389 Directory Server is a highly usable, fully featured, reliable and secure LDAP server implementation.
By default, the image launches 389 Directory Server with the same
configuration that comes with the SUSE Linux Enterprise Server. However there
is also included a pre-configured Name Service Switch (NSS) configuration
file (/etc/nsswitch.conf
).
$ podman run -it --rm -p 3389:3389 -p 3636:3636 registry.opensuse.org/opensuse/389-ds:%%389ds_version%%
The database is stored in the volume mounted as directory /data
. A new
empty database is created during container startup, unless an existing
database is already present in /data
.
To mount a host directory as a volume for your database, run the following command:
$ podman run -it --rm -v /my/own/datadir:/data:Z -p 3389:3389 -p 3636:3636 registry.opensuse.org/opensuse/389-ds:%%389ds_version%%
By default, the container uses a self-signed CA certificate and a server certificate signed by that CA.
Place a custom TLS certificate in PEM format in /data/tls/server.crt
and
the key in and /data/tls/server.key
. Place the CA certificates (each as a
separate file) to /data/tls/ca/
, for example, /data/tls/ca/ca1.crt
and
/data/tls/ca/ca2.crt
.
Use this optional environment variable to set the log level for
ns-slapd
(default is 266354688
).
Use this optional environment variable to set the cn=Directory Manager
password (a default password is generated randomly). The default randomly
generated password can be viewed in the setup log.
Use this optional environment variable to set the LDBM autotune
percentage (nsslapd-cache-autosize
) (default is unset).
Use this optional environment variable to run a database re-index task. Set
the value to 1
to enable the task (default is disabled).
Use this optional environment variable to set the default database
suffix name for basedn
(default one is derived from the hostname).
Use this optional environment variable to change the time to wait for the
instance to start (default is 60
seconds).
Use this optional environment variable to change the time to wait for the
instance to stop (default is 60
seconds).
The container image includes one explicit health check. This check will
verify if the service is misconfigured, ns-slapd
is running, and if the
LDAPI is functional.
SPDX-License-Identifier: MIT
This documentation and the build recipe are licensed as MIT. The container itself contains various software components under various open source licenses listed in the associated Software Bill of Materials (SBOM).
This image is based on openSUSE Tumbleweed.