Add support for ldap over ssl

2016-11-11 09:03:57 +01:00 · 2016-11-11 09:03:57 +01:00 · e2d581d909
commit e2d581d909
parent 94c53a1dbe
5 changed files with 22 additions and 0 deletions
--- a/web-apache-mysql/alpine/Dockerfile
+++ b/web-apache-mysql/alpine/Dockerfile
@ -34,6 +34,8 @@ RUN addgroup zabbix && \
            php5-xmlreader \
            php5-ldap \
            php5-json \
+            ca-certificates \
+            openldap-clients \
            ttf-dejavu && \
    rm -rf /var/cache/apk/*

@ -73,6 +75,8 @@ ADD conf/etc/zabbix/apache.conf /etc/zabbix/
 ADD conf/etc/zabbix/apache_ssl.conf /etc/zabbix/
 ADD conf/etc/zabbix/web/zabbix.conf.php /etc/zabbix/web/
 ADD conf/etc/php5/conf.d/99-zabbix.ini /etc/php5/conf.d/
+ADD conf/etc/openldap/ldap.conf /etc/openldap/ldap.conf
+ADD conf/etc/openldap/certs /etc/openldap/certs
 ADD run_zabbix_component.sh /

 ENTRYPOINT ["/bin/bash"]
--- a/web-apache-mysql/alpine/conf/etc/openldap/certs/cert8.db
+++ b/web-apache-mysql/alpine/conf/etc/openldap/certs/cert8.db
--- a/web-apache-mysql/alpine/conf/etc/openldap/certs/key3.db
+++ b/web-apache-mysql/alpine/conf/etc/openldap/certs/key3.db
--- a/web-apache-mysql/alpine/conf/etc/openldap/certs/secmod.db
+++ b/web-apache-mysql/alpine/conf/etc/openldap/certs/secmod.db
--- a/web-apache-mysql/alpine/conf/etc/openldap/ldap.conf
+++ b/web-apache-mysql/alpine/conf/etc/openldap/ldap.conf
@ -0,0 +1,18 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE	dc=example,dc=com
+#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never
+
+TLS_CACERTDIR	/etc/openldap/certs
+
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON	on