← Back to OpenLDAP Docker

Single Node Deployment

Deploy a production-ready OpenLDAP server with custom schemas and auto-loaded sample data. Two reference deployments are provided — choose the one that fits your needs.

Vibhuvi Corporation — Global Employee Directory

A corporate LDAP directory with 28 employees from 25+ countries across 8 departments, using a custom vibhuviEmployee objectClass.

Project Files

openldap-vibhuvi
Explorer
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
services:
  openldap:
    image: ${LDAP_IMAGE:-openldap:local}
    container_name: openldap-vibhuvi
    hostname: openldap-vibhuvi
    env_file:
      - .env.vibhuvi
    ports:
      - "390:389"
      - "637:636"
    volumes:
      - ldap-data:/var/lib/ldap
      - ldap-config:/etc/openldap/slapd.d
      - ./logs:/logs
      - ./custom-schema:/custom-schema:ro
      - ./sample/employee_data_global.ldif:/data/employee_data_global.ldif:ro
      - ./init/init-data.sh:/docker-entrypoint-initdb.d/init-data.sh:ro
    # Security: Drop all capabilities and add only required ones
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - DAC_READ_SEARCH
      - DAC_OVERRIDE
      - NET_BIND_SERVICE
      - SETUID
      - SETGID
      - CHOWN
    
    # Grace period for clean shutdown
    stop_grace_period: 30s
    
    restart: unless-stopped
    
    # Resource limits
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.0'
        reservations:
          memory: 128M
    
    # Log rotation
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    
    networks:
      - ldap-shared-network

volumes:
  ldap-data:
  ldap-config:

networks:
  ldap-shared-network:
    external: true
YAMLUTF-8
Ln 625 files

Start

# Create the shared network (if not already created)
docker network create ldap-shared-network 2>/dev/null || true

docker compose up -d

# Wait for initialization and data loading
sleep 50

Verify

# Count employees (expect 28)
docker exec openldap-vibhuvi ldapsearch -x -H ldap://localhost:389 \
  -b "ou=People,dc=vibhuvi,dc=com" \
  -D "cn=Manager,dc=vibhuvi,dc=com" -w changeme \
  "(objectClass=vibhuviEmployee)" dn | grep -c "^dn:"

# Search by department
docker exec openldap-vibhuvi ldapsearch -x -H ldap://localhost:389 \
  -b "ou=People,dc=vibhuvi,dc=com" \
  -D "cn=Manager,dc=vibhuvi,dc=com" -w changeme \
  "(department=Engineering)" uid cn department

# Search by employee ID
docker exec openldap-vibhuvi ldapsearch -x -H ldap://localhost:389 \
  -b "ou=People,dc=vibhuvi,dc=com" \
  -D "cn=Manager,dc=vibhuvi,dc=com" -w changeme \
  "(employeeID=E001)" uid cn

Employee Data Summary

DepartmentCountExample Locations
Engineering5Japan, Spain, India
Sales5USA, UAE, Sweden
Marketing3UK, Mexico, Nigeria
HR3South Korea, Ireland, India
Finance3Germany, Australia, Egypt
IT Operations3Russia, Portugal, Ghana
Product Management3USA, Singapore, Argentina
Customer Success3Pakistan, Denmark, Nigeria

Custom Schema Attributes

The vibhuviEmployee objectClass extends inetOrgPerson with:

AttributeDescription
employeeIDUnique employee identifier
departmentDepartment name
jobTitleJob title
hireDateDate of hire
salarySalary (string)
managerDN of the employee's manager

Connection Details

SettingValue
Hostlocalhost
LDAP Port390
LDAPS Port637
Bind DNcn=Manager,dc=vibhuvi,dc=com
Base DNdc=vibhuvi,dc=com
Passwordchangeme

VibhuviOiO — Mahabharata Character Directory

A themed LDAP directory with 20 characters and 5 groups from the Mahabharata, using a custom MahabharataUser objectClass.

Project Files

openldap-vibhuvioio
Explorer
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
services:
  openldap:
    image: ${LDAP_IMAGE:-openldap:local}
    container_name: openldap-vibhuvioio
    hostname: openldap-vibhuvioio
    env_file:
      - .env.vibhuvioio
    ports:
      - "389:389"
      - "636:636"
    volumes:
      - ldap-data:/var/lib/ldap
      - ldap-config:/etc/openldap/slapd.d
      - ./logs:/logs
      - ./custom-schema:/custom-schema:ro
      - ./sample/mahabharata_data.ldif:/data/mahabharata_data.ldif:ro
      - ./init/init-data.sh:/docker-entrypoint-initdb.d/init-data.sh:ro
    # Security: Drop all capabilities and add only required ones
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - DAC_READ_SEARCH
      - DAC_OVERRIDE
      - NET_BIND_SERVICE
      - SETUID
      - SETGID
      - CHOWN
    
    # Grace period for clean shutdown
    stop_grace_period: 30s
    
    restart: unless-stopped
    
    # Resource limits
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.0'
        reservations:
          memory: 128M
    
    # Log rotation
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    
    networks:
      - ldap-shared-network

volumes:
  ldap-data:
  ldap-config:

networks:
  ldap-shared-network:
    external: true
YAMLUTF-8
Ln 625 files

Start

docker compose up -d
sleep 45

Verify

# Count users (expect 20)
docker exec openldap-vibhuvioio ldapsearch -x -H ldap://localhost:389 \
  -b "ou=People,dc=vibhuvioio,dc=com" \
  -D "cn=Manager,dc=vibhuvioio,dc=com" -w changeme \
  "(objectClass=inetOrgPerson)" dn | grep -c "^dn:"

# List all groups
docker exec openldap-vibhuvioio ldapsearch -x -H ldap://localhost:389 \
  -b "ou=Groups,dc=vibhuvioio,dc=com" \
  -D "cn=Manager,dc=vibhuvioio,dc=com" -w changeme \
  "(objectClass=groupOfNames)" cn

Data Summary

20 Users across 6 roles:
RoleCharacters
Pandavas (5)arjuna, bhima, yudhishthira, nakula, sahadeva
Kauravas (3)duryodhana, dushasana, karna
Advisors/Elders (3)krishna, bhishma, drona
Warriors (3)abhimanyu, ashwatthama, kripacharya
Royalty (3)draupadi, kunti, gandhari
Leaders (3)vidura, shakuni, dhritarashtra
5 Groups: Pandavas, Kauravas, Warriors, Administrators, Advisors

Custom Schema Attributes

The MahabharataUser objectClass adds:

AttributeDescription
kingdomCharacter's kingdom
weaponSignature weapon
roleRole in the story
allegianceFaction allegiance
isWarriorBoolean — is a warrior
isAdminBoolean — is an administrator

Connection Details

SettingValue
Hostlocalhost
LDAP Port389
LDAPS Port636
Bind DNcn=Manager,dc=vibhuvioio,dc=com
Base DNdc=vibhuvioio,dc=com
Passwordchangeme

Data Persistence

Both deployments use Docker volumes for persistent data:
  • Data survives docker compose down (without -v)
  • Init scripts check for existing data and skip reloading
  • Only deleted with docker compose down -v

Cleanup

# Stop but keep data
docker compose down

# Stop and remove all data
docker compose down -v