Choose an org name, i used kendar.org and a password ... (secret in the example) for the ldap administrator. Please use something really long and complex

Setup OpenLdap and phpLdapAdmin

Prepare

Run

mkdir -p /mnt/data/apps/ldap/database
mkdir -p /mnt/data/apps/ldap/config
mkdir -p /mnt/data/apps/ldap/backup
chmod 777 /mnt/data/apps/ldap/database
chmod 777 /mnt/data/apps/ldap/config
chmod 777 /mnt/data/apps/ldap
chmod 777 /mnt/data/apps/ldap/backup

Prepare the docker compose to run through portainer (On the local instance, Stacks)

version: '2'
services:
  openldap:
    image: osixia/openldap
    container_name: openldap  
    environment:
      LDAP_ORGANISATION: kendar
      LDAP_DOMAIN: kendar.org
      LDAP_ADMIN_PASSWORD: secret
      LDAP_TLS: 'false'
    networks:
      - dockernet
    ports:
      - 389:389
      - 636:636
    volumes:
      - /mnt/data/apps/ldap/database:/var/lib/ldap
      - /mnt/data/apps/ldap/config:/etc/ldap/slapd.d
    restart: unless-stopped   
  phpldapadmin:
    image: osixia/phpldapadmin
    container_name: phpldapadmin  
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: openldap
      PHPLDAPADMIN_HTTPS: 'false'
    networks:
      - dockernet
    ports:
      - 13000:80
    depends_on:
      - openldap
    restart: unless-stopped   
#  openldapbackup:
#    container_name: openldapbackup  
#    image: osixia/openldap-backup
#    volumes:
#      - /mnt/data/apps/ldap/backup:/data/backup
#    depends_on:
#      - openldap
#    restart: unless-stopped      

Setup the group and users

• User: cn=admin,dc=kendar,dc=org

• Password: secret (or wetheaver you used)

• Create a OU groups and OU users

• Under users create the user main

Portainer LDAP

Create a group for portainer

• Under groups create a new Child=>Default=>groupOfUniqueNames
  • RDN: cn
  • cn: portainer
  • UniqueMemeber select with the folder navigating to the user
  • Create Object=>Commit

Setup portainer

Enter on portainer http://mynas:9000 as admin

Go to Settings->Authentication->Ldap

• Ldap server: 192.168.44.1:389
• Anonymous mode: off
• Reader DN: cn=admin,dc=kendar,dc=org (the main ldap user)
• Password: secret
• Use StartTTL: false
• Use TLS: false
• Skip certificate verification: true
• Auto user Provisioning: true (if you want to create users when already on ldap)
• BaseDN: ou=users,dc=kendar,dc=org
• Username attribute: cn
• Filter: (memberOf=cn=portainer,ou=groups,dc=kendar,dc=org)

Then save! Now you can login with any ldap user! BUT REMEMEBER

YOU HAVE TO ASSIGN THE RIGHT TO ACCESS TO THE USER 

See the end of Portainer configuration

Last modified on: June 08, 2020