I'm trying to set up a configuration for my symfony's app using traefik, docker-compose and ldap.
Unfortunately, I can't get my ldap. Is there someone who knows what's happen ?
my security.yaml with the 'my_ldap' provider :
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
enable_authenticator_manager: true
hide_user_not_found: false
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# App\Entity\User:
# algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: 'dc=example,dc=org'
search_dn: 'cn=admin,dc=example,dc=org'
search_password: 'admin'
default_roles: ROLE_USER
uid_key: uid
extra_fields: ['email']
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: my_ldap
form_login_ldap:
service: Symfony\Component\Ldap\Ldap
dn_string: 'dc=example,dc=org'
query_string: '(&(uid={user_identifier})(memberOf=cn=users,ou=users,dc=example,dc=org))'
search_dn: 'cn=admin,dc=example,dc=org'
search_password: 'admin'
login_path: app_login
check_path: app_login
provider: my_ldap
logout:
path: app_logout
access_control:
- { path: ^/home, roles: ROLE_ADMIN }
...
my service.yaml :
parameters:
services:
# default configuration for services in *this* file
_defaults:
autowire: true # Automatically injects dependencies in your services.
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\:
resource: '../src/'
exclude:
- '../src/DependencyInjection/'
- '../src/Entity/'
- '../src/Kernel.php'
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones
Symfony\Component\Ldap\Ldap:
arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
tags:
- ldap
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
arguments:
- host: localhost
port: 389
# encryption: tls
options:
protocol_version: 3
referrals: false
my docker-compose with osixia's, db, www, traefik images :
version: "3.8"
services:
openldap:
image: osixia/openldap:latest
container_name: openldap
environment:
- LDAP_LOG_LEVEL=256
- LDAP_ORGANISATION=Example Inc.
- LDAP_DOMAIN=example.org
- LDAP_BASE_DN=cn=admin,dc=example,dc=org
- LDAP_ADMIN_PASSWORD=admin
- LDAP_CONFIG_PASSWORD=config
- LDAP_READONLY_USER=false
- LDAP_RFC2307BIS_SCHEMA=false
- LDAP_BACKEND=mdb
- LDAP_TLS=true
- LDAP_TLS_CRT_FILENAME=ldap.crt
- LDAP_TLS_KEY_FILENAME=ldap.key
- LDAP_TLS_DH_PARAM_FILENAME=dhparam.pem
- LDAP_TLS_CA_CRT_FILENAME=ca.crt
- LDAP_TLS_ENFORCE=false
- LDAP_TLS_CIPHER_SUITE=SECURE256:-VERS-SSL3.0
- LDAP_TLS_VERIFY_CLIENT=demand
- LDAP_REPLICATION=false
- KEEP_EXISTING_CONFIG=false
- LDAP_REMOVE_CONFIG_AFTER_SETUP=true
- LDAP_SSL_HELPER_PREFIX=ldap
tty: true
stdin_open: true
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
# For replication to work correctly, domainname and hostname must be
# set correctly so that "hostname"."domainname" equates to the
# fully-qualified domain name for the host.
domainname: "example.org"
hostname: "ldap-server"
networks:
- dev
logging:
driver: json-file
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "8180:80"
depends_on:
- openldap
networks:
- dev
db:
image: mysql
container_name: db_icu_2
restart: always
volumes:
- db-data:/var/lib/mysql
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
networks:
- dev
logging:
driver: json-file
www:
build: php_icu_2
container_name: www_icu_2
volumes:
- ./php_icu_2/vhosts:/etc/apache2/sites-enabled
- ./:/var/www
restart: always
labels:
traefik.http.routers.service1-http.middlewares: https-redirect
traefik.http.routers.service1-http.rule: Host(`localhost`)
traefik.http.routers.service1-https.rule: Host(`localhost`)
traefik.http.routers.service1-http.entrypoints: http
traefik.http.routers.service1-https.tls: 'true'
traefik.http.services.icuapp.loadbalancer.server.port: '80'
traefik.constraint-label: traefik-public
traefik.http.middlewares.service1-https.redirectscheme.scheme: https
traefik.docker.network: traefik-public
traefik.enable: 'true'
traefik.http.routers.service1-https.entrypoints: https
networks:
- dev
logging:
driver: json-file
phpmyadmin:
image: phpmyadmin
container_name: phpmyadmin_icu_2
restart: always
depends_on:
- db
ports:
- 8088:80
environment:
PMA_HOST: db
networks:
- dev
logging:
driver: json-file
traefik:
restart: unless-stopped
container_name: traefik_icu_2
image: traefik
ports:
- "80:80"
- "443:443"
- "8080:8080"
labels:
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.http.routers.service1.entrypoints=web"
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml
- ./tls.yml:/etc/traefik/tls.yml
- /var/run/docker.sock:/var/run/docker.sock
- certs:/etc/ssl/traefik
networks:
- dev
logging:
driver: json-file
reverse-proxy-https-helper:
image: alpine
command: sh -c "cd /etc/ssl/traefik
&& wget traefik.me/cert.pem -O cert.pem
&& wget traefik.me/privkey.pem -O privkey.pem"
volumes:
- certs:/etc/ssl/traefik
networks:
- dev
logging:
driver: json-file
networks:
dev:
openldap:
driver: overlay
volumes:
db-data:
certs:
Thanks for your help :)
