LAM Container

Versão avaliada: Ldap Account Manager Stable

SCRIPT PARA EXECUÇÃO DO CONTAINER LAM

• Crie o script para executar o LAM como container.

# vi deploy_lam.sh 

#!/usr/bin/env bash

HOME="/mnt/resource/CONTAINER/lam"

NCONTAINER="LAM"

CONTAINERVERSION="ghcr.io/ldapaccountmanager/lam:stable"

DOCKER="/usr/bin/docker"

MKDIR="/usr/bin/mkdir"

if [[ -d $HOME ]]; then

   echo "Diretorios existentes."

   else

      $MKDIR -p $HOME

      echo "Diretorios criados."

fi

echo ""

echo "### REMOVE CONTAIER ANTIGO E NETWORK"

$DOCKER stop $NCONTAINER && \

        $DOCKER rm $NCONTAINER && \

        $DOCKER rmi ghcr.io/ldapaccountmanager/lam:stable

$DOCKER system prune --all --volumes --force

echo ""

echo "### INSTALANDO O CONTAINER"

$DOCKER run --name $NCONTAINER \

    -p 8081:80 \

    -e TZ='America/Sao_Paulo' \

    -e LAM_SKIP_PRECONFIGURE="false" \

    -e LDAP_DOMAIN="local.domain" \

    -e LDAP_BASE_DN="dc=local,dc=domain" \

    -e LDAP_USERS_DN="ou=Users,dc=local,dc=domain" \

    -e LDAP_GROUPS_DN="ou=Groups,dc=local,dc=domain" \

    -e LDAP_SERVER="ldap://192.168.1.115:389" \

    -e LDAP_USER="cn=admin,dc=local,dc=domain" \

    -e LAM_LANG="en_US" \

    -e LAM_PASSWORD="lam" \

    -e LAM_CONFIGURATION_DATABASE="files" \

    -e LAM_CONFIGURATION_HOST= \

    -e LAM_CONFIGURATION_PORT= \

    -e LAM_CONFIGURATION_USER= \

    -e LAM_CONFIGURATION_PASSWORD= \

    -e LAM_CONFIGURATION_DATABASE_NAME= \

    --restart unless-stopped \

    -d $CONTAINERVERSION

echo ""

echo "### CONTAINER CRIADO"

echo ""

EM AVALIACAO

• Caso queira usar a de configuração com persistencia, a versao 8.4 ainda nao esta funcionando bem.

# vi deploy_lam.sh 

#!/usr/bin/env bash

HOME="/mnt/resource/CONTAINER/lam"

NCONTAINER="LAM"

CONTAINERVERSION="ghcr.io/ldapaccountmanager/lam:stable"

DOCKER="/usr/bin/docker"

MKDIR="/usr/bin/mkdir"

if [[ -d $HOME ]]; then

   echo "Diretorios existentes."

   else

      $MKDIR -p $HOME

      echo "Diretorios criados."

fi

echo ""

echo "### REMOVE CONTAIER ANTIGO E NETWORK"

$DOCKER stop $NCONTAINER && \

        $DOCKER rm $NCONTAINER && \

        $DOCKER rmi ghcr.io/ldapaccountmanager/lam:stable

$DOCKER system prune --all --volumes --force

### Instal

$DOCKER run --name $NCONTAINER \

    -p 8081:80 \

    -e TZ='America/Sao_Paulo' \

    -e LAM_SKIP_PRECONFIGURE=true \

    -v $HOME:/var/lib/ldap-account-manager/config \

    --restart unless-stopped \

    -d $CONTAINERVERSION

# vi lam/config.cfg 

# password to add/delete/rename configuration profiles (default: lam)

password: {SSHA}D6AaX93kPmck9wAxNlq3GF93S7A= R7gkjQ==

# default profile, without ".conf"

default: lam

# log level

logLevel: 4

# log destination

logDestination: SYSLOG

configDatabaseType: files

configDatabaseServer:

configDatabasePort:

configDatabaseName:

configDatabaseUser:

configDatabasePassword:

license:

# vi lam/lam.conf 

ServerURL: ldap://192.168.1.115:389

serverDisplayName: 

useTLS: no

followReferrals: false

pagedResults: false

referentialIntegrityOverlay: false

hidePasswordPromptForExpiredPasswords: false

Passwd: lam

Admins: cn=admin,dc=local,dc=domain

defaultLanguage: en_US.utf8

timeZone: America/Sao_Paulo

scriptPath: 

scriptServer: 

scriptRights: 750

scriptUserName: 

scriptSSHKey: 

scriptSSHKeyPassword: 

searchLimit: 0

activeTypes: user,group

accessLevel: 100

loginMethod: list

loginSearchSuffix: dc=yourdomain,dc=org

loginSearchFilter: uid=%USER%

loginSearchDN: 

loginSearchPassword: 

httpAuthentication: false

lamProMailFrom: noreply@example.com

lamProMailReplyTo: 

lamProMailSubject: Your password was reset

lamProMailIsHTML: false

lamProMailAllowAlternateAddress: true

lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+

jobsBindPassword: 

jobsBindUser: 

jobsDatabase: SQLite

jobsDBHost: 

jobsDBPort: 

jobsDBUser: 

jobsDBPassword: 

jobsDBName: 

jobToken: phUFz2jq5ht1SLNwd8kH

pwdResetAllowSpecificPassword: true

pwdResetAllowScreenPassword: true

pwdResetForcePasswordChange: true

pwdResetDefaultPasswordOutput: 2

twoFactorAuthentication: none

twoFactorAuthenticationURL: https://localhost

twoFactorAuthenticationClientId: 

twoFactorAuthenticationSecretKey: 

twoFactorAuthenticationDomain: 

twoFactorAuthenticationInsecure: 

twoFactorAuthenticationLabel: 

twoFactorAuthenticationOptional: 

twoFactorAuthenticationCaption: 

twoFactorAuthenticationAttribute: uid

twoFactorAllowToRememberDevice: false

twoFactorRememberDeviceDuration: 28800

twoFactorRememberDevicePassword: nmHuzJ.D.VgJBvhF2_anXMreIUy7c1

hideDnPart: 

pwdPolicyMinLength: 

pwdPolicyMinLowercase: 

pwdPolicyMinUppercase: 

pwdPolicyMinNumeric: 

pwdPolicyMinSymbolic: 

modules: posixAccount_user_minUID: 10000

modules: posixAccount_user_maxUID: 30000

modules: posixAccount_host_minMachine: 50000

modules: posixAccount_host_maxMachine: 60000

modules: posixGroup_group_minGID: 10000

modules: posixGroup_group_maxGID: 20000

modules: posixAccount_user_uidGeneratorUsers: range

modules: posixAccount_host_uidGeneratorUsers: range

modules: posixAccount_group_gidGeneratorUsers: range

modules: posixGroup_pwdHash: SSHA

modules: posixAccount_pwdHash: SSHA

types: suffix_user: ou=Users,dc=local,dc=domain

types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber

types: modules_user: inetOrgPerson,posixAccount,shadowAccount

types: suffix_group: ou=Groups,dc=local,dc=domain

types: attr_group: #cn;#gidNumber;#memberUID;#description

types: modules_group: posixGroup

tools: treeViewSuffix: dc=local,dc=domain

tools: tool_hide_toolFileUpload: false

tools: tool_hide_ImportExport: false

tools: tool_hide_toolMultiEdit: false

tools: tool_hide_toolOUEditor: false

tools: tool_hide_toolPDFEditor: false

tools: tool_hide_toolProfileEditor: false

tools: tool_hide_toolSchemaBrowser: false

tools: tool_hide_toolServerInformation: false

tools: tool_hide_toolTests: false

tools: tool_hide_TreeViewTool: false

tools: tool_hide_toolWebauthn: false