-      - ./data/var:/var/lib/ldap
-      - ./data/run:/container/run
-    environment:
-      - LDAP_ORGANISATION=EasyPi
-      - LDAP_DOMAIN=ldap.easypi.duckdns.org
-      - LDAP_ADMIN_PASSWORD=admin
-      - LDAP_CONFIG_PASSWORD=config
-      - LDAP_TLS=true
-      - LDAP_TLS_CA_CRT_FILENAME=ca.crt
-      - LDAP_TLS_CRT_FILENAME=ldap.crt
-      - LDAP_TLS_KEY_FILENAME=ldap.key
-      - LDAP_TLS_VERIFY_CLIENT=try
-      - LDAP_TLS_ENFORCE=true
-    restart: unless-stopped
-  
-# phpldapadmin:
-#   image: osixia/phpldapadmin
-#   command: "--loglevel debug"
-#   ports:
-#     - "8080:80"
-#   environment:
-#     # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
-#     - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
-#     - PHPLDAPADMIN_HTTPS=false
-#     - PHPLDAPADMIN_TRUST_PROXY_SSL=true
-#   extra_hosts:
-#     - ldap.easypi.duckdns.org:x.x.x.x
-#   depends_on:
-#     - openldap
-#   restart: unless-stopped
-```
-
-> :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS:
->> openldap_1      | 5d8a7abe conn=1023 fd=12 ACCEPT from IP=172.29.0.1:59342 (IP=0.0.0.0:389)
->> openldap_1      | 5d8a7abe conn=1023 op=0 EXT oid=1.3.6.1.4.1.1466.20037
->> openldap_1      | 5d8a7abe conn=1023 op=0 STARTTLS
->> openldap_1      | 5d8a7abe conn=1023 op=0 RESULT oid= err=0 text=
->> openldap_1      | 5d8a7abe conn=1023 fd=12 TLS established tls_ssf=256 ssf=256
->> openldap_1      | 5d8a7abe conn=1023 fd=12 closed (connection lost)
-
 ## Create Keys and Certificates
 
 ```bash
diff --git a/openldap/docker-compose.yml b/openldap/docker-compose.yml
index 228fa93..8270360 100644
--- a/openldap/docker-compose.yml
+++ b/openldap/docker-compose.yml
@@ -3,42 +3,24 @@ version: "3.8"
 services:
 
   openldap:
-    image: osixia/openldap
-    command: "--loglevel debug"
-    hostname: ldap.easypi.duckdns.org
+    image: bitnami/openldap:2.6
     ports:
-      - "389:389"
-      - "636:636"
+    - "389:389"
+    - "636:636"
     volumes:
-      - ./data/certs:/container/service/slapd/assets/certs
-      - ./data/etc:/etc/ldap/slapd.d
-      - ./data/var:/var/lib/ldap
-      - ./data/run:/container/run
+    - ./data:/bitnami/openldap
     environment:
-      - LDAP_ORGANISATION=EasyPi
-      - LDAP_DOMAIN=ldap.easypi.duckdns.org
-      - LDAP_ADMIN_PASSWORD=admin
-      - LDAP_CONFIG_PASSWORD=config
-      - LDAP_TLS=true
-      - LDAP_TLS_CA_CRT_FILENAME=ca.crt
-      - LDAP_TLS_CRT_FILENAME=ldap.crt
-      - LDAP_TLS_KEY_FILENAME=ldap.key
-      - LDAP_TLS_VERIFY_CLIENT=try
-      - LDAP_TLS_ENFORCE=true
-    restart: unless-stopped
-  
-# phpldapadmin:
-#   image: osixia/phpldapadmin
-#   command: "--loglevel debug"
-#   ports:
-#     - "8080:80"
-#   environment:
-#     # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.duckdns.org':[{'server':[{'tls':True}]}]}]
-#     - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.duckdns.org/
-#     - PHPLDAPADMIN_HTTPS=false
-#     - PHPLDAPADMIN_TRUST_PROXY_SSL=true
-#   extra_hosts:
-#     - ldap.easypi.duckdns.org:x.x.x.x
-#   depends_on:
-#     - openldap
-#   restart: unless-stopped
+    - LDAP_PORT_NUMBER=389
+    - LDAP_ROOT=dc=example,dc=org
+    - LDAP_ADMIN_USERNAME=admin
+    - LDAP_ADMIN_PASSWORD=admin
+    - LDAP_USERS=customuser
+    - LDAP_PASSWORDS=custompassword
+    - LDAP_ADMIN_DN=cn=admin,dc=example,dc=org
+    - LDAP_ENABLE_TLS=yes
+    - LDAP_REQUIRE_TLS=yes
+    - LDAP_LDAPS_PORT_NUMBER=636
+    - LDAP_TLS_CERT_FILE=/bitnami/openldap/certs/ldap.crt
+    - LDAP_TLS_KEY_FILE=/bitnami/openldap/certs/ldap.key
+    - LDAP_TLS_CA_FILE=/bitnami/openldap/certs/ca.crt
+  restart: unless-stopped