|
|
|
|
@ -1,11 +1,24 @@
|
|
|
|
|
version: "3" |
|
|
|
|
|
|
|
|
|
# For LDAPS with certificate validation: |
|
|
|
|
# How to extract the TLS certificate from the OpenLDAP container, and encode it for the Dex config (`rootCAData`): |
|
|
|
|
# $ docker-compose exec ldap cat /container/run/service/slapd/assets/certs/ca.crt | base64 -w 0 |
|
|
|
|
# But note this issue: https://github.com/osixia/docker-openldap/issues/506 |
|
|
|
|
|
|
|
|
|
services: |
|
|
|
|
ldap: |
|
|
|
|
image: osixia/openldap:1.4.0 |
|
|
|
|
# Copying is required because the entrypoint modifies the *.ldif files. |
|
|
|
|
# For verbose output, use: command: ["--copy-service", "--loglevel", "debug"] |
|
|
|
|
command: ["--copy-service"] |
|
|
|
|
environment: |
|
|
|
|
# Required if using LDAPS: |
|
|
|
|
# Since Dex doesn't use a client TLS certificate, downgrade from "demand" to "try". |
|
|
|
|
LDAP_TLS_VERIFY_CLIENT: try |
|
|
|
|
# The hostname is required if using LDAPS with certificate validation. |
|
|
|
|
# In Dex, use the same hostname (with port) for `connectors[].config.host`. |
|
|
|
|
#hostname: YOUR-HOSTNAME |
|
|
|
|
# |
|
|
|
|
# https://github.com/osixia/docker-openldap#seed-ldap-database-with-ldif |
|
|
|
|
# Option 1: Add custom seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/custom/ |
|
|
|
|
# Option 2: Overwrite default seed file -> mount to /container/service/slapd/assets/config/bootstrap/ldif/ |
|
|
|
|
|
Martin Heide
5 years ago