| # This is the default image startup configuration file |
| # this file define environment variables used during the container **first start** in **startup files**. |
| |
| # This file is deleted right after startup files are processed for the first time, |
| # after that all these values will not be available in the container environment. |
| # This helps to keep your container configuration secret. |
| # more information : https://github.com/osixia/docker-light-baseimage |
| |
| # Required and used for new ldap server only |
| LDAP_ORGANISATION: Example Inc. |
| LDAP_DOMAIN: example.org |
| LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN |
| |
| LDAP_ADMIN_PASSWORD: admin |
| LDAP_CONFIG_PASSWORD: config |
| |
| LDAP_READONLY_USER: false |
| LDAP_READONLY_USER_USERNAME: readonly |
| LDAP_READONLY_USER_PASSWORD: readonly |
| |
| LDAP_RFC2307BIS_SCHEMA: false |
| |
| # Backend |
| LDAP_BACKEND: mdb |
| |
| # Tls |
| LDAP_TLS: true |
| LDAP_TLS_CRT_FILENAME: ldap.crt |
| LDAP_TLS_KEY_FILENAME: ldap.key |
| LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem |
| LDAP_TLS_CA_CRT_FILENAME: ca.crt |
| |
| LDAP_TLS_ENFORCE: false |
| LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC |
| LDAP_TLS_VERIFY_CLIENT: demand |
| |
| # Replication |
| LDAP_REPLICATION: false |
| # variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD |
| # are automaticaly replaced at run time |
| |
| # if you want to add replication to an existing ldap |
| # adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration |
| # avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables |
| LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical |
| LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical |
| LDAP_REPLICATION_HOSTS: |
| - ldap://ldap.example.org # The order must be the same on all ldap servers |
| - ldap://ldap2.example.org |
| |
| |
| # Do not change the ldap config |
| # - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run. |
| # The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data. |
| # - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run. |
| KEEP_EXISTING_CONFIG: false |
| |
| # Remove config after setup |
| LDAP_REMOVE_CONFIG_AFTER_SETUP: true |
| |
| # ssl-helper environment variables prefix |
| LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables. |