Following a discussion with a colleague on Slack, I thought I'd remind myself how OpenLDAP works as a service running inside a container, via the Docker container runtime interface (CRI).
Using this for inspiration: -
Docker image for OpenLDAP support
I pulled the requisite image from Docker Hub: -
docker pull osixia/openldap:1.5.0 -u davidhay1969:<DOCKER TOKEN>
and created a container: -
docker run --detach -p 3389:389 osixia/openldap:1.5.0
Note that I'm using port mapping via -p 3389:389 to map the external ( host ) port of 3389 to the internal ( container ) port of 389
This allows me to run the container without needing to run it in privileged mode ( as Unix typically blocks non-root processes from listening on ports lower than 1,024 ).
Once the container was running happily: -
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
23a39685da58 osixia/openldap:1.5.0 "/container/tool/run" 20 minutes ago Up 20 minutes 636/tcp, 0.0.0.0:3389->389/tcp agitated_mendel
55de9ae1b94a busybox "sh" 2 days ago Created nostalgic_mclean
da6a3136a33e busybox "sh" 13 days ago Created happy_swirles
I installed ldap-utils to give me the ldapsearch command: -
apt-get install -y ldap-utils
and then ran ldapsearch against the container via the mapped port: -
ldapsearch -H ldap://localhost:3389 -D cn=admin,dc=example,dc=org -w admin -b dc=example,dc=org
Note that I'm using the default credentials of admin / admin and would, of course, be changing this if this was a real-world environment .....