Skip to content

antagme/Documentation_Project

Repository files navigation

Final Project EDT | LDAP TLS SASL

Advanced Use of Dockerized Openldap Server and alternatives to secure and improve your Openldap Server

Overview

With different Dockers Containers we gonna construct some examples around LDAP SERVER container.

Description of the Project

Let's assume you all have some idea about LDAP, theorical or practical.

In this project we are going to study different examples based on the Openldap service through docker container. In particular, I have chosen 4 examples in which we can see technologies that although very different, can be used to improve our ldap server.

The Examples

Example 1 - StartTLS LDAP Server With SASL GSSAPI Auth

In this model, we will perform a GSSAPI Authentication using the Openldap client utilities. For this we will use a total of 3 Docker Containers. All communication between the client and the LDAP SERVER is encrypted using the TLS protocol, using port 389, the default for unencrypted communications, but thanks to StartTLS, we can use it for secure communications

Docker Images used for this example:

For more information about this model...

Example 2 -StartTLS LDAP Producer Server Replicating without SASL GSSAPI Auth and with it

In this model, we will see how an LDAP Server works as Producer so that other LDAP servers can replicate and act as Consumer.

We will have the Consumer communicate with the Producer through simple authentication.

On the other hand we will make another Consumer do the same but through SASL GSSAPI authentication.

Finally we will verify that the Client can perform searches in both servers, and we will make modifications in the database of the Producer and we will verify if it is really producing a correct replication.

Docker Images used for this example:

For more information about this model...

Example 3 - Client with PAM + SSSD for Kerberos Auth , LDAP user information and Kerberos Password

In this model, starting from example one, we will see how to make a more secure authentication in the system using the best of Kerberos and Ldap technologies.

For this example, in the Client we will see how the System-Auth works with these two technologies, and we will perform a series of checks to make sure it works correctly.

Docker Images used for this example:

For more information about this model...

Example 4 - Zabbix Monitoring to Monitor Database from Openldap Server

Finally, in this model, we will see in a Zabbix server how to have monitored by graphs, all the operations that are done in our LDAP Server and all connections to it.

Docker Images used for this example:

For more information about this model...

Summary

Summary of the examples

So we have the next Dockers Images , each with differents configurations:

  • Docker LDAP
  • Docker Kerberos
  • Docker Client (Simulating a School Client)
  • Docker LDAP Replica
  • Docker Apache + Mysql + Zabbix

Note : Each Docker Container have their own work. Also , when i was preparating my project , i decided to use a most secure auth than the simple one of LDAP , so i decided to implement GSSAPI , the best one for this environment , but u have another options. See (Auth Types) for more information

Summary of Used Technologies

Alt text

Appendix

  • All the entries used in Ldap Database has been created on the M06 Subject in Escola del Treball School