Replaced phpLDAPadmin with ldap-account-manager.

- Replaced phpLDAPadmin with ldap-account-manager as the webui.
- Added nss-pam-ldapd as a test client.

README.md

 # LDAP Docker
 
-> A dockerized OpenLDAP with phpLDAPadmin webui.
+> A dockerized OpenLDAP with LDAP Account Manager.
 
 ## Requirements
 

docker-compose.yml

@@ -11,18 +11,28 @@ services:
             LDAP_ROOTPASS: foo
             LDAP_DOMAIN: nowhere.com
             LDAP_ORGANIZATION: none
-    phpldapadmin:
+
+    nss-pam-ldapd:
         build:
-            context: phpldapadmin/
+            context: nss-pam-ldapd/
+        command: /usr/sbin/nslcd --debug --nofork
+        environment:
+            LDAP_BASE_DN: 'dc=nowhere,dc=com'
+        volumes:
+            - _run_ldap:/run/slapd
+
+    ldap-account-manager:
+        build:
+            context: ldap-account-manager/
         links:
             - slapd
         volumes:
             - _run_ldap:/run/slapd
-        environment:
-            PLA_BASE_DN: 'dc=nowhere,dc=com'
-            PLA_BIND_ID: 'cn=admin,dc=nowhere,dc=com'
+            - ldap-account-manager:/var/lib/ldap-account-manager
         ports:
             - 80:80
+
 volumes:
     _run_ldap:
     ldap:
+    ldap-account-manager:

ldap-account-manager/Dockerfile

+FROM debian:buster-slim
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        ldap-account-manager\
+        wget \
+    && \
+    ln -sf /dev/stdout /var/log/apache2/access.log && \
+    ln -sf /dev/stderr /var/log/apache2/error.log && \
+    ln -sf /dev/stdout /var/log/apache2/lam.log && \
+    mv /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg && \
+    ln -sf /var/lib/ldap-account-manager/config/config.cfg /etc/ldap-account-manager/config.cfg && \
+    mv /var/lib/ldap-account-manager /var/lib/ldap-account-manager.orig && \
+    mkdir -m 755 /var/lib/ldap-account-manager && \
+    sed -i 's@SYSLOG@/var/log/apache2/lam.log@' /var/lib/ldap-account-manager.orig/config/config.cfg && \
+    sed -i '/<\/VirtualHost>/i RedirectMatch permanent "^/$" "/lam"' /etc/apache2/sites-enabled/000-default.conf && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+COPY --chown=root:root entrypoint /entrypoint
+ENV APACHE_RUN_DIR=/run/apache2 \
+    APACHE_LOG_DIR=/var/log/apache2 \
+    APACHE_RUN_USER=www-data \
+    APACHE_RUN_GROUP=www-data \
+    APACHE_PID_FILE=/run/apache2/apache2.pid
+EXPOSE 80
+VOLUME /var/lib/ldap-account-manager
+ENTRYPOINT [ "/entrypoint" ]
+CMD [ "apache2", "-DFOREGROUND" ]
+HEALTHCHECK CMD wget --spider --quiet http://localhost/lam || exit 1

ldap-account-manager/README.md

+# LDAP Account Manager
+
+> Dockerized LDAP Account Manager.
+
+## Usage
+
+The image isn't configured with environment variables, instead it uses a volume
+for `/var/lib/ldap-account-manager` that contains the application's
+configuration files. On first run the default files are copied to the volume and
+the configuration is done through the application itself.

ldap-account-manager/entrypoint

+#!/bin/sh
+set -eux
+
+chown root:root /var/lib/ldap-account-manager
+chmod 755 /var/lib/ldap-account-manager
+cp --archive --no-clobber --verbose --no-target-directory /var/lib/ldap-account-manager.orig /var/lib/ldap-account-manager
+eval exec "$@"

nss-pam-ldapd/.dockerignore

+*.md

nss-pam-ldapd/Dockerfile

+FROM debian:stretch-slim
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        ca-certificates \
+        gosu \
+        libnss-ldapd \
+        libpam-ldapd \
+    && \
+    mkdir -p /run/nslcd && \
+    chown -R nslcd:nslcd /run/nslcd/ && \
+    sed -i 's/compat/compat ldap/g' /etc/nsswitch.conf && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/* /etc/nslcd.conf
+COPY --chown=root:root entrypoint /
+ENV LDAP_URIS=ldapi:/// \
+    LDAP_AUTH_TYPE=none \
+    LDAP_STARTTLS=false \
+    LDAP_BASE_DN="dc=trusted" \
+    LDAP_CACERTFILE=/etc/ssl/certs/ca-certificates.crt
+ENTRYPOINT [ "/entrypoint" ]
+CMD [ "/usr/sbin/nslcd", "--nofork" ]
+HEALTHCHECK CMD pgrep nslcd || exit 1

nss-pam-ldapd/README.md

+# nss-pam-ldapd
+
+> Dockerized example nss-pam-ldapd.
+
+## Usage
+
+The process running inside the container is `nslcd` which is the nameserver
+daemon. To use this container, execute a different process (like `su` or
+`getent`) inside the container.
+
+## Environment variables
+
+Name | Default value
+--- | ---
+`LDAP_URIS` | `ldapi:///`
+`LDAP_AUTH_TYPE` | `none`
+`LDAP_BINDDN`
+`LDAP_STARTTLS` | `false`
+`LDAP_BASE_DN` | `dc=trusted`
+`LDAP_CACERTFILE` | `/etc/ssl/certs/ca-certificates.crt`

nss-pam-ldapd/entrypoint

+#!/bin/sh
+set -eux
+
+chown -R nslcd:nslcd /run/nslcd
+
+cat << EOF | debconf-set-selections -v
+nslcd nslcd/ldap-uris string ${LDAP_URIS:-}
+nslcd	nslcd/ldap-bindpw	password	${LDAP_BINDPW:-}
+nslcd	nslcd/ldap-auth-type	select	${LDAP_AUTH_TYPE:-}
+nslcd	nslcd/ldap-binddn	string	${LDAP_BINDDN:-}
+nslcd	nslcd/ldap-sasl-authcid	string	${LDAP_SASL_AUTHCID:-}
+nslcd	nslcd/ldap-reqcert	select	${LDAP_REQCERT:-}
+nslcd	nslcd/ldap-sasl-realm	string	${LDAP_SASL_REALM:-}
+nslcd	nslcd/ldap-starttls	boolean	${LDAP_STARTTLS:-}
+nslcd	nslcd/ldap-base	string	${LDAP_BASE_DN:-}
+nslcd	nslcd/ldap-sasl-authzid	string	${LDAP_SASL_AUTHZID:-}
+nslcd	nslcd/ldap-sasl-mech	select	${LDAP_SASL_MECH:-}
+nslcd	nslcd/ldap-cacertfile	string	${LDAP_CACERTFILE:-}
+nslcd	nslcd/ldap-sasl-secprops	string	${LDAP_SASL_SECPROPS:-}
+EOF
+
+dpkg-reconfigure -f noninteractive nslcd
+
+eval exec gosu "nslcd:nslcd" "$@"

phpldapadmin/Dockerfile

-FROM alpine:3.8
-RUN apk add --update --no-cache phpldapadmin php5-apache2 php5-openssl && \
-    ln -sf /dev/stdout /var/log/apache2/access.log && \
-    ln -sf /dev/stderr /var/log/apache2/error.log && \
-    mkdir -p /run/apache2/
-
-COPY --chown=root:root config.php /usr/share/webapps/phpldapadmin/config/
-COPY --chown=root:root phpldapadmin.conf /etc/apache2/conf.d/
-ENV PLA_HOST=ldapi://%2frun%2fslapd%2fldapi
-CMD [ "httpd", "-DFOREGROUND" ]
-HEALTHCHECK CMD wget --spider --quiet http://localhost/htdocs/index.php || exit 1

phpldapadmin/README.md

-# phpLDAPadmin
-
-> Dockerized phpLDAPadmin.
-
-## Environment variables
-
-Name | Default value
---- | ---
-`PLA_NAME` | `LDAP server`
-`PLA_HOST` | `slapd`
-`PLA_PORT` | `389`
-`PLA_BASE` |
-`PLA_AUTH_TYPE` | `cookie`
-`PLA_BIND_ID` |
-`PLA_TLS` | `false`

phpldapadmin/config.php

-<?php
-
-$servers = new Datastore();
-
-$servers->newServer('ldap_pla');
-$servers->setValue('server', 'name', getenv('PLA_NAME') ?: 'LDAP Server');
-$servers->setValue('server', 'host', getenv('PLA_HOST') ?: 'slapd');
-$servers->setValue('server', 'port', getenv('PLA_PORT') ?: '389');
-$servers->setValue('server', 'base', array(getenv('PLA_BASE_DN') ?: ''));
-$servers->setValue('login', 'auth_type', getenv('PLA_AUTH_TYPE') ?: 'cookie');
-$servers->setValue('login', 'bind_id', getenv('PLA_BIND_ID') ?: '');
-$servers->setValue('server', 'tls', strtolower(getenv('PLA_TLS') ?: 'false') == 'true');
-
-?>

phpldapadmin/phpldapadmin.conf

-<VirtualHost _default_:80>
-    DocumentRoot /usr/share/webapps/phpldapadmin/
-</VirtualHost>
-
-<Directory /usr/share/webapps/phpldapadmin/>
-
-    DirectoryIndex index.php
-    Options +FollowSymLinks
-    AllowOverride None
-
-    Require all granted
-
-    <IfModule mod_mime.c>
-
-      <IfModule mod_php5.c>
-        AddType application/x-httpd-php .php
-
-        php_flag magic_quotes_gpc Off
-        php_flag track_vars On
-        php_flag register_globals Off
-        php_value include_path .
-      </IfModule>
-
-      <IfModule !mod_php5.c>
-        <IfModule mod_actions.c>
-          <IfModule mod_cgi.c>
-            AddType application/x-httpd-php .php
-            Action application/x-httpd-php /cgi-bin/php5
-          </IfModule>
-          <IfModule mod_cgid.c>
-            AddType application/x-httpd-php .php
-            Action application/x-httpd-php /cgi-bin/php5
-           </IfModule>
-        </IfModule>
-      </IfModule>
-
-    </IfModule>
-
-</Directory>