This guide explains how to compile OpenLDAP on arm64, and include it in a bitnami/openldap
image build, that runs on arm64-based CPUs such as Raspberry Pi 4.
Not affiliated with Bitnami.
Use at your own risk, no guarantee provided.
⚠️ Don't use on production unless you know what you are doing!
bitnami/openldap
Docker Hub | Github
As there is no official support yet for arm64 (see: https://github.com/bitnami/bitnami-docker-openldap/issues/18, bitnami/charts#7305), I decided to make my own, and document the steps for others and for my future self :)
- Compile (build) OpenLDAP 2.6 for arm64
- Package the compiled binary
- Modify
bitnami/openldap
s Dockerfile - Deploy the modified image to a pi
- You're here
- Tested hardware
- Contribute
- Start
- Raspberry Pi 4 (RPI OS Lite x64)
Contributions are needed especially given the vast options OpenLDAP offers
If you had an issue, and fixed it: please feel free to open a pull request, if you're lazy, just create an issue with label enhancement
describing what you needed to do in order to fix it/ mention any resources you used.
If you still facing issues, you can create an issue with label help wanted
and hope for the best :D
Use this as a last resort, search your favorite engine and read the manual instead.
Note: I used my Pi to compile the source, so I didn't need extra setup for targeting arm64.
It's a good idea to visit: https://www.openldap.org/doc
Select the version you have, and navigate to the Running configure manual.. for 2.6: https://www.openldap.org/doc/admin26/install.html#Running%20configure
This guide uses OpenLDAP 2.6.3 - If you're using a different version, you should check the steps here with the respective manual, and follow it along
This guide assumes:
- Source directory:
/src
, change as you like - Output directory:
/opt/bitnami/openldap
, DON'T CHANGE
⚠️ Changing the output directory will cause a runtime error
Mentioned in 3.1.1 Configure
The following packages are needed to compile OpenLDAP:
apt install -y build-essential libsasl2-dev libltdl-dev libevent-dev libltdl7 openssl libssl-dev libcrack2-dev libwrap0-dev libevent-dev
I'm not 100% sure on which packages exactly are needed to compile OpenLDAP,
Also, you might need extra packages based on your module/ overlay selection..
For example, if you want to authenticate with argon2, you'll need to install either libargon2-dev
or libsodium-dev
.
To see what packages you might need, we'll need the source and use the configure
script..
Official repos can be checked @ openldap.org
cd /src
git clone https://git.openldap.org/openldap/openldap
cd openldap
In order to build OpenLDAP, we'll need to:
From the source directory, run:
# Displays information about the available options/ modules
./configure -h
Read through the displayed options and take a note of what you need for your installation.
For example, if you want to enable argon2 auth with libsodium
as library, then you need to pass --enable-argon2 --with-argon2=libsodium
to the configure
script.
Play around with
configure
and see if your args are correct by using the--no-create
arg.. when added, theconfigure
will just check against your system and displays errors without writing any config/ cache files.You can always use
make clean
to remove your choices and start fresh.
--prefix=/opt/bitnami/openldap
sets the installation output to/opt/bitnami/openldap
(Required, literal)
⚠️ --prefix=/opt/bitnami/openldap is mandatory for this setup, basically the whole software will be installed in/opt/bitnami/openldap
to be packaged later, this path MUST match the installation path in the container, which is/opt/bitnami/openldap
per bitnami image.In the
configure
source I also found that this prefix is being used at runtime to find the slapd.conf file, not setting this correctly will successfully build the image but will cause runtime error:bind(8): errno=2 (No such file or directory)
CPPFLAGS="-I/opt/bitnami/openldap/include" LDFLAGS="-L/opt/bitnami/openldap/lib -Wl,-rpath,/opt/bitnami/openldap/lib"
sets linker/ compiler flags to include the lib directory (Required, literal)
⚠️ Without this flag the binary will fail to locate lib files, and runtime errors such aslibldap-whatever.so.0: cannot open shared object file: No such file or directory
will occur.
--enable-modules
is required if you want to enable modules (Conditional)
Note: We maybe should use the original configure
args used to build the OpenLDAP binary in the bitnami image, but I can't find it..
Use this command as a base command, append your modules/ overlays accordingly:
./configure --prefix=/opt/bitnami/openldap CPPFLAGS="-I/opt/bitnami/openldap/include" LDFLAGS="-L/opt/bitnami/openldap/lib -Wl,-rpath,/opt/bitnami/openldap/lib" --enable-modules --enable-slapi --enable-ldap --enable-mdb --with-tls=openssl --with-cyrus-sasl
The configure command I used for testing is:
./configure --prefix=/opt/bitnami/openldap CPPFLAGS="-I/opt/bitnami/openldap/include" LDFLAGS="-L/opt/bitnami/openldap/lib -Wl,-rpath,/opt/bitnami/openldap/lib" --enable-modules --enable-slapi --with-tls=openssl --enable-dnssrv --enable-ldap --enable-mdb --enable-relay --enable-asyncmeta --enable-passwd --enable-null --enable-meta --enable-crypt --disable-cleartext --enable-valsort --enable-unique --enable-homedir --enable-accesslog --enable-dynlist --enable-dyngroup --enable-auditlog --enable-rwm --enable-ppolicy --enable-argon2 --with-argon2=libsodium --with-cyrus-sasl
The last message should be Please "make depend" to build dependencies
, which indicates a successful build configuration.. proceed to the next step
If configure
failed, you need to review the errors, usually a module you specified and is not present in the machine, fixable by installing the missing package.
Consult the manual pages for the requirements in the Prerequisite software section, select your version here: https://www.openldap.org/doc.
As the message suggests, run the command:
make depend
Check for any errors/ warnings, you might need to adjust your configure
command to accommodate..
Once done, we're good to build OpenLDAP!
Simply:
make
Once done, you can test the compiled binaries with:
make test
Check the README file in
/tests
for more about running the tests...
Don't worry about non-configured failing tests.
Finally, install:
# Note the use of elevated privileges
sudo make install
This will install our binary and it's dependencies to the --prefix=
folder we specified earlier with the configure
command.. which should be --prefix=/opt/bitnami/openldap
In order to package OpenLDAP to use it in Bitnami's bitnami/openldap
image, we need to match our built binaries paths with the original amd64 package, and provide it for the Dockerfile..
(Optional) To check the original package, download it from the original Dockerfile find the binary link here
Unzip it and examine the folders..
First, let's cd
to the output directory:
cd /opt/bitnami/openldap
# If you're not running as root, you might need to change the folder permissions,
# change user:group to match your systems.
sudo chown user:group * -R
You should see a list of directories such as bin
, etc
etc... :D
- Move
ldap.conf
from./etc/openldap
to./etc/
mv ./etc/openldap/ldap.conf ./etc/
- Move
schema
directory from./etc/openldap
to./etc/
mv ./etc/openldap/schema ./etc/
- Remove
./etc/openldap
directory and it's content
rm -r ./etc/openldap
- Add
certs
folder toetc
:
mkdir ./etc/certs
- Copy
slapd.ldif
to./share
from either:- this repo
- Download the amd64 binary from the original Dockerfile find the binary link here, unzip it, and inspect
/files/openldap/share/
you'll find theslapd.ldif
in question
nano ./share/slapd.ldif
- Create
slapd
directory in./var/run
mkdir ./var/run/slapd
Your directory tree should look something like this:
# Files omitted for brevity
opt
└── bitnami
└── openldap
├── bin
├── etc
│ ├── certs
│ ├── ldap.conf
│ └── schema
├── include
├── lib
│ └── pkgconfig
├── libexec
│ └── openldap
├── sbin
├── share
│ └── slapd.ldif
└── var
└── run
We're ready to package it!
Let's now put it all together with tar
:
# Change directory up so you are in the `/opt/bitnami` folder
# cd ..
# alternatively:
cd /opt/bitnami
# It's okay to choose your own package name
tar -cvzf openldap-2.6.3-linux-arm64.tar.gz openldap
This should output a single file (package), of which we will install in our bitnami/openldap
image.
This guide still assumes:
- Source directory:
/src
change as you like
In this step, we'll edit the Dockerfile of bitnami/openldap
to use our own package.
Note: this can be done on a different host, in this guide, I used a Windows machine to do it, although it can be done on the pi
⚠️ If you used a Windows machine to modify and build the image, make sure yourgit
useslf
Append line:
*.txt text eol=lf
to.gitattributes
fileOr globally:
git config --global core.eol lf git config --global core.autocrlf input
cd /src
git clone https://github.com/bitnami/containers.git
# Dive in, choose version
cd containers/bitnami/openldap/2.6/debian-11
Let's first apply some important changes to the Dockerfile:
Changes are presented as diff
- Change the base image to use arm64 version instead:
-FROM docker.io/bitnami/minideb:bullseye
+FROM docker.io/bitnami/minideb:latest-arm64
-
Replace
gosu
with arm64 version:Find a matching version on the official releases page
In this guide, we'll use v1.14.0 as per the Dockerfile:
- RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
- if [ ! -f gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz ]; then \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz -O ; \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz.sha256 -O ; \
- fi && \
- sha256sum -c gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz.sha256 && \
- tar -zxf gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
- rm -rf gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz
+ RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+ curl -SsLf https://github.com/tianon/gosu/releases/download/1.14/gosu-arm64 > gosu && \
+ mv gosu /opt/bitnami
https://github.com/tianon/gosu/releases/download/1.14/gosu-arm64.asc is available as well.
- Modify the default environment variables to include
slapd
bin and the libraries:
ENV APP_VERSION="2.6.3" \
BITNAMI_APP_NAME="openldap" \
- PATH="/opt/bitnami/openldap/bin:/opt/bitnami/openldap/sbin:/opt/bitnami/common/bin:$PATH"
+ PATH="/opt/bitnami/openldap/bin:/opt/bitnami/openldap/sbin:/opt/bitnami/common/bin:/opt/bitnami/openldap/lib:/opt/bitnami/openldap/libexec:/opt/bitnami/openldap/libexec/openldap:$PATH"
- Optionally -for advanced use only- you can specify the UID:GID for the container user as follow:
EXPOSE 1389 1636
+RUN chown 1001:995 /opt/bitnami -R
-USER 1001
+USER 1001:995
⚠️ Editing the group id (
gid
) requires extra change in the setup script.Mentioned in 5. Modify libopenldap.sh script
Where 1001
is the UID and 995
is the GID
Only single modification remains, which is how the image will get the OpenLDAP binaries we built
It's up to you on how to deliver it in the Dockerfile.. we'll cover two options, pick one:
- First, lets copy the package we built into the
/src/containers/bitnami/openldap/2.6/debian-11
next to the Dockerfile:
cp /opt/bitnami/openldap-2.6.3-linux-arm64.tar.gz /src/containers/bitnami/openldap/2.6/debian-11
# scp can be used to transfer files between machines with ssh
# scp /opt/bitnami/openldap-2.6.3-linux-arm64.tar.gz username@host:/dir/on/host
# or the way around
# scp username@host:/opt/bitnami/openldap-2.6.3-linux-arm64.tar.gz dir/on/host
- Apply Dockerfile changes:
- RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
- if [ ! -f openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz ]; then \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -O ; \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 -O ; \
- fi && \
- sha256sum -c openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 && \
- tar -zxf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
- rm -rf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz
+ COPY openldap-2.6.3-linux-arm64.tar.gz /
+ RUN mkdir /opt/bitnami/openldap && mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+ mv /openldap-2.6.3-linux-arm64.tar.gz . && \
+ tar -zxf openldap-2.6.3-linux-arm64.tar.gz -C /opt/bitnami --no-same-owner --wildcards '*/*' && \
+ rm -rf openldap-2.6.3-linux-arm64.tar.gz
Make sure to change
openldap-2.6.3-linux-arm64.tar.gz
to match your package name.
- Choose a desired local server (or computer), that can open ports
- Create a directory in
/var/www/html
or any public dir - Place your packaged binary in the created dir
- Make sure the permissions are correct by giving anyone the ability to read
- Start your favorite http server in that directory, with external connections allowed, specifying the port
- Take a note of the local IP address and the port
todo: details missing
- Apply Dockerfile changes:
- RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
- if [ ! -f openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz ]; then \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -O ; \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 -O ; \
- fi && \
- sha256sum -c openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 && \
- tar -zxf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
- rm -rf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz
+ RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+ curl -SsLf http://[your-package-host-ip]:[port]/public_folder/openldap-2.6.3-linux-arm64.tar.gz -O ; \
+ tar -zxf openldap-2.6.3-linux-arm64.tar.gz -C /opt/bitnami --no-same-owner && \
+ rm -rf openldap-2.6.3-linux-arm64.tar.gz
Make sure to change
openldap-2.6.3-linux-arm64.tar.gz
to match your package name.Also, change the package path (ip, port, folder etc..) to match your server ip.
localhost
won't work since this will be called from inside the container.
We need to make sure that our libs and slapd
bin paths are exported while setup, this can be done by modifying libopenldap.sh
file:
cd /src/containers/bitnami/openldap/2.6/debian-11/rootfs/opt/bitnami/scripts
# nano|vi|code|whatever libopenldap.sh
Make the following changes within ldap_env
function:
ldap_env() {
cat << "EOF"
# Paths
...
+export LDAP_LIB_DIR="${LDAP_BASE_DIR}/lib:${LDAP_BASE_DIR}/libexec:${LDAP_BASE_DIR}/libexec/openldap"
...
-export PATH="${LDAP_BIN_DIR}:${LDAP_SBIN_DIR}:$PATH"
+export PATH="${LDAP_LIB_DIR}:${LDAP_BIN_DIR}:${LDAP_SBIN_DIR}:$PATH"
Note: for debugging, you can also export
BITNAMI_DEBUG=true
in this file, and useLDAP_LOGLEVEL=-1
env in thedocker run
command
The following change is required ONLY if you're using a different
gid
for the container:
ldap_create_online_configuration() {
info "Creating LDAP online configuration"
-! am_i_root && replace_in_file "${LDAP_SHARE_DIR}/slapd.ldif" "uidNumber=0" "uidNumber=$(id -u)"
+! am_i_root && replace_in_file "${LDAP_SHARE_DIR}/slapd.ldif" "uidNumber=0" "uidNumber=$(id -u)" && replace_in_file "${LDAP_SHARE_DIR}/slapd.ldif" "gidNumber=0" "gidNumber=$(id -g)"
docker buildx use mybuilder
docker buildx build --progress=plain --no-cache --rm --push --platform linux/arm64 -t $(NAME):$(VERSION) -t $(NAME):latest .
Assuming you have Docker buildx
mybuilder
, you can simply create one bydocker buildx create -name mybuilder
Change
mybuilder
to suit your preferences.Added
--progress=plain
to see what errors might occur during scripts runningChange to suit your preferences.
Flag
--push
used to push the image to my registry.Consult buildx docs on how to load the image after building instead of pushing.
Flag
--platform linux/arm64
specifies the architecture.Change to suit your needs.
Modify
NAME
andVERSION
to suit your needs.
Take notes of any errors/ warnings you might see, especially in RUN install_packages ..
and RUN postunpack.sh
commands..
Now, you can the use the newly built image tag instead of bitnami/openldap:latest
, and pass the config you desire, for example:
docker run -d --name openldap -p 1636:1636 -p 1389:1389 -e "LDAP_ROOT=dc=mydomain,dc=com" -e LDAP_CONFIG_ADMIN_ENABLED=true -e LDAP_USER_DC=users -e TZ=Asia/Riyadh -e LDAP_ADMIN_USERNAME=admin -e "LDAP_ADMIN_PASSWORD=some-strong-pass" -e "LDAP_USERS=myuser" -e "LDAP_PASSWORDS=myuser-password" --mount type=bind,src=/openldap,dst=/bitnami/openldap/ docker.io/mghzawi/bitnami-openldap:latest
Replace tag
docker.io/mghzawi/bitnami-openldap:latest
with the tag you chose earlier..
For more about the env vars you can pass to the container, consult with the official Bitnami README at Github, Docker Hub