Overlay Features
Deploy OpenLDAP with all three overlays enabled — memberOf, password policy, and audit logging — and validate they work together.Project Files
openldap-overlays
Explorer
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
services: openldap: image: ${LDAP_IMAGE:-openldap:local} container_name: openldap-overlays hostname: openldap-overlays environment: - LDAP_DOMAIN=example.com - LDAP_ADMIN_PASSWORD=AdminPass123! - LDAP_ORGANIZATION=Overlay Test Organization # Schemas required for testing - INCLUDE_SCHEMAS=cosine,inetorgperson,nis # Enable all overlays for testing - ENABLE_MEMBEROF=true - ENABLE_PASSWORD_POLICY=true - ENABLE_AUDIT_LOG=true - ENABLE_MONITORING=true ports: - "389:389" volumes: - ldap-data:/var/lib/ldap - ldap-config:/etc/openldap/slapd.d - ./logs:/logs - ./init:/docker-entrypoint-initdb.d:ro # Security settings security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - DAC_READ_SEARCH - DAC_OVERRIDE - NET_BIND_SERVICE - SETUID - SETGID - CHOWN stop_grace_period: 30s restart: unless-stopped # Resource limits deploy: resources: limits: memory: 512M cpus: '1.0' reservations: memory: 128M # Log rotation logging: driver: json-file options: max-size: "10m" max-file: "3" volumes: ldap-data: ldap-config:
YAMLUTF-8
Ln 622 files
Set image
export LDAP_IMAGE=ghcr.io/vibhuvioio/openldap:latest
Start
docker compose up -d
# Watch the automated tests run
docker logs -f openldap-overlays
What Gets Tested
The init script automatically validates all three overlays:
| Overlay | Test | Expected |
|---|---|---|
| memberOf | Add user to group, check memberOf attribute | User has memberOf set |
| ppolicy | Set weak password (< 8 chars) | Rejected by server |
| ppolicy | Set strong password (8+ chars) | Accepted |
| auditlog | Any modification | Written to /logs/audit.log |
Verify Results
# Check test results from logs
docker logs openldap-overlays 2>&1 | grep -E "(PASS|FAIL|Testing)"
=== Test 1: memberOf overlay ===
✓ PASS: memberOf attribute correctly set on user1
=== Test 2: Password Policy overlay ===
✓ PASS: Weak password correctly rejected
✓ PASS: Strong password accepted
=== Test 3: Audit Log ===
✓ PASS: Audit log file exists
Manual Testing
Test memberOf
ldapsearch -x -H ldap://localhost:389 \
-D "cn=Manager,dc=example,dc=com" \
-w "AdminPass123!" \
-b "uid=user1,ou=Users,dc=example,dc=com" \
"(objectClass=*)" memberOf
Test Password Policy
# Should fail — password too short
ldappasswd -x -H ldap://localhost:389 \
-D "cn=Manager,dc=example,dc=com" \
-w "AdminPass123!" \
-s "123" \
"uid=user1,ou=Users,dc=example,dc=com"
View Audit Log
docker exec openldap-overlays tail -20 /logs/audit.log
Environment Variables
environment:
- LDAP_DOMAIN=example.com
- LDAP_ADMIN_PASSWORD=AdminPass123!
- ENABLE_MEMBEROF=true
- ENABLE_PASSWORD_POLICY=true
- ENABLE_AUDIT_LOG=true
- ENABLE_MONITORING=true
Connection Details
| Setting | Value |
|---|---|
| Host | localhost |
| LDAP Port | 389 |
| Bind DN | cn=Manager,dc=example,dc=com |
| Base DN | dc=example,dc=com |
| Password | AdminPass123! |
Cleanup
docker compose down -v