71 lines
3.1 KiB
YAML
71 lines
3.1 KiB
YAML
# This is the default image startup configuration file
|
|
# this file define environment variables used during the container **first start** in **startup files**.
|
|
|
|
# This file is deleted right after startup files are processed for the first time,
|
|
# after that all these values will not be available in the container environment.
|
|
# This helps to keep your container configuration secret.
|
|
# more information : https://github.com/osixia/docker-light-baseimage
|
|
|
|
# Required and used for new ldap server only
|
|
LDAP_ORGANISATION: Example Inc.
|
|
LDAP_DOMAIN: example.org
|
|
LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
|
|
|
|
LDAP_ADMIN_PASSWORD: admin
|
|
LDAP_CONFIG_PASSWORD: config
|
|
|
|
LDAP_READONLY_USER: false
|
|
LDAP_READONLY_USER_USERNAME: readonly
|
|
LDAP_READONLY_USER_PASSWORD: readonly
|
|
|
|
LDAP_RFC2307BIS_SCHEMA: false
|
|
|
|
# Backend
|
|
LDAP_BACKEND: mdb
|
|
|
|
# Tls
|
|
LDAP_TLS: true
|
|
LDAP_TLS_CRT_FILENAME: ldap.crt
|
|
LDAP_TLS_KEY_FILENAME: ldap.key
|
|
LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
|
|
LDAP_TLS_CA_CRT_FILENAME: ca.crt
|
|
|
|
LDAP_TLS_ENFORCE: false
|
|
LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
|
|
LDAP_TLS_VERIFY_CLIENT: demand
|
|
|
|
# Replication
|
|
LDAP_REPLICATION: false
|
|
# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
|
|
# are automaticaly replaced at run time
|
|
|
|
# if you want to add replication to an existing ldap
|
|
# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
|
|
# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
|
|
LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials="$LDAP_CONFIG_PASSWORD" searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
|
|
LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials="$LDAP_ADMIN_PASSWORD" searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
|
|
LDAP_REPLICATION_HOSTS:
|
|
- ldap://ldap.example.org # The order must be the same on all ldap servers
|
|
- ldap://ldap2.example.org
|
|
|
|
# Do not change the ldap config
|
|
# - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
|
|
# The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
|
|
# - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
|
|
KEEP_EXISTING_CONFIG: false
|
|
|
|
# Remove config after setup
|
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
|
|
|
|
# ssl-helper environment variables prefix
|
|
LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
|
|
|
|
SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd
|
|
|
|
# Internal seeding. For example, for services in Gitlab CI.
|
|
LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE:
|
|
LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE:
|
|
LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE:
|
|
LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE:
|
|
LDAP_SEED_INTERNAL_LDIF_PATH:
|
|
LDAP_SEED_INTERNAL_SCHEMA_PATH: |