Sunday, May 6, 2018

Apache DS in docker

docker run -d --rm --name apacheds -p 10389:10389 greggigon/apacheds

docker exec -ti apacheds bash

ps -ef

root 1 0 0 18:48 ? 00:00:00 /bin/bash /usr/local/bin/
apacheds 93 1 0 03:40 ? 00:00:01 /opt/apacheds-2.0.0_M24/bin/wrapper /var/lib/apacheds-2.0.0_M24/default/conf/wrapper-instance.conf set.INSTANCE_DIRECTORY=/var/lib/apacheds-2.0.0_M24/default set.A
apacheds 95 93 1 03:40 ? 00:00:10 java -Dlog4j.configuration=file:////var/lib/apacheds-2.0.0_M24/default/conf/ -Dapacheds.var.dir=/var/lib/apacheds-2.0.0_M24/default -Dapacheds.log.

binaries are in /opt/apacheds-2.0.0_M24/ , logs in /var/lib/apacheds-2.0.0_M24/default/log/apacheds.log

you can use this Bind DN:
with password:

this should give you ldapmodify :
sudo yum install openldap-clients

You can connect with ldapmodify

ldapmodify -p 10389 -h -D "uid=admin,ou=system" -w secret
#search all
ldapsearch -h -p 10389  -D "uid=admin,ou=system" -w secret "(objectClass=*)"
#search only one domain
ldapsearch -x -h -p 10389  -D "uid=admin,ou=system" -w secret -b 'dc=example,dc=com' '(objectclass=*)'

(see page 312 of the Wildfly Configuration Deployment Administration 2nd Edition" book)

here a sample LDIF file you can import with
ldapmodify -p 10389 -h -D "uid=admin,ou=system" -w secret -a -f example.ldif

dn: dc=example,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
dc: example
o: MCC

dn: ou=People,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=admin,ou=People,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: admin
cn: Manager
sn: Manager
userPassword: secret

dn: ou=Roles,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles

dn: cn=Manager,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: Manager
description: the JBossAS7 group
member: uid=admin,ou=People,dc=example,dc=com

You can download jxplorer (see , login as "uid=admin,ou=system" password secret, then Tool/Import

I am using now Apache Directory Studio, it seems more advanced than jxplorer.

but it fails.... totally broken it seems...

Better start reading the ApacheDS Basic User Guide

LDAP basic tutorial

let me quickly say that LDAP SUCKS big time, this technology is Stone-Age old and pathetically complex and brittle. how to add a partition o=sevenSeas

Excellent basic intro to LDAP concepts

Complete code to connect to LDAP and run a query

package org.pierre.pvldapconnect;

import java.util.Hashtable;
import java.util.Properties;

import javax.naming.*;
import javax.naming.ldap.*;

public class LDAPConnect {
 public static void main(String[] args) throws Exception {
  //build a hashtable containing all the necessary configuration parameters
  Hashtable<String, String> environment = new Hashtable<String, String>();

  Properties conf;
  environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  environment.put(Context.PROVIDER_URL, "ldap://localhost:10389");
  environment.put(Context.SECURITY_AUTHENTICATION, "simple");
  environment.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
  environment.put(Context.SECURITY_CREDENTIALS, "secret");

  // connect to LDAP
  DirContext context = new InitialDirContext(environment);

  // Specify the search filter
  String FILTER = "(&(objectClass=person) ((cn=\"pierluigivernetto\")))";

  // limit returned attributes to those we care about
  String[] attrIDs = { "sn", "cn" };

  SearchControls ctls = new SearchControls();

  // Search for objects using filter and controls
  final String ldapSearchBase = "dc=example,dc=com";
  NamingEnumeration<SearchResult> answer =, FILTER, ctls);
  while (answer.hasMore()) {
   SearchResult result =;



No comments: