koszewscy/openldap
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add missing Kerberos configuration and refactor misleading names.

Browse Source
This commit is contained in:
Sławek Koszewski
2026-05-17 00:50:41 +02:00
parent c04c4e9026
commit b02c0a5028
5 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+4 -3
View File
@@ -221,8 +221,9 @@ Gate with `KERBEROS_ENABLE=1`. When enabled, slapd is configured at first-run bo
|---|---|---|
| `KERBEROS_ENABLE` | `0` | Set to `1` to enable |
| `KRB5_REALM` | — | Kerberos realm (uppercase, e.g. `EXAMPLE.ORG`) |
| `KRB5_SASL_HOST` | — | Hostname matching the `ldap/<host>@REALM` service principal |
| `KRB5_KTNAME` | `/etc/ldap/ldap.keytab` | Path to the keytab inside the container |
| `KRB5_KDC_HOST` | — | Hostname of the Kerberos KDC |
| `LDAP_HOSTNAME` | — | Hostname matching the `ldap/<host>@REALM` service principal |
| `KRB5_KTNAME` | `/etc/krb5.keytab` | Path to the keytab inside the container |
### Principal-to-DN mapping
@@ -242,7 +243,7 @@ Gate with `KERBEROS_ENABLE=1`. When enabled, slapd is configured at first-run bo
```bash
container cp kerberos:/tmp/ldap.keytab ~/app-data/openldap/ldap.keytab
```
3. Mount it into the OpenLDAP container at `KRB5_KTNAME` (default `/etc/ldap/ldap.keytab`) and set the Kerberos env vars in `openldap.env`.
3. Mount it into the OpenLDAP container at `KRB5_KTNAME` (default `/etc/krb5.keytab`) and set the Kerberos env vars in `openldap.env`.
4. On first start, bootstrap applies the SASL configuration automatically. For an already-initialised instance apply it manually:
```bash
ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<'EOF'