Skip to content

Restore minimal LDAP compose #2043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
t-aleksander merged 1 commit into from
Feb 11, 2026
Merged

Restore minimal LDAP compose #2043

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 34 additions & 20 deletions docker-compose.ldap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,12 @@
version: "3"

services:
core:
image: ghcr.io/defguard/defguard:latest
build:
context: .
dockerfile: Dockerfile
environment:
DEFGUARD_LDAP_URL: ldap://openldap:1389
DEFGUARD_LDAP_BIND_USERNAME: cn=user,ou=users,dc=example,dc=org
DEFGUARD_LDAP_BIND_PASSWORD: user
DEFGUARD_LDAP_USER_SEARCH_BASE: "ou=users,dc=example,dc=org"
DEFGUARD_LDAP_GROUP_SEARCH_BASE: "ou=groups,dc=example,dc=org"
DEFGUARD_COOKIE_INSECURE: "true"
DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94
DEFGUARD_AUTH_SECRET: defguard-auth-secret
DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret
DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret
Expand All @@ -20,7 +15,7 @@ services:
DEFGUARD_DB_USER: defguard
DEFGUARD_DB_PASSWORD: defguard
DEFGUARD_DB_NAME: defguard
DEFGUARD_URL: http://localhost:3000
DEFGUARD_URL: http://localhost:8000
RUST_BACKTRACE: 1
ports:
# rest api
Expand All @@ -46,7 +41,7 @@ services:
- NET_ADMIN

db:
image: postgres:15-alpine
image: postgres:17-alpine
environment:
POSTGRES_DB: defguard
POSTGRES_USER: defguard
Expand All @@ -58,27 +53,46 @@ services:

device:
build:
dockerfile: Dockerfile.device
context: .
dockerfile: Dockerfile.device
depends_on:
- gateway
cap_add:
- NET_ADMIN

vector:
image: timberio/vector:latest-alpine
profiles:
- observability
container_name: vector
volumes:
- ./configs/vector.yaml:/etc/vector/vector.yaml:ro
- ./configs/key.pem:/etc/vector/key.pem:ro
- ./configs/cert.pem:/etc/vector/cert.pem:ro
command: ["--config", "/etc/vector/vector.yaml"]
ports:
- "8686:8686"
- "8001:8001"

logstash:
image: docker.elastic.co/logstash/logstash:8.14.0
profiles:
- observability
ports:
- "8002:8002"
volumes:
- ./configs/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro

openldap:
image: bitnami/openldap:2.6
image: bitnamilegacy/openldap:2.6
user: root
restart: unless-stopped
environment:
LDAP_EXTRA_SCHEMAS: "cosine,inetorgperson,nis,openssh-lpk_openldap,samba,gnupg-ldap-schema,orion"
LDAP_ADMIN_PASSWORD: "pass123"
ports:
- "389:1389"
volumes:
- ./ldap-initdb.d:/docker-entrypoint-initdb.d:ro
- ./ldif/gnupg-ldap-schema.ldif:/opt/bitnami/openldap/etc/schema/gnupg-ldap-schema.ldif:ro
- ./ldif/openssh-lpk_openldap.ldif:/opt/bitnami/openldap/etc/schema/openssh-lpk_openldap.ldif:ro
- ./ldif/orion.ldif:/opt/bitnami/openldap/etc/schema/orion.ldif:ro
- ./ldif/samba.ldif:/opt/bitnami/openldap/etc/schema/samba.ldif:ro
- ./ldif/init.ldif:/ldifs/init.ldif:ro
- ./ldif/custom.ldif:/schema/custom.ldif:ro
- ./.volumes_ldap/openldap:/bitnami/openldap
- ./ldap/entrypoint:/docker-entrypoint-initdb.d:ro
- ./ldap/init.ldif:/ldifs/init.ldif:ro
- ./ldap/custom.ldif:/schema/custom.ldif:ro
- ./.volumes/openldap:/bitnami/openldap
18 changes: 0 additions & 18 deletions ldap-initdb.d/set_access.sh
View file
Open in desktop

This file was deleted.

0 ldif/custom.ldif → ldap/custom.ldif
View file
Open in desktop
File renamed without changes.
22 changes: 22 additions & 0 deletions ldap/entrypoint/set_access.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
. /opt/bitnami/scripts/libopenldap.sh

ldap_start_bg

echo "Setting custom access permissions for ${LDAP_ROOT}"

cat <<EOF | ldapmodify -Y EXTERNAL -H "ldapi:///"
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
replace: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange
by self write
by group/groupOfUniqueNames/uniqueMember.exact="cn=admin,ou=groups,${LDAP_ROOT}" write
by anonymous auth
olcAccess: to *
by self write
by group/groupOfUniqueNames/uniqueMember.exact="cn=admin,ou=groups,${LDAP_ROOT}" write
by * read
EOF


ldap_stop
15 changes: 15 additions & 0 deletions ldap/init.ldif
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: Example Org

dn: ou=users,dc=example,dc=org
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=example,dc=org
ou: groups
objectClass: organizationalUnit
objectClass: top
209 changes: 0 additions & 209 deletions ldif/gnupg-ldap-schema.ldif
View file
Open in desktop

This file was deleted.

Loading
Loading