docker.recipes

OpenLDAP

advanced

Full-featured LDAP directory server.

Overview

OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP), originally developed by the University of Michigan and now maintained by the OpenLDAP Foundation. As a robust directory server, OpenLDAP provides centralized authentication, authorization, and directory information services for organizations of all sizes. It serves as the backbone for user management, storing organizational data in a hierarchical tree structure that can be efficiently queried and maintained across distributed networks. This Docker stack combines the osixia/openldap server with phpLDAPadmin, creating a complete directory service solution with web-based management capabilities. The OpenLDAP container handles all directory operations, user authentication, and LDAP protocol communications, while phpLDAPadmin provides an intuitive web interface for administrators to manage directory entries, organizational units, and user accounts without requiring command-line LDAP tools. This combination is ideal for system administrators who need enterprise-grade directory services with modern web-based management. Small to medium businesses can deploy this stack to centralize user authentication across multiple applications, while developers can use it for testing LDAP integration in their applications. The containerized approach eliminates the complexity of traditional OpenLDAP installations while maintaining full functionality and security features.

Key Features

  • Full RFC-compliant LDAP v3 directory server with multi-master replication support
  • Hierarchical directory structure with customizable organizational units and schema
  • Built-in support for both plaintext (389) and TLS-encrypted (636) LDAP connections
  • phpLDAPadmin web interface with tree-based directory browsing and entry editing
  • SASL authentication mechanisms including GSSAPI, DIGEST-MD5, and PLAIN
  • Advanced access control lists (ACL) for fine-grained permission management
  • Schema extension capabilities for custom attributes and object classes
  • Automatic LDIF import/export functionality for directory backup and migration

Common Use Cases

  • 1Corporate user authentication for applications like GitLab, Jenkins, and wiki systems
  • 2Centralized employee directory with contact information and organizational hierarchy
  • 3Single sign-on (SSO) backend for web applications and enterprise software
  • 4Development environment for testing LDAP integration in custom applications
  • 5Small business network authentication replacing Active Directory
  • 6Educational institutions managing student and faculty accounts across multiple systems
  • 7Homelab environments for learning directory services and authentication protocols

Prerequisites

  • Minimum 512MB RAM allocated to Docker (OpenLDAP requires 256MB, phpLDAPadmin needs 128MB)
  • Ports 389, 636, and 8080 available on the host system
  • Basic understanding of LDAP concepts including DN, DC, CN, and OU structures
  • Knowledge of LDIF format for importing/exporting directory data
  • SSL/TLS certificates if planning to use secure LDAP connections in production
  • Backup strategy for persistent volumes containing directory data and configuration

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  openldap: 
3    image: osixia/openldap:latest
4    container_name: openldap
5    restart: unless-stopped
6    environment: 
7      LDAP_ORGANISATION: "Example Inc."
8      LDAP_DOMAIN: example.com
9      LDAP_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
10    volumes: 
11      - openldap_data:/var/lib/ldap
12      - openldap_config:/etc/ldap/slapd.d
13    ports: 
14      - "389:389"
15      - "636:636"
16
17  phpldapadmin: 
18    image: osixia/phpldapadmin:latest
19    container_name: phpldapadmin
20    restart: unless-stopped
21    environment: 
22      PHPLDAPADMIN_LDAP_HOSTS: openldap
23      PHPLDAPADMIN_HTTPS: "false"
24    ports: 
25      - "8080:80"
26    depends_on: 
27      - openldap
28
29volumes: 
30  openldap_data: 
31  openldap_config:

.env Template

.env
1ADMIN_PASSWORD=changeme

Usage Notes

  1. 1Docs: https://www.openldap.org/doc/admin26/
  2. 2phpLDAPadmin web UI at http://localhost:8080
  3. 3Login DN: cn=admin,dc=example,dc=com with ADMIN_PASSWORD
  4. 4LDAP on port 389 (plaintext), 636 (TLS)
  5. 5Change LDAP_DOMAIN to match your organization
  6. 6Backup: slapcat > backup.ldif, restore: slapadd -l backup.ldif

Individual Services(2 services)

Copy individual services to mix and match with your existing compose files.

openldap
openldap:
  image: osixia/openldap:latest
  container_name: openldap
  restart: unless-stopped
  environment:
    LDAP_ORGANISATION: Example Inc.
    LDAP_DOMAIN: example.com
    LDAP_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
  volumes:
    - openldap_data:/var/lib/ldap
    - openldap_config:/etc/ldap/slapd.d
  ports:
    - "389:389"
    - "636:636"
phpldapadmin
phpldapadmin:
  image: osixia/phpldapadmin:latest
  container_name: phpldapadmin
  restart: unless-stopped
  environment:
    PHPLDAPADMIN_LDAP_HOSTS: openldap
    PHPLDAPADMIN_HTTPS: "false"
  ports:
    - "8080:80"
  depends_on:
    - openldap

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  openldap:
5    image: osixia/openldap:latest
6    container_name: openldap
7    restart: unless-stopped
8    environment:
9      LDAP_ORGANISATION: "Example Inc."
10      LDAP_DOMAIN: example.com
11      LDAP_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
12    volumes:
13      - openldap_data:/var/lib/ldap
14      - openldap_config:/etc/ldap/slapd.d
15    ports:
16      - "389:389"
17      - "636:636"
18
19  phpldapadmin:
20    image: osixia/phpldapadmin:latest
21    container_name: phpldapadmin
22    restart: unless-stopped
23    environment:
24      PHPLDAPADMIN_LDAP_HOSTS: openldap
25      PHPLDAPADMIN_HTTPS: "false"
26    ports:
27      - "8080:80"
28    depends_on:
29      - openldap
30
31volumes:
32  openldap_data:
33  openldap_config:
34EOF
35
36# 2. Create the .env file
37cat > .env << 'EOF'
38ADMIN_PASSWORD=changeme
39EOF
40
41# 3. Start the services
42docker compose up -d
43
44# 4. View logs
45docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/openldap/run | bash

Troubleshooting

  • phpLDAPadmin shows 'Could not connect to LDAP server': Verify openldap container is running and check PHPLDAPADMIN_LDAP_HOSTS environment variable matches service name
  • Login fails with 'Invalid credentials' error: Ensure ADMIN_PASSWORD environment variable is set and use full DN format 'cn=admin,dc=example,dc=com' for login
  • LDAP search returns 'No such object' errors: Check that LDAP_DOMAIN matches your directory structure and verify base DN configuration
  • Container fails to start with 'Database already exists' error: Remove existing volumes or set LDAP_REMOVE_CONFIG_AFTER_SETUP=true to reinitialize
  • TLS connection refused on port 636: Generate proper SSL certificates and mount them to /container/service/slapd/assets/certs/ directory
  • Directory entries disappear after container restart: Ensure openldap_data and openldap_config volumes are properly mounted and persistent

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

openldapphpldapadmin

Tags

#openldap#ldap#directory#authentication

Category

Security & Networking

Related Recipes

Ad Space