From 4b51c7ca5516ed8dfc2e5be0aa8def0675cf60f4 Mon Sep 17 00:00:00 2001
From: Marko Korhonen <marko@korhonen.cc>
Date: Sat, 20 Nov 2021 15:33:27 +0200
Subject: [PATCH] Add openldap

---
 docker/auth/.gitignore          |  2 ++
 docker/auth/docker-compose.yaml | 44 +++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 docker/auth/.gitignore
 create mode 100644 docker/auth/docker-compose.yaml

diff --git a/docker/auth/.gitignore b/docker/auth/.gitignore
new file mode 100644
index 0000000..e1d3077
--- /dev/null
+++ b/docker/auth/.gitignore
@@ -0,0 +1,2 @@
+.ldap_admin_password_secret
+.ldap_read_only_password_secret
diff --git a/docker/auth/docker-compose.yaml b/docker/auth/docker-compose.yaml
new file mode 100644
index 0000000..7e11734
--- /dev/null
+++ b/docker/auth/docker-compose.yaml
@@ -0,0 +1,44 @@
+version: "3.8"
+
+services:
+  openldap:
+    container_name: openldap
+    image: osixia/openldap:1.5.0
+    restart: always
+    hostname: ldap.korhonen.cc
+    ports:
+      - "389:389"
+      - "636:636"
+    environment:
+      - LDAP_ORGANISATION=Korhonen
+      - LDAP_DOMAIN=korhonen.cc
+      - LDAP_ADMIN_PASSWORD_FILE=/run/secrets/ldap_admin_password
+      - LDAP_READ_ONLY_USER=true
+      - LDAP_READ_ONLY_USER_USERNAME=ldap-ro
+      - LDAP_READ_ONLY_USER_PASSWORD_FILE=/run/secrets/ldap_read_only_password
+    secrets:
+      - ldap_admin_password
+      - ldap_read_only_password
+    volumes:
+      - "/docker/auth/openldap/ldap:/var/lib/ldap"
+      - "/docker/auth/openldap/slapd.d/:/etc/ldap/slapd.d"
+      - "/docker/auth/openldap/lidf:/data/ldif"
+
+  phpldapadmin:
+    container_name: phpldapadmin
+    image: osixia/phpldapadmin
+    environment:
+      - PHPLDAPADMIN_HTTPS=false
+      - PHPLDAPADMIN_HOSTS=openldap
+    ports:
+      - "4588:80"
+
+networks:
+  auth:
+    external: true
+
+secrets:
+  ldap_admin_password:
+    file: ./.ldap_admin_password_secret
+  ldap_read_only_password:
+    file: ./.ldap_read_only_password_secret