# ## openldap environment variables # version 3.2 # ### Usage # # ***VERY IMPORTANT! DO NOT PUT QUOTES AROUND VALUES IN THIS FILE!!!*** # incorrect: ORG_NAME="MyOrganization" # correct: ORG_NAME=MyOrganization # # Instead of typing a myriad of "-e ...", you can fill them all out in this # file and then use "--env-file ab-openldap.params" to tell docker to source # its variables from here. You can also combine both methods if you like. # Most important, if you're using the convenience script, it draws all info from # this file! # # You should probably protect this file via file permissions since it likely # will contain things like passwords! Suggest restricting it to root only # ex: chown root:root ab-openldap.parms && chmod 600 ab-openldap.parms # # N.B. If you change the convenience script name, you must also change this # file's name to match. # ex: script name is 'runldap.sh' --> this file must be 'runldap.params' # ### ### Your timezone (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) TZ=Area/Location ### First user account (will be added to Organization DIT 'manager' role) USER=admin USER_PASS=admin USER_FIRSTNAME=admin USER_LASTNAME=admin ### Your Organization domain and name # domain in standard (dotted) format -- not LDAP format DOMAIN=mydomain.net # Org name: suggest using [A-Z][a-z][0-9][-_] ONLY. Avoid spaces. ORG_NAME=MyOrganization ### Your 'directory browser' user BROWSER_USER=ldapbind BROWSER_PASS=ldapbind ### Anonymous binding (enabled by default) ANONYMOUS_BINDING=yes ### Location of your TLS files # Note: This section is only automated if using the script file to start the # container. If you are starting it manually and using '--env-file', you still # have to manually bind-mount these files using '-v source:/certs/dest.file:ro'. # # If you're bind-mounting symlinks, remember that you have to fully expand them # or Docker will try to bind the link instead of the target! This is most # common with Let's Encrypt. # # Example that does not work (binding directory instead of files): # /etc/letsencrypt/live/mydomain.net:/certs:ro # This will end up copying the symlinks themselves and, since the targets are # not available to the container, it doesn't work! # Example of the right way (bind actual files): # /etc/letsencrypt/live/mydomain.net/privkey.pem:/certs/privkey.pem:ro ### #TLS_CERT=/etc/letsencrypt/live/mydomain.net/fullchain.pem #TLS_KEY=/etc/letsencrypt/live/mydomain.net/privkey.pem #TLS_CHAIN=/etc/letsencrypt/live/mydomain.net/chain.pem # The container will generate Diffie-Hellman parameters automatically the first # time it's launched with TLS certificates defined. ### Custom LDIFs # Path to any custom LDIFs you want applied to the container. Leave this line/ # variable commented-out if you don't have any LDIFs to apply. # MY_LDIF=/path/to/my/LDIFs ### Enable checking passwords against IMAP/S server # # Setting the DOMAILAUTH variable to '1' tells openLDAP to verify SASL passwords # in the directory against an IMAP/S remote host. In other words, any user with # a password '{SASL}user@server.tld' will have their password checked by the # IMAP/S server using the provided email address and a 'NO/OK' reponse is fed # back to openLDAP. Please note, the remote mailserver *must* support IMAP/S # (i.e. secured IMAP). # # Specify the remote mailserver hostname using the MAILSERVER variable. # # If the remote mailserver implements IMAP/S (secure IMAP) on a non-standard # port (not port 993) then supply that using the MAILAUTHPORT variable. # # More details can be found in the wiki. ### #DOMAILAUTH=0 #MAILSERVER=mail.myserver.tld #MAILAUTHPORT=imaps #EOF