Sunday, May 6, 2018

Apache DS in docker

https://github.com/greggigon/apacheds

docker run -d --rm --name apacheds -p 10389:10389 greggigon/apacheds

docker exec -ti apacheds bash

ps -ef

UID PID PPID C STIME TTY TIME CMD
root 1 0 0 18:48 ? 00:00:00 /bin/bash /usr/local/bin/apacheds.sh
apacheds 93 1 0 03:40 ? 00:00:01 /opt/apacheds-2.0.0_M24/bin/wrapper /var/lib/apacheds-2.0.0_M24/default/conf/wrapper-instance.conf set.INSTANCE_DIRECTORY=/var/lib/apacheds-2.0.0_M24/default set.A
apacheds 95 93 1 03:40 ? 00:00:10 java -Dlog4j.configuration=file:////var/lib/apacheds-2.0.0_M24/default/conf/log4j.properties -Dapacheds.var.dir=/var/lib/apacheds-2.0.0_M24/default -Dapacheds.log.



binaries are in /opt/apacheds-2.0.0_M24/ , logs in /var/lib/apacheds-2.0.0_M24/default/log/apacheds.log

you can use this Bind DN:
uid=admin,ou=system
with password:
secret

this should give you ldapmodify :
sudo yum install openldap-clients

You can connect with ldapmodify https://cwiki.apache.org/confluence/display/DIRxSRVx10/2.2.2.+Command+line+tools

ldapmodify -p 10389 -h 127.0.0.1 -D "uid=admin,ou=system" -w secret
#search all
ldapsearch -h 127.0.0.1 -p 10389  -D "uid=admin,ou=system" -w secret "(objectClass=*)"
#search only one domain
ldapsearch -x -h 127.0.0.1 -p 10389  -D "uid=admin,ou=system" -w secret -b 'dc=example,dc=com' '(objectclass=*)'


(see page 312 of the Wildfly Configuration Deployment Administration 2nd Edition" book)

here a sample LDIF file you can import with
ldapmodify -p 10389 -h 127.0.0.1 -D "uid=admin,ou=system" -w secret -a -f example.ldif


dn: dc=example,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
dc: example
o: MCC

dn: ou=People,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=admin,ou=People,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: admin
cn: Manager
sn: Manager
userPassword: secret

dn: ou=Roles,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles

dn: cn=Manager,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: Manager
description: the JBossAS7 group
member: uid=admin,ou=People,dc=example,dc=com

You can download jxplorer (see https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=29757) , login as "uid=admin,ou=system" password secret, then Tool/Import

I am using now Apache Directory Studio, it seems more advanced than jxplorer.

https://cwiki.apache.org/confluence/download/attachments/29756/apache_ds_tutorial.ldif?version=1&modificationDate=1164515728000&api=v2&download=true

but it fails.... totally broken it seems...

Better start reading the ApacheDS Basic User Guide http://directory.apache.org/apacheds/basic-user-guide.html


LDAP basic tutorial







let me quickly say that LDAP SUCKS big time, this technology is Stone-Age old and pathetically complex and brittle.


http://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html how to add a partition o=sevenSeas


Excellent basic intro to LDAP concepts https://www.digitalocean.com/community/tutorials/understanding-the-ldap-protocol-data-hierarchy-and-entry-components


Complete code to connect to LDAP and run a query

package org.pierre.pvldapconnect;

import java.util.Hashtable;
import java.util.Properties;

import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;

public class LDAPConnect {
 public static void main(String[] args) throws Exception {
  //build a hashtable containing all the necessary configuration parameters
  Hashtable<String, String> environment = new Hashtable<String, String>();

  Properties conf;
  environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  environment.put(Context.PROVIDER_URL, "ldap://localhost:10389");
  environment.put(Context.SECURITY_AUTHENTICATION, "simple");
  environment.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
  environment.put(Context.SECURITY_CREDENTIALS, "secret");

  // connect to LDAP
  DirContext context = new InitialDirContext(environment);
  System.out.println("Connected..");
        System.out.println(context.getEnvironment());
    
        

  // Specify the search filter
  String FILTER = "(&(objectClass=person) ((cn=\"pierluigivernetto\")))";

  // limit returned attributes to those we care about
  String[] attrIDs = { "sn", "cn" };

  SearchControls ctls = new SearchControls();
  ctls.setReturningAttributes(attrIDs);
  ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);

  // Search for objects using filter and controls
  final String ldapSearchBase = "dc=example,dc=com";
  NamingEnumeration<SearchResult> answer = context.search(ldapSearchBase, FILTER, ctls);
  while (answer.hasMore()) {
   SearchResult result = answer.next();
   System.out.println(result.toString());
  }

 }

}



No comments: