If you need to test-drive your ldap authentication or need a test-server to test your ldap against, this docker-image could be of use. It does come with pre-deployed users and groups, so you can test authentication and filters right away.
Just run
sudo ./tls/generate-tls.sh ldap yes
docker-compose up -d
You can also run the prebuild images without any mounts
docker run -p 389:389 ghcr.io/eugenmayer/ldaptestserver:bitnami-type1
docker run -p 389:389 ghcr.io/eugenmayer/ldaptestserver:bitnami-type2
See the connection details under layout.
Using docker-compose.yml
, you will have 2 servers started as an example, with 2 slightly different layouts, based on data-template-type1.ldif
and data-template-type2.ldif
Server 1 has the port 10389
and the default domain example.org
- admin user:
- admin password:
Server 2 has the port 20389
and the default domain example.org
- admin user:
- admin password:
When you see the Users / Groups below, you need to replace the <LDAP_BASE_DN>
with the domain, so either dc=example,dc=org
BaseDN is dc=example,dc=org
- uid=user1id,ou=accounts,ou=base1,,<LDAP_BASE_DN>
- uid=user2id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included1id,ou=accounts,ou=base2,<LDAP_BASE_DN>
- uid=readonlyid,ou=other accounts,ou=base1,<LDAP_BASE_DN>
- uid=userExcludedeid,ou=accounts,ou=base1,<LDAP_BASE_DN>
Passwords do match the the uid
, so user1
for the user uid=user1,ou=accounts,<LDAP_BASE_DN>
and so on.
We have two groups
- cn=myservice,ou=groups,ou=base1,<LDAP_BASE_DN>
- cn=specialservice,ou=groups,ou=base1,<LDAP_BASE_DN>
first one with the following members
- uid=user1id,ou=accounts,ou=base1,,<LDAP_BASE_DN>
- uid=user2id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included1id,ou=accounts,ou=base2,<LDAP_BASE_DN>
and second one with
- uid=user1id,ou=accounts,ou=base1,,<LDAP_BASE_DN>
is dc=kontextwork-test,dc=de
- uid=included1id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included2id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included3id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=readonlyid,ou=other accounts,ou=base1,<LDAP_BASE_DN>
- uid=includedMissingMailid,ou=accounts,ou=base1<LDAP_BASE_DN>
- uid=excluded1id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=excluded2id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included1id,ou=accounts,ou=base2,<LDAP_BASE_DN>
Passwords do match the the uid
, so included1
for the user uid=included1,ou=accounts,<LDAP_BASE_DN>
and so on.
We have groups
- cn=myservice,ou=groupsou=base1,,<LDAP_BASE_DN>
- cn=otherservice,ou=groups,ou=base1,<LDAP_BASE_DN>
- cn=groupwithinvalid,ou=groups,ou=base1,<LDAP_BASE_DN>
- cn=differentservice,ou=groups,ou=base1,<LDAP_BASE_DN>
- cn=groupofgroups,ou=groups,ou=base1,<LDAP_BASE_DN>
with the following members
- uid=included1id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included2id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included3id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=includedMissingMailid,ou=accounts,ou=base1<LDAP_BASE_DN>
- uid=included1id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- uid=included2id,ou=accounts,ou=base1,<LDAP_BASE_DN>
- cn=otherservice,ou=groups,ou=base1,<LDAP_BASE_DN>
- cn=differentservice,ou=groups,ou=base1,<LDAP_BASE_DN>
- uid=includedMissingMailid,ou=accounts,ou=base1,<LDAP_BASE_DN>
You can build your images using your custom templates, custom password or LDAP_DOMAIN. See the Dockerfile
included here
and just make it your own, if you like. Also see the templates and see how you can adopt or modify them to your liking.
Important: If you rely on memberOf
you should ensure that your users are created before your groups in the ldif,
or memberOf will not work!
Now-days credits to the once again great docker image of Bitnami bitnami/openldap (and in the past, thanks to osixia/docker-openldap)