Use samba ad container for ldap

2024-04-24 11:24:46 +01:00
parent 463200cfb3
commit 33ffc14e6b
6 changed files with 122 additions and 29 deletions
@@ -0,0 +1,14 @@
+FROM ubuntu:20.04
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install samba krb5-config winbind smbclient
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install iproute2
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install openssl
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install vim
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install ldap-utils
+
+RUN rm /etc/krb5.conf
+RUN mkdir -p /opt/ad-scripts
+
+WORKDIR /opt/ad-scripts
+
+CMD chmod +x *.sh && ./samba-ad-setup.sh && ./samba-ad-run.sh
@@ -0,0 +1,25 @@
+version: '3.7'
+
+services:
+  ldap:
+    tty: true
+    network_mode: bridge
+    hostname: ldap.example.com
+    ports:
+      - "389:389"
+      - "636:636"
+    cap_add:
+      - SYS_ADMIN
+    environment:
+      SMB_ADMIN_PASSWORD: admin123!
+    volumes:
+      - ./:/opt/ad-scripts
+    healthcheck:
+      test: ldapsearch -x -H ldap://localhost:389 -b '' -D DEV-AD\\Administrator -w admin123! -s base
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 5s
+    build:
+      context: .
+      dockerfile: Dockerfile
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -e
+
+[ -f /var/lib/samba/.setup ] || {
+    >&2 echo "[ERROR] Samba is not setup yet, which should happen automatically. Look for errors!"
+    exit 127
+}
+
+cat << EOF > /var/lib/samba/private/smb.conf
+# Global parameters
+[global]
+	dns forwarder = 192.168.65.7
+	#server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
+	server services = ldap
+
+	netbios name = LDAP
+	realm = LDAP.EXAMPLE.COM
+	server role = active directory domain controller
+	workgroup = DEV-AD
+	idmap_ldb:use rfc2307 = yes
+	ldap server require strong auth = no
+	allow dns updates = disabled
+[sysvol]
+	path = /var/lib/samba/sysvol
+	read only = No
+
+[netlogon]
+	path = /var/lib/samba/sysvol/ldap.example.com/scripts
+	read only = No
+EOF
+
+samba -i -s /var/lib/samba/private/smb.conf
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+info () {
+    echo "[INFO] $@"
+}
+
+info "Running setup"
+
+# Check if samba is setup
+[ -f /var/lib/samba/.setup ] && info "Already setup..." && exit 0
+
+info "Provisioning domain controller..."
+
+info "Given admin password: ${SMB_ADMIN_PASSWORD}"
+
+rm /etc/samba/smb.conf
+
+samba-tool domain provision\
+ --server-role=dc\
+ --use-rfc2307\
+ --dns-backend=SAMBA_INTERNAL\
+ --realm=`hostname`\
+ --domain=DEV-AD\
+ --adminpass=${SMB_ADMIN_PASSWORD}\
+ --option='server services = ldap'
+
+mv /etc/samba/smb.conf /var/lib/samba/private/smb.conf
+
+touch /var/lib/samba/.setup