Browse Source
This commit provides docker images and scripts to support multiple Debian and PHP releases via containers.master
commit
5b73173912
35 changed files with 1851 additions and 0 deletions
@ -0,0 +1,19 @@ |
|||
Copyright 2018 Jan Dittberner IT-Consulting & -Solutions |
|||
|
|||
Permission is hereby granted, free of charge, to any person obtaining a copy of |
|||
this software and associated documentation files (the "Software"), to deal in |
|||
the Software without restriction, including without limitation the rights to |
|||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies |
|||
of the Software, and to permit persons to whom the Software is furnished to do |
|||
so, subject to the following conditions: |
|||
|
|||
The above copyright notice and this permission notice shall be included in all |
|||
copies or substantial portions of the Software. |
|||
|
|||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|||
SOFTWARE. |
@ -0,0 +1,12 @@ |
|||
#!/bin/sh |
|||
|
|||
set -e |
|||
|
|||
for dist in wheezy_php5 jessie_php5 stretch_php7 buster_php7; do |
|||
docker build --pull -t gnuviech/${dist}-base ${dist} -f ${dist}/Dockerfile-base |
|||
docker build -t gnuviech/${dist} ${dist} -f ${dist}/Dockerfile |
|||
docker build -t gnuviech/${dist}-mysql ${dist} -f ${dist}/Dockerfile-mysql |
|||
docker build -t gnuviech/${dist}-pgsql ${dist} -f ${dist}/Dockerfile-pgsql |
|||
done |
|||
|
|||
docker image prune -f |
@ -0,0 +1,8 @@ |
|||
FROM gnuviech/buster_php7-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,31 @@ |
|||
FROM debian:buster |
|||
LABEL maintainer="jan@dittberner.info" |
|||
VOLUME /srv |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
dumb-init \ |
|||
libnss-ldap \ |
|||
nullmailer \ |
|||
php-curl \ |
|||
php-fpm \ |
|||
php-gd \ |
|||
php-imagick \ |
|||
php-imap \ |
|||
php-json \ |
|||
php-mail \ |
|||
php-mail-mime \ |
|||
php-mbstring \ |
|||
php-net-smtp \ |
|||
php-net-socket \ |
|||
php7.2-opcache \ |
|||
php-pspell \ |
|||
php-sqlite3 \ |
|||
psmisc \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/ |
|||
|
|||
RUN rm -f /etc/php/7.2/fpm/pool.d/www.conf |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/buster_php7-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php-mysql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/buster_php7-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php-mysql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
[@user@] |
|||
user = @user@ |
|||
group = @user@ |
|||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock |
|||
listen.owner = www-data |
|||
listen.group = www-data |
|||
pm = dynamic |
|||
pm.max_children = 20 |
|||
pm.start_servers = 2 |
|||
pm.min_spare_servers = 1 |
|||
pm.max_spare_servers = 3 |
|||
pm.max_requests = 1000 |
|||
chdir = / |
|||
request_slowlog_timeout = 10s |
|||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log |
@ -0,0 +1,323 @@ |
|||
###DEBCONF### |
|||
# the configuration of this file will be done by debconf as long as the |
|||
# first line of the file says '###DEBCONF###' |
|||
# |
|||
# you should use dpkg-reconfigure libnss-ldap to configure this file. |
|||
# |
|||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $ |
|||
# |
|||
# This is the configuration file for the LDAP nameservice |
|||
# switch library and the LDAP PAM module. |
|||
# |
|||
# PADL Software |
|||
# http://www.padl.com |
|||
# |
|||
|
|||
# Your LDAP server. Must be resolvable without using LDAP. |
|||
# Multiple hosts may be specified, each separated by a |
|||
# space. How long nss_ldap takes to failover depends on |
|||
# whether your LDAP client library supports configurable |
|||
# network or connect timeouts (see bind_timelimit). |
|||
#host 127.0.0.1 |
|||
|
|||
# The distinguished name of the search base. |
|||
base dc=gnuviech,dc=internal |
|||
|
|||
# Another way to specify your LDAP server is to provide an |
|||
uri ldap://10.0.0.11/ |
|||
# Unix Domain Sockets to connect to a local LDAP Server. |
|||
#uri ldap://127.0.0.1/ |
|||
#uri ldaps://127.0.0.1/ |
|||
#uri ldapi://%2fvar%2frun%2fldapi_sock/ |
|||
# Note: %2f encodes the '/' used as directory separator |
|||
|
|||
# The LDAP version to use (defaults to 3 |
|||
# if supported by client library) |
|||
ldap_version 3 |
|||
|
|||
# The distinguished name to bind to the server with. |
|||
# Optional: default is to bind anonymously. |
|||
# Please do not put double quotes around it as they |
|||
# would be included literally. |
|||
#binddn cn=proxyuser,dc=padl,dc=com |
|||
|
|||
# The credentials to bind with. |
|||
# Optional: default is no credential. |
|||
#bindpw secret |
|||
|
|||
# The distinguished name to bind to the server with |
|||
# if the effective user ID is root. Password is |
|||
# stored in /etc/libnss-ldap.secret (mode 600) |
|||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead |
|||
# of an editor to create the file. |
|||
#rootbinddn cn=manager,dc=example,dc=net |
|||
|
|||
# The port. |
|||
# Optional: default is 389. |
|||
#port 389 |
|||
|
|||
# The search scope. |
|||
#scope sub |
|||
#scope one |
|||
#scope base |
|||
|
|||
# Search timelimit |
|||
#timelimit 30 |
|||
|
|||
# Bind/connect timelimit |
|||
#bind_timelimit 30 |
|||
|
|||
# Reconnect policy: |
|||
# hard_open: reconnect to DSA with exponential backoff if |
|||
# opening connection failed |
|||
# hard_init: reconnect to DSA with exponential backoff if |
|||
# initializing connection failed |
|||
# hard: alias for hard_open |
|||
# soft: return immediately on server failure |
|||
#bind_policy hard |
|||
|
|||
# Connection policy: |
|||
# persist: DSA connections are kept open (default) |
|||
# oneshot: DSA connections destroyed after request |
|||
#nss_connect_policy persist |
|||
|
|||
# Idle timelimit; client will close connections |
|||
# (nss_ldap only) if the server has not been contacted |
|||
# for the number of seconds specified below. |
|||
#idle_timelimit 3600 |
|||
|
|||
# Use paged rseults |
|||
#nss_paged_results yes |
|||
|
|||
# Pagesize: when paged results enable, used to set the |
|||
# pagesize to a custom value |
|||
#pagesize 1000 |
|||
|
|||
# Filter to AND with uid=%s |
|||
#pam_filter objectclass=account |
|||
|
|||
# The user ID attribute (defaults to uid) |
|||
#pam_login_attribute uid |
|||
|
|||
# Search the root DSE for the password policy (works |
|||
# with Netscape Directory Server) |
|||
#pam_lookup_policy yes |
|||
|
|||
# Check the 'host' attribute for access control |
|||
# Default is no; if set to yes, and user has no |
|||
# value for the host attribute, and pam_ldap is |
|||
# configured for account management (authorization) |
|||
# then the user will not be allowed to login. |
|||
#pam_check_host_attr yes |
|||
|
|||
# Check the 'authorizedService' attribute for access |
|||
# control |
|||
# Default is no; if set to yes, and the user has no |
|||
# value for the authorizedService attribute, and |
|||
# pam_ldap is configured for account management |
|||
# (authorization) then the user will not be allowed |
|||
# to login. |
|||
#pam_check_service_attr yes |
|||
|
|||
# Group to enforce membership of |
|||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com |
|||
|
|||
# Group member attribute |
|||
#pam_member_attribute uniquemember |
|||
|
|||
# Specify a minium or maximum UID number allowed |
|||
#pam_min_uid 0 |
|||
#pam_max_uid 0 |
|||
|
|||
# Template login attribute, default template user |
|||
# (can be overriden by value of former attribute |
|||
# in user's entry) |
|||
#pam_login_attribute userPrincipalName |
|||
#pam_template_login_attribute uid |
|||
#pam_template_login nobody |
|||
|
|||
# HEADS UP: the pam_crypt, pam_nds_passwd, |
|||
# and pam_ad_passwd options are no |
|||
# longer supported. |
|||
# |
|||
# Do not hash the password at all; presume |
|||
# the directory server will do it, if |
|||
# necessary. This is the default. |
|||
#pam_password clear |
|||
|
|||
# Hash password locally; required for University of |
|||
# Michigan LDAP server, and works with Netscape |
|||
# Directory Server if you're using the UNIX-Crypt |
|||
# hash mechanism and not using the NT Synchronization |
|||
# service. |
|||
#pam_password crypt |
|||
|
|||
# Remove old password first, then update in |
|||
# cleartext. Necessary for use with Novell |
|||
# Directory Services (NDS) |
|||
#pam_password nds |
|||
|
|||
# RACF is an alias for the above. For use with |
|||
# IBM RACF |
|||
#pam_password racf |
|||
|
|||
# Update Active Directory password, by |
|||
# creating Unicode password and updating |
|||
# unicodePwd attribute. |
|||
#pam_password ad |
|||
|
|||
# Use the OpenLDAP password change |
|||
# extended operation to update the password. |
|||
#pam_password exop |
|||
|
|||
# Redirect users to a URL or somesuch on password |
|||
# changes. |
|||
#pam_password_prohibit_message Please visit http://internal to change your password. |
|||
|
|||
# Use backlinks for answering initgroups() |
|||
#nss_initgroups backlink |
|||
|
|||
# Enable support for RFC2307bis (distinguished names in group |
|||
# members) |
|||
#nss_schema rfc2307bis |
|||
|
|||
# RFC2307bis naming contexts |
|||
# Syntax: |
|||
# nss_base_XXX base?scope?filter |
|||
# where scope is {base,one,sub} |
|||
# and filter is a filter to be &'d with the |
|||
# default filter. |
|||
# You can omit the suffix eg: |
|||
# nss_base_passwd ou=People, |
|||
# to append the default base DN but this |
|||
# may incur a small performance impact. |
|||
#nss_base_passwd ou=People,dc=padl,dc=com?one |
|||
#nss_base_shadow ou=People,dc=padl,dc=com?one |
|||
#nss_base_group ou=Group,dc=padl,dc=com?one |
|||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one |
|||
#nss_base_services ou=Services,dc=padl,dc=com?one |
|||
#nss_base_networks ou=Networks,dc=padl,dc=com?one |
|||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one |
|||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one |
|||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne |
|||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one |
|||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one |
|||
|
|||
# attribute/objectclass mapping |
|||
# Syntax: |
|||
#nss_map_attribute rfc2307attribute mapped_attribute |
|||
#nss_map_objectclass rfc2307objectclass mapped_objectclass |
|||
|
|||
# configure --enable-nds is no longer supported. |
|||
# NDS mappings |
|||
#nss_map_attribute uniqueMember member |
|||
|
|||
# Services for UNIX 3.5 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount User |
|||
#nss_map_attribute uid msSFU30Name |
|||
#nss_map_attribute uniqueMember msSFU30PosixMember |
|||
#nss_map_attribute userPassword msSFU30Password |
|||
#nss_map_attribute homeDirectory msSFU30HomeDirectory |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_objectclass posixGroup Group |
|||
#pam_login_attribute msSFU30Name |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-mssfu-schema is no longer supported. |
|||
# Services for UNIX 2.0 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid msSFUName |
|||
#nss_map_attribute uniqueMember posixMember |
|||
#nss_map_attribute userPassword msSFUPassword |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup Group |
|||
#nss_map_attribute cn msSFUName |
|||
#pam_login_attribute msSFUName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# RFC 2307 (AD) mappings |
|||
#nss_map_objectclass posixAccount user |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid sAMAccountName |
|||
#nss_map_attribute homeDirectory unixHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup group |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute sAMAccountName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-authpassword is no longer supported |
|||
# AuthPassword mappings |
|||
#nss_map_attribute userPassword authPassword |
|||
|
|||
# AIX SecureWay mappings |
|||
#nss_map_objectclass posixAccount aixAccount |
|||
#nss_base_passwd ou=aixaccount,?one |
|||
#nss_map_attribute uid userName |
|||
#nss_map_attribute gidNumber gid |
|||
#nss_map_attribute uidNumber uid |
|||
#nss_map_attribute userPassword passwordChar |
|||
#nss_map_objectclass posixGroup aixAccessGroup |
|||
#nss_base_group ou=aixgroup,?one |
|||
#nss_map_attribute cn groupName |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute userName |
|||
#pam_filter objectclass=aixAccount |
|||
#pam_password clear |
|||
|
|||
# For pre-RFC2307bis automount schema |
|||
#nss_map_objectclass automountMap nisMap |
|||
#nss_map_attribute automountMapName nisMapName |
|||
#nss_map_objectclass automount nisObject |
|||
#nss_map_attribute automountKey cn |
|||
#nss_map_attribute automountInformation nisMapEntry |
|||
|
|||
# Netscape SDK LDAPS |
|||
#ssl on |
|||
|
|||
# Netscape SDK SSL options |
|||
#sslpath /etc/ssl/certs |
|||
|
|||
# OpenLDAP SSL mechanism |
|||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 |
|||
#ssl start_tls |
|||
#ssl on |
|||
|
|||
# OpenLDAP SSL options |
|||
# Require and verify server certificate (yes/no) |
|||
# Default is to use libldap's default behavior, which can be configured in |
|||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for |
|||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". |
|||
#tls_checkpeer yes |
|||
|
|||
# CA certificates for server certificate verification |
|||
# At least one of these are required if tls_checkpeer is "yes" |
|||
#tls_cacertfile /etc/ssl/ca.cert |
|||
#tls_cacertdir /etc/ssl/certs |
|||
|
|||
# Seed the PRNG if /dev/urandom is not provided |
|||
#tls_randfile /var/run/egd-pool |
|||
|
|||
# SSL cipher suite |
|||
# See man ciphers for syntax |
|||
#tls_ciphers TLSv1 |
|||
|
|||
# Client certificate and key |
|||
# Use these, if your server requires client authentication. |
|||
#tls_cert |
|||
#tls_key |
|||
|
|||
# Disable SASL security layers. This is needed for AD. |
|||
#sasl_secprops maxssf=0 |
|||
|
|||
# Override the default Kerberos ticket cache location. |
|||
#krb5_ccname FILE:/etc/.ldapcache |
|||
|
@ -0,0 +1,19 @@ |
|||
# /etc/nsswitch.conf |
|||
# |
|||
# Example configuration of GNU Name Service Switch functionality. |
|||
# If you have the `glibc-doc-reference' and `info' packages installed, try: |
|||
# `info libc "Name Service Switch"' for information about this file. |
|||
|
|||
passwd: compat ldap |
|||
group: compat ldap |
|||
shadow: compat |
|||
|
|||
hosts: files dns |
|||
networks: files |
|||
|
|||
protocols: db files |
|||
services: db files |
|||
ethers: db files |
|||
rpc: db files |
|||
|
|||
netgroup: nis |
@ -0,0 +1,11 @@ |
|||
#!/bin/sh |
|||
|
|||
set -e |
|||
|
|||
sed "s/@user@/${FPM_USER}/g; s/@variant@/${FPM_VARIANT}/g" \ |
|||
< /usr/local/etc/fpm-pool.conf.tmpl \ |
|||
> "/etc/php/7.2/fpm/pool.d/${FPM_USER}.conf" |
|||
|
|||
/etc/init.d/nullmailer start |
|||
mkdir -p /run/php |
|||
/usr/sbin/php-fpm7.2 --nodaemonize |
@ -0,0 +1,8 @@ |
|||
FROM gnuviech/jessie_php5-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,38 @@ |
|||
FROM debian:jessie |
|||
LABEL maintainer="jan@dittberner.info" |
|||
VOLUME /srv |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
ca-certificates \ |
|||
curl \ |
|||
libnss-ldap \ |
|||
nullmailer \ |
|||
php-apc \ |
|||
php-mail \ |
|||
php-mail-mime \ |
|||
php-mail-mimedecode \ |
|||
php-net-smtp \ |
|||
php-net-socket \ |
|||
php5-apcu \ |
|||
php5-curl \ |
|||
php5-fpm \ |
|||
php5-gd \ |
|||
php5-imagick \ |
|||
php5-imap \ |
|||
php5-json \ |
|||
php5-mcrypt \ |
|||
php5-pspell \ |
|||
php5-sqlite \ |
|||
psmisc \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
RUN curl -o dumb-init_1.2.2.deb -L https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64.deb && \ |
|||
dpkg -i dumb-init_1.2.2.deb && \ |
|||
rm -f dumb-init_1.2.2.deb |
|||
|
|||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/ |
|||
|
|||
RUN rm -f /etc/php5/fpm/pool.d/www.conf |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/jessie_php5-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php5-mysql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/jessie_php5-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php5-pgsql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
[@user@] |
|||
user = @user@ |
|||
group = @user@ |
|||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock |
|||
listen.owner = www-data |
|||
listen.group = www-data |
|||
pm = dynamic |
|||
pm.max_children = 20 |
|||
pm.start_servers = 2 |
|||
pm.min_spare_servers = 1 |
|||
pm.max_spare_servers = 3 |
|||
pm.max_requests = 1000 |
|||
chdir = / |
|||
request_slowlog_timeout = 10s |
|||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log |
@ -0,0 +1,323 @@ |
|||
###DEBCONF### |
|||
# the configuration of this file will be done by debconf as long as the |
|||
# first line of the file says '###DEBCONF###' |
|||
# |
|||
# you should use dpkg-reconfigure libnss-ldap to configure this file. |
|||
# |
|||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $ |
|||
# |
|||
# This is the configuration file for the LDAP nameservice |
|||
# switch library and the LDAP PAM module. |
|||
# |
|||
# PADL Software |
|||
# http://www.padl.com |
|||
# |
|||
|
|||
# Your LDAP server. Must be resolvable without using LDAP. |
|||
# Multiple hosts may be specified, each separated by a |
|||
# space. How long nss_ldap takes to failover depends on |
|||
# whether your LDAP client library supports configurable |
|||
# network or connect timeouts (see bind_timelimit). |
|||
#host 127.0.0.1 |
|||
|
|||
# The distinguished name of the search base. |
|||
base dc=gnuviech,dc=internal |
|||
|
|||
# Another way to specify your LDAP server is to provide an |
|||
uri ldap://10.0.0.11/ |
|||
# Unix Domain Sockets to connect to a local LDAP Server. |
|||
#uri ldap://127.0.0.1/ |
|||
#uri ldaps://127.0.0.1/ |
|||
#uri ldapi://%2fvar%2frun%2fldapi_sock/ |
|||
# Note: %2f encodes the '/' used as directory separator |
|||
|
|||
# The LDAP version to use (defaults to 3 |
|||
# if supported by client library) |
|||
ldap_version 3 |
|||
|
|||
# The distinguished name to bind to the server with. |
|||
# Optional: default is to bind anonymously. |
|||
# Please do not put double quotes around it as they |
|||
# would be included literally. |
|||
#binddn cn=proxyuser,dc=padl,dc=com |
|||
|
|||
# The credentials to bind with. |
|||
# Optional: default is no credential. |
|||
#bindpw secret |
|||
|
|||
# The distinguished name to bind to the server with |
|||
# if the effective user ID is root. Password is |
|||
# stored in /etc/libnss-ldap.secret (mode 600) |
|||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead |
|||
# of an editor to create the file. |
|||
#rootbinddn cn=manager,dc=example,dc=net |
|||
|
|||
# The port. |
|||
# Optional: default is 389. |
|||
#port 389 |
|||
|
|||
# The search scope. |
|||
#scope sub |
|||
#scope one |
|||
#scope base |
|||
|
|||
# Search timelimit |
|||
#timelimit 30 |
|||
|
|||
# Bind/connect timelimit |
|||
#bind_timelimit 30 |
|||
|
|||
# Reconnect policy: |
|||
# hard_open: reconnect to DSA with exponential backoff if |
|||
# opening connection failed |
|||
# hard_init: reconnect to DSA with exponential backoff if |
|||
# initializing connection failed |
|||
# hard: alias for hard_open |
|||
# soft: return immediately on server failure |
|||
#bind_policy hard |
|||
|
|||
# Connection policy: |
|||
# persist: DSA connections are kept open (default) |
|||
# oneshot: DSA connections destroyed after request |
|||
#nss_connect_policy persist |
|||
|
|||
# Idle timelimit; client will close connections |
|||
# (nss_ldap only) if the server has not been contacted |
|||
# for the number of seconds specified below. |
|||
#idle_timelimit 3600 |
|||
|
|||
# Use paged rseults |
|||
#nss_paged_results yes |
|||
|
|||
# Pagesize: when paged results enable, used to set the |
|||
# pagesize to a custom value |
|||
#pagesize 1000 |
|||
|
|||
# Filter to AND with uid=%s |
|||
#pam_filter objectclass=account |
|||
|
|||
# The user ID attribute (defaults to uid) |
|||
#pam_login_attribute uid |
|||
|
|||
# Search the root DSE for the password policy (works |
|||
# with Netscape Directory Server) |
|||
#pam_lookup_policy yes |
|||
|
|||
# Check the 'host' attribute for access control |
|||
# Default is no; if set to yes, and user has no |
|||
# value for the host attribute, and pam_ldap is |
|||
# configured for account management (authorization) |
|||
# then the user will not be allowed to login. |
|||
#pam_check_host_attr yes |
|||
|
|||
# Check the 'authorizedService' attribute for access |
|||
# control |
|||
# Default is no; if set to yes, and the user has no |
|||
# value for the authorizedService attribute, and |
|||
# pam_ldap is configured for account management |
|||
# (authorization) then the user will not be allowed |
|||
# to login. |
|||
#pam_check_service_attr yes |
|||
|
|||
# Group to enforce membership of |
|||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com |
|||
|
|||
# Group member attribute |
|||
#pam_member_attribute uniquemember |
|||
|
|||
# Specify a minium or maximum UID number allowed |
|||
#pam_min_uid 0 |
|||
#pam_max_uid 0 |
|||
|
|||
# Template login attribute, default template user |
|||
# (can be overriden by value of former attribute |
|||
# in user's entry) |
|||
#pam_login_attribute userPrincipalName |
|||
#pam_template_login_attribute uid |
|||
#pam_template_login nobody |
|||
|
|||
# HEADS UP: the pam_crypt, pam_nds_passwd, |
|||
# and pam_ad_passwd options are no |
|||
# longer supported. |
|||
# |
|||
# Do not hash the password at all; presume |
|||
# the directory server will do it, if |
|||
# necessary. This is the default. |
|||
#pam_password clear |
|||
|
|||
# Hash password locally; required for University of |
|||
# Michigan LDAP server, and works with Netscape |
|||
# Directory Server if you're using the UNIX-Crypt |
|||
# hash mechanism and not using the NT Synchronization |
|||
# service. |
|||
#pam_password crypt |
|||
|
|||
# Remove old password first, then update in |
|||
# cleartext. Necessary for use with Novell |
|||
# Directory Services (NDS) |
|||
#pam_password nds |
|||
|
|||
# RACF is an alias for the above. For use with |
|||
# IBM RACF |
|||
#pam_password racf |
|||
|
|||
# Update Active Directory password, by |
|||
# creating Unicode password and updating |
|||
# unicodePwd attribute. |
|||
#pam_password ad |
|||
|
|||
# Use the OpenLDAP password change |
|||
# extended operation to update the password. |
|||
#pam_password exop |
|||
|
|||
# Redirect users to a URL or somesuch on password |
|||
# changes. |
|||
#pam_password_prohibit_message Please visit http://internal to change your password. |
|||
|
|||
# Use backlinks for answering initgroups() |
|||
#nss_initgroups backlink |
|||
|
|||
# Enable support for RFC2307bis (distinguished names in group |
|||
# members) |
|||
#nss_schema rfc2307bis |
|||
|
|||
# RFC2307bis naming contexts |
|||
# Syntax: |
|||
# nss_base_XXX base?scope?filter |
|||
# where scope is {base,one,sub} |
|||
# and filter is a filter to be &'d with the |
|||
# default filter. |
|||
# You can omit the suffix eg: |
|||
# nss_base_passwd ou=People, |
|||
# to append the default base DN but this |
|||
# may incur a small performance impact. |
|||
#nss_base_passwd ou=People,dc=padl,dc=com?one |
|||
#nss_base_shadow ou=People,dc=padl,dc=com?one |
|||
#nss_base_group ou=Group,dc=padl,dc=com?one |
|||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one |
|||
#nss_base_services ou=Services,dc=padl,dc=com?one |
|||
#nss_base_networks ou=Networks,dc=padl,dc=com?one |
|||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one |
|||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one |
|||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne |
|||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one |
|||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one |
|||
|
|||
# attribute/objectclass mapping |
|||
# Syntax: |
|||
#nss_map_attribute rfc2307attribute mapped_attribute |
|||
#nss_map_objectclass rfc2307objectclass mapped_objectclass |
|||
|
|||
# configure --enable-nds is no longer supported. |
|||
# NDS mappings |
|||
#nss_map_attribute uniqueMember member |
|||
|
|||
# Services for UNIX 3.5 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount User |
|||
#nss_map_attribute uid msSFU30Name |
|||
#nss_map_attribute uniqueMember msSFU30PosixMember |
|||
#nss_map_attribute userPassword msSFU30Password |
|||
#nss_map_attribute homeDirectory msSFU30HomeDirectory |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_objectclass posixGroup Group |
|||
#pam_login_attribute msSFU30Name |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-mssfu-schema is no longer supported. |
|||
# Services for UNIX 2.0 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid msSFUName |
|||
#nss_map_attribute uniqueMember posixMember |
|||
#nss_map_attribute userPassword msSFUPassword |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup Group |
|||
#nss_map_attribute cn msSFUName |
|||
#pam_login_attribute msSFUName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# RFC 2307 (AD) mappings |
|||
#nss_map_objectclass posixAccount user |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid sAMAccountName |
|||
#nss_map_attribute homeDirectory unixHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup group |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute sAMAccountName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-authpassword is no longer supported |
|||
# AuthPassword mappings |
|||
#nss_map_attribute userPassword authPassword |
|||
|
|||
# AIX SecureWay mappings |
|||
#nss_map_objectclass posixAccount aixAccount |
|||
#nss_base_passwd ou=aixaccount,?one |
|||
#nss_map_attribute uid userName |
|||
#nss_map_attribute gidNumber gid |
|||
#nss_map_attribute uidNumber uid |
|||
#nss_map_attribute userPassword passwordChar |
|||
#nss_map_objectclass posixGroup aixAccessGroup |
|||
#nss_base_group ou=aixgroup,?one |
|||
#nss_map_attribute cn groupName |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute userName |
|||
#pam_filter objectclass=aixAccount |
|||
#pam_password clear |
|||
|
|||
# For pre-RFC2307bis automount schema |
|||
#nss_map_objectclass automountMap nisMap |
|||
#nss_map_attribute automountMapName nisMapName |
|||
#nss_map_objectclass automount nisObject |
|||
#nss_map_attribute automountKey cn |
|||
#nss_map_attribute automountInformation nisMapEntry |
|||
|
|||
# Netscape SDK LDAPS |
|||
#ssl on |
|||
|
|||
# Netscape SDK SSL options |
|||
#sslpath /etc/ssl/certs |
|||
|
|||
# OpenLDAP SSL mechanism |
|||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 |
|||
#ssl start_tls |
|||
#ssl on |
|||
|
|||
# OpenLDAP SSL options |
|||
# Require and verify server certificate (yes/no) |
|||
# Default is to use libldap's default behavior, which can be configured in |
|||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for |
|||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". |
|||
#tls_checkpeer yes |
|||
|
|||
# CA certificates for server certificate verification |
|||
# At least one of these are required if tls_checkpeer is "yes" |
|||
#tls_cacertfile /etc/ssl/ca.cert |
|||
#tls_cacertdir /etc/ssl/certs |
|||
|
|||
# Seed the PRNG if /dev/urandom is not provided |
|||
#tls_randfile /var/run/egd-pool |
|||
|
|||
# SSL cipher suite |
|||
# See man ciphers for syntax |
|||
#tls_ciphers TLSv1 |
|||
|
|||
# Client certificate and key |
|||
# Use these, if your server requires client authentication. |
|||
#tls_cert |
|||
#tls_key |
|||
|
|||
# Disable SASL security layers. This is needed for AD. |
|||
#sasl_secprops maxssf=0 |
|||
|
|||
# Override the default Kerberos ticket cache location. |
|||
#krb5_ccname FILE:/etc/.ldapcache |
|||
|
@ -0,0 +1,19 @@ |
|||
# /etc/nsswitch.conf |
|||
# |
|||
# Example configuration of GNU Name Service Switch functionality. |
|||
# If you have the `glibc-doc-reference' and `info' packages installed, try: |
|||
# `info libc "Name Service Switch"' for information about this file. |
|||
|
|||
passwd: compat ldap |
|||
group: compat ldap |
|||
shadow: compat |
|||
|
|||
hosts: files dns |
|||
networks: files |
|||
|
|||
protocols: db files |
|||
services: db files |
|||
ethers: db files |
|||
rpc: db files |
|||
|
|||
netgroup: nis |
@ -0,0 +1,10 @@ |
|||
#!/bin/sh |
|||
|
|||
set -e |
|||
|
|||
sed "s/@user@/${FPM_USER}/g; s/@variant@/${FPM_VARIANT}/g" \ |
|||
< /usr/local/etc/fpm-pool.conf.tmpl \ |
|||
> "/etc/php5/fpm/pool.d/${FPM_USER}.conf" |
|||
|
|||
/etc/init.d/nullmailer start |
|||
/usr/sbin/php5-fpm --nodaemonize |
@ -0,0 +1,58 @@ |
|||
#!/bin/sh |
|||
|
|||
set -e |
|||
valid_users=$(getent passwd | grep ^usr | cut -d : -f 1) |
|||
|
|||
if [ $# -lt 2 ]; then |
|||
echo "Usage: $0 <dist> [<variant>] <user>" |
|||
echo |
|||
echo "<dist> is one of wheezy, jessie, stretch, buster" |
|||
echo "<variant> is one of mysql or pgsql" |
|||
echo "<user> is a user name defined in ldap and on file" |
|||
echo |
|||
for u in $valid_users; do echo $u; done | xargs -n 10 echo |
|||
exit 1 |
|||
fi |
|||
|
|||
if [ $# -eq 3 ]; then |
|||
dist=$1 |
|||
username="$3" |
|||
variant="-$2" |
|||
else |
|||
dist=$1 |
|||
username="$2" |
|||
variant="" |
|||
fi |
|||
|
|||
case $dist in |
|||
wheezy|jessie) |
|||
image=gnuviech/${dist}_php5${variant} |
|||
;; |
|||
stretch|buster) |
|||
image=gnuviech/${dist}_php7${variant} |
|||
;; |
|||
*) |
|||
echo "Unknown distribution $dist" |
|||
exit 2 |
|||
esac |
|||
|
|||
for u in $valid_users; do |
|||
if [ "$u" = "${username}" ]; then |
|||
choosen_user=$u |
|||
fi |
|||
done |
|||
|
|||
if [ -z "$choosen_user" ]; then |
|||
echo "Invalid user ${username}" |
|||
exit 3 |
|||
fi |
|||
|
|||
docker run \ |
|||
--volume-driver=nfs --net=host --rm --detach \ |
|||
-v "file/web/$choosen_user:/srv" \ |
|||
-v "/var/run/php-fpm-docker:/var/run/php-fpm-docker" \ |
|||
-v "/var/log/php-fpm-docker:/var/log/php-fpm-docker" \ |
|||
-e "FPM_USER=$choosen_user" \ |
|||
-e "FPM_VARIANT=${dist}${variant}" \ |
|||
--name "${choosen_user}_${dist}${variant}" \ |
|||
"$image" |
@ -0,0 +1,8 @@ |
|||
FROM gnuviech/stretch_php7-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,32 @@ |
|||
FROM debian:stretch |
|||
LABEL maintainer="jan@dittberner.info" |
|||
VOLUME /srv |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
dumb-init \ |
|||
libnss-ldap \ |
|||
nullmailer \ |
|||
php-curl \ |
|||
php-fpm \ |
|||
php-gd \ |
|||
php-imagick \ |
|||
php-imap \ |
|||
php-json \ |
|||
php-mail \ |
|||
php-mail-mime \ |
|||
php-mbstring \ |
|||
php-mcrypt \ |
|||
php-net-smtp \ |
|||
php-net-socket \ |
|||
php-opcache \ |
|||
php-pspell \ |
|||
php-sqlite3 \ |
|||
psmisc \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/ |
|||
|
|||
RUN rm -f /etc/php/7.0/fpm/pool.d/www.conf |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/stretch_php7-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php-mysql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/stretch_php7-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php-pgsql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
[@user@] |
|||
user = @user@ |
|||
group = @user@ |
|||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock |
|||
listen.owner = www-data |
|||
listen.group = www-data |
|||
pm = dynamic |
|||
pm.max_children = 20 |
|||
pm.start_servers = 2 |
|||
pm.min_spare_servers = 1 |
|||
pm.max_spare_servers = 3 |
|||
pm.max_requests = 1000 |
|||
chdir = / |
|||
request_slowlog_timeout = 10s |
|||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log |
@ -0,0 +1,323 @@ |
|||
###DEBCONF### |
|||
# the configuration of this file will be done by debconf as long as the |
|||
# first line of the file says '###DEBCONF###' |
|||
# |
|||
# you should use dpkg-reconfigure libnss-ldap to configure this file. |
|||
# |
|||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $ |
|||
# |
|||
# This is the configuration file for the LDAP nameservice |
|||
# switch library and the LDAP PAM module. |
|||
# |
|||
# PADL Software |
|||
# http://www.padl.com |
|||
# |
|||
|
|||
# Your LDAP server. Must be resolvable without using LDAP. |
|||
# Multiple hosts may be specified, each separated by a |
|||
# space. How long nss_ldap takes to failover depends on |
|||
# whether your LDAP client library supports configurable |
|||
# network or connect timeouts (see bind_timelimit). |
|||
#host 127.0.0.1 |
|||
|
|||
# The distinguished name of the search base. |
|||
base dc=gnuviech,dc=internal |
|||
|
|||
# Another way to specify your LDAP server is to provide an |
|||
uri ldap://10.0.0.11/ |
|||
# Unix Domain Sockets to connect to a local LDAP Server. |
|||
#uri ldap://127.0.0.1/ |
|||
#uri ldaps://127.0.0.1/ |
|||
#uri ldapi://%2fvar%2frun%2fldapi_sock/ |
|||
# Note: %2f encodes the '/' used as directory separator |
|||
|
|||
# The LDAP version to use (defaults to 3 |
|||
# if supported by client library) |
|||
ldap_version 3 |
|||
|
|||
# The distinguished name to bind to the server with. |
|||
# Optional: default is to bind anonymously. |
|||
# Please do not put double quotes around it as they |
|||
# would be included literally. |
|||
#binddn cn=proxyuser,dc=padl,dc=com |
|||
|
|||
# The credentials to bind with. |
|||
# Optional: default is no credential. |
|||
#bindpw secret |
|||
|
|||
# The distinguished name to bind to the server with |
|||
# if the effective user ID is root. Password is |
|||
# stored in /etc/libnss-ldap.secret (mode 600) |
|||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead |
|||
# of an editor to create the file. |
|||
#rootbinddn cn=manager,dc=example,dc=net |
|||
|
|||
# The port. |
|||
# Optional: default is 389. |
|||
#port 389 |
|||
|
|||
# The search scope. |
|||
#scope sub |
|||
#scope one |
|||
#scope base |
|||
|
|||
# Search timelimit |
|||
#timelimit 30 |
|||
|
|||
# Bind/connect timelimit |
|||
#bind_timelimit 30 |
|||
|
|||
# Reconnect policy: |
|||
# hard_open: reconnect to DSA with exponential backoff if |
|||
# opening connection failed |
|||
# hard_init: reconnect to DSA with exponential backoff if |
|||
# initializing connection failed |
|||
# hard: alias for hard_open |
|||
# soft: return immediately on server failure |
|||
#bind_policy hard |
|||
|
|||
# Connection policy: |
|||
# persist: DSA connections are kept open (default) |
|||
# oneshot: DSA connections destroyed after request |
|||
#nss_connect_policy persist |
|||
|
|||
# Idle timelimit; client will close connections |
|||
# (nss_ldap only) if the server has not been contacted |
|||
# for the number of seconds specified below. |
|||
#idle_timelimit 3600 |
|||
|
|||
# Use paged rseults |
|||
#nss_paged_results yes |
|||
|
|||
# Pagesize: when paged results enable, used to set the |
|||
# pagesize to a custom value |
|||
#pagesize 1000 |
|||
|
|||
# Filter to AND with uid=%s |
|||
#pam_filter objectclass=account |
|||
|
|||
# The user ID attribute (defaults to uid) |
|||
#pam_login_attribute uid |
|||
|
|||
# Search the root DSE for the password policy (works |
|||
# with Netscape Directory Server) |
|||
#pam_lookup_policy yes |
|||
|
|||
# Check the 'host' attribute for access control |
|||
# Default is no; if set to yes, and user has no |
|||
# value for the host attribute, and pam_ldap is |
|||
# configured for account management (authorization) |
|||
# then the user will not be allowed to login. |
|||
#pam_check_host_attr yes |
|||
|
|||
# Check the 'authorizedService' attribute for access |
|||
# control |
|||
# Default is no; if set to yes, and the user has no |
|||
# value for the authorizedService attribute, and |
|||
# pam_ldap is configured for account management |
|||
# (authorization) then the user will not be allowed |
|||
# to login. |
|||
#pam_check_service_attr yes |
|||
|
|||
# Group to enforce membership of |
|||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com |
|||
|
|||
# Group member attribute |
|||
#pam_member_attribute uniquemember |
|||
|
|||
# Specify a minium or maximum UID number allowed |
|||
#pam_min_uid 0 |
|||
#pam_max_uid 0 |
|||
|
|||
# Template login attribute, default template user |
|||
# (can be overriden by value of former attribute |
|||
# in user's entry) |
|||
#pam_login_attribute userPrincipalName |
|||
#pam_template_login_attribute uid |
|||
#pam_template_login nobody |
|||
|
|||
# HEADS UP: the pam_crypt, pam_nds_passwd, |
|||
# and pam_ad_passwd options are no |
|||
# longer supported. |
|||
# |
|||
# Do not hash the password at all; presume |
|||
# the directory server will do it, if |
|||
# necessary. This is the default. |
|||
#pam_password clear |
|||
|
|||
# Hash password locally; required for University of |
|||
# Michigan LDAP server, and works with Netscape |
|||
# Directory Server if you're using the UNIX-Crypt |
|||
# hash mechanism and not using the NT Synchronization |
|||
# service. |
|||
#pam_password crypt |
|||
|
|||
# Remove old password first, then update in |
|||
# cleartext. Necessary for use with Novell |
|||
# Directory Services (NDS) |
|||
#pam_password nds |
|||
|
|||
# RACF is an alias for the above. For use with |
|||
# IBM RACF |
|||
#pam_password racf |
|||
|
|||
# Update Active Directory password, by |
|||
# creating Unicode password and updating |
|||
# unicodePwd attribute. |
|||
#pam_password ad |
|||
|
|||
# Use the OpenLDAP password change |
|||
# extended operation to update the password. |
|||
#pam_password exop |
|||
|
|||
# Redirect users to a URL or somesuch on password |
|||
# changes. |
|||
#pam_password_prohibit_message Please visit http://internal to change your password. |
|||
|
|||
# Use backlinks for answering initgroups() |
|||
#nss_initgroups backlink |
|||
|
|||
# Enable support for RFC2307bis (distinguished names in group |
|||
# members) |
|||
#nss_schema rfc2307bis |
|||
|
|||
# RFC2307bis naming contexts |
|||
# Syntax: |
|||
# nss_base_XXX base?scope?filter |
|||
# where scope is {base,one,sub} |
|||
# and filter is a filter to be &'d with the |
|||
# default filter. |
|||
# You can omit the suffix eg: |
|||
# nss_base_passwd ou=People, |
|||
# to append the default base DN but this |
|||
# may incur a small performance impact. |
|||
#nss_base_passwd ou=People,dc=padl,dc=com?one |
|||
#nss_base_shadow ou=People,dc=padl,dc=com?one |
|||
#nss_base_group ou=Group,dc=padl,dc=com?one |
|||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one |
|||
#nss_base_services ou=Services,dc=padl,dc=com?one |
|||
#nss_base_networks ou=Networks,dc=padl,dc=com?one |
|||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one |
|||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one |
|||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne |
|||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one |
|||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one |
|||
|
|||
# attribute/objectclass mapping |
|||
# Syntax: |
|||
#nss_map_attribute rfc2307attribute mapped_attribute |
|||
#nss_map_objectclass rfc2307objectclass mapped_objectclass |
|||
|
|||
# configure --enable-nds is no longer supported. |
|||
# NDS mappings |
|||
#nss_map_attribute uniqueMember member |
|||
|
|||
# Services for UNIX 3.5 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount User |
|||
#nss_map_attribute uid msSFU30Name |
|||
#nss_map_attribute uniqueMember msSFU30PosixMember |
|||
#nss_map_attribute userPassword msSFU30Password |
|||
#nss_map_attribute homeDirectory msSFU30HomeDirectory |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_objectclass posixGroup Group |
|||
#pam_login_attribute msSFU30Name |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-mssfu-schema is no longer supported. |
|||
# Services for UNIX 2.0 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid msSFUName |
|||
#nss_map_attribute uniqueMember posixMember |
|||
#nss_map_attribute userPassword msSFUPassword |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup Group |
|||
#nss_map_attribute cn msSFUName |
|||
#pam_login_attribute msSFUName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# RFC 2307 (AD) mappings |
|||
#nss_map_objectclass posixAccount user |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid sAMAccountName |
|||
#nss_map_attribute homeDirectory unixHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup group |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute sAMAccountName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-authpassword is no longer supported |
|||
# AuthPassword mappings |
|||
#nss_map_attribute userPassword authPassword |
|||
|
|||
# AIX SecureWay mappings |
|||
#nss_map_objectclass posixAccount aixAccount |
|||
#nss_base_passwd ou=aixaccount,?one |
|||
#nss_map_attribute uid userName |
|||
#nss_map_attribute gidNumber gid |
|||
#nss_map_attribute uidNumber uid |
|||
#nss_map_attribute userPassword passwordChar |
|||
#nss_map_objectclass posixGroup aixAccessGroup |
|||
#nss_base_group ou=aixgroup,?one |
|||
#nss_map_attribute cn groupName |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute userName |
|||
#pam_filter objectclass=aixAccount |
|||
#pam_password clear |
|||
|
|||
# For pre-RFC2307bis automount schema |
|||
#nss_map_objectclass automountMap nisMap |
|||
#nss_map_attribute automountMapName nisMapName |
|||
#nss_map_objectclass automount nisObject |
|||
#nss_map_attribute automountKey cn |
|||
#nss_map_attribute automountInformation nisMapEntry |
|||
|
|||
# Netscape SDK LDAPS |
|||
#ssl on |
|||
|
|||
# Netscape SDK SSL options |
|||
#sslpath /etc/ssl/certs |
|||
|
|||
# OpenLDAP SSL mechanism |
|||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 |
|||
#ssl start_tls |
|||
#ssl on |
|||
|
|||
# OpenLDAP SSL options |
|||
# Require and verify server certificate (yes/no) |
|||
# Default is to use libldap's default behavior, which can be configured in |
|||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for |
|||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". |
|||
#tls_checkpeer yes |
|||
|
|||
# CA certificates for server certificate verification |
|||
# At least one of these are required if tls_checkpeer is "yes" |
|||
#tls_cacertfile /etc/ssl/ca.cert |
|||
#tls_cacertdir /etc/ssl/certs |
|||
|
|||
# Seed the PRNG if /dev/urandom is not provided |
|||
#tls_randfile /var/run/egd-pool |
|||
|
|||
# SSL cipher suite |
|||
# See man ciphers for syntax |
|||
#tls_ciphers TLSv1 |
|||
|
|||
# Client certificate and key |
|||
# Use these, if your server requires client authentication. |
|||
#tls_cert |
|||
#tls_key |
|||
|
|||
# Disable SASL security layers. This is needed for AD. |
|||
#sasl_secprops maxssf=0 |
|||
|
|||
# Override the default Kerberos ticket cache location. |
|||
#krb5_ccname FILE:/etc/.ldapcache |
|||
|
@ -0,0 +1,19 @@ |
|||
# /etc/nsswitch.conf |
|||
# |
|||
# Example configuration of GNU Name Service Switch functionality. |
|||
# If you have the `glibc-doc-reference' and `info' packages installed, try: |
|||
# `info libc "Name Service Switch"' for information about this file. |
|||
|
|||
passwd: compat ldap |
|||
group: compat ldap |
|||
shadow: compat |
|||
|
|||
hosts: files dns |
|||
networks: files |
|||
|
|||
protocols: db files |
|||
services: db files |
|||
ethers: db files |
|||
rpc: db files |
|||
|
|||
netgroup: nis |
@ -0,0 +1,11 @@ |
|||
#!/bin/sh |
|||
|
|||
set -e |
|||
|
|||
sed "s/@user@/${FPM_USER}/g; s/@variant@/${FPM_VARIANT}/g" \ |
|||
< /usr/local/etc/fpm-pool.conf.tmpl \ |
|||
> "/etc/php/7.0/fpm/pool.d/${FPM_USER}.conf" |
|||
|
|||
/etc/init.d/nullmailer start |
|||
mkdir -p /run/php |
|||
/usr/sbin/php-fpm7.0 --nodaemonize |
@ -0,0 +1,8 @@ |
|||
FROM gnuviech/wheezy_php5-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,39 @@ |
|||
FROM debian:wheezy |
|||
LABEL maintainer="jan@dittberner.info" |
|||
VOLUME /srv |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
ca-certificates \ |
|||
curl \ |
|||
libnss-ldap \ |
|||
libphp-adodb \ |
|||
nullmailer \ |
|||
php-apc \ |
|||
php-mail-mime \ |
|||
php-mail-mimedecode \ |
|||
php-net-smtp \ |
|||
php-net-socket \ |
|||
php5-adodb \ |
|||
php5-curl \ |
|||
php5-fpm \ |
|||
php5-gd \ |
|||
php5-gmp \ |
|||
php5-imap \ |
|||
php5-intl \ |
|||
php5-mcrypt \ |
|||
php5-pspell \ |
|||
php5-sqlite \ |
|||
php5-xmlrpc \ |
|||
procps \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
RUN curl -o dumb-init_1.2.2.deb -L https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64.deb && \ |
|||
dpkg -i dumb-init_1.2.2.deb && \ |
|||
rm -f dumb-init_1.2.2.deb |
|||
|
|||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/ |
|||
|
|||
RUN rm -f /etc/php5/fpm/pool.d/www.conf |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/wheezy_php5-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php5-mysql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
FROM gnuviech/wheezy_php5-base:latest |
|||
LABEL maintainer="jan@dittberner.info" |
|||
|
|||
RUN apt-get update \ |
|||
&& DEBIAN_FRONTEND=noninteractive \ |
|||
apt-get install -y --no-install-recommends \ |
|||
php5-pgsql \ |
|||
&& apt-get clean \ |
|||
&& rm -rf /var/lib/apt/lists/*.* |
|||
|
|||
COPY start-fpm.sh /usr/local/sbin |
|||
COPY fpm-pool.conf.tmpl /usr/local/etc |
|||
|
|||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |
|||
CMD ["/usr/local/sbin/start-fpm.sh"] |
@ -0,0 +1,15 @@ |
|||
[@user@] |
|||
user = @user@ |
|||
group = @user@ |
|||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock |
|||
listen.owner = www-data |
|||
listen.group = www-data |
|||
pm = dynamic |
|||
pm.max_children = 20 |
|||
pm.start_servers = 2 |
|||
pm.min_spare_servers = 1 |
|||
pm.max_spare_servers = 3 |
|||
pm.max_requests = 1000 |
|||
chdir = / |
|||
request_slowlog_timeout = 10s |
|||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log |
@ -0,0 +1,323 @@ |
|||
###DEBCONF### |
|||
# the configuration of this file will be done by debconf as long as the |
|||
# first line of the file says '###DEBCONF###' |
|||
# |
|||
# you should use dpkg-reconfigure libnss-ldap to configure this file. |
|||
# |
|||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $ |
|||
# |
|||
# This is the configuration file for the LDAP nameservice |
|||
# switch library and the LDAP PAM module. |
|||
# |
|||
# PADL Software |
|||
# http://www.padl.com |
|||
# |
|||
|
|||
# Your LDAP server. Must be resolvable without using LDAP. |
|||
# Multiple hosts may be specified, each separated by a |
|||
# space. How long nss_ldap takes to failover depends on |
|||
# whether your LDAP client library supports configurable |
|||
# network or connect timeouts (see bind_timelimit). |
|||
#host 127.0.0.1 |
|||
|
|||
# The distinguished name of the search base. |
|||
base dc=gnuviech,dc=internal |
|||
|
|||
# Another way to specify your LDAP server is to provide an |
|||
uri ldap://10.0.0.11/ |
|||
# Unix Domain Sockets to connect to a local LDAP Server. |
|||
#uri ldap://127.0.0.1/ |
|||
#uri ldaps://127.0.0.1/ |
|||
#uri ldapi://%2fvar%2frun%2fldapi_sock/ |
|||
# Note: %2f encodes the '/' used as directory separator |
|||
|
|||
# The LDAP version to use (defaults to 3 |
|||
# if supported by client library) |
|||
ldap_version 3 |
|||
|
|||
# The distinguished name to bind to the server with. |
|||
# Optional: default is to bind anonymously. |
|||
# Please do not put double quotes around it as they |
|||
# would be included literally. |
|||
#binddn cn=proxyuser,dc=padl,dc=com |
|||
|
|||
# The credentials to bind with. |
|||
# Optional: default is no credential. |
|||
#bindpw secret |
|||
|
|||
# The distinguished name to bind to the server with |
|||
# if the effective user ID is root. Password is |
|||
# stored in /etc/libnss-ldap.secret (mode 600) |
|||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead |
|||
# of an editor to create the file. |
|||
#rootbinddn cn=manager,dc=example,dc=net |
|||
|
|||
# The port. |
|||
# Optional: default is 389. |
|||
#port 389 |
|||
|
|||
# The search scope. |
|||
#scope sub |
|||
#scope one |
|||
#scope base |
|||
|
|||
# Search timelimit |
|||
#timelimit 30 |
|||
|
|||
# Bind/connect timelimit |
|||
#bind_timelimit 30 |
|||
|
|||
# Reconnect policy: |
|||
# hard_open: reconnect to DSA with exponential backoff if |
|||
# opening connection failed |
|||
# hard_init: reconnect to DSA with exponential backoff if |
|||
# initializing connection failed |
|||
# hard: alias for hard_open |
|||
# soft: return immediately on server failure |
|||
#bind_policy hard |
|||
|
|||
# Connection policy: |
|||
# persist: DSA connections are kept open (default) |
|||
# oneshot: DSA connections destroyed after request |
|||
#nss_connect_policy persist |
|||
|
|||
# Idle timelimit; client will close connections |
|||
# (nss_ldap only) if the server has not been contacted |
|||
# for the number of seconds specified below. |
|||
#idle_timelimit 3600 |
|||
|
|||
# Use paged rseults |
|||
#nss_paged_results yes |
|||
|
|||
# Pagesize: when paged results enable, used to set the |
|||
# pagesize to a custom value |
|||
#pagesize 1000 |
|||
|
|||
# Filter to AND with uid=%s |
|||
#pam_filter objectclass=account |
|||
|
|||
# The user ID attribute (defaults to uid) |
|||
#pam_login_attribute uid |
|||
|
|||
# Search the root DSE for the password policy (works |
|||
# with Netscape Directory Server) |
|||
#pam_lookup_policy yes |
|||
|
|||
# Check the 'host' attribute for access control |
|||
# Default is no; if set to yes, and user has no |
|||
# value for the host attribute, and pam_ldap is |
|||
# configured for account management (authorization) |
|||
# then the user will not be allowed to login. |
|||
#pam_check_host_attr yes |
|||
|
|||
# Check the 'authorizedService' attribute for access |
|||
# control |
|||
# Default is no; if set to yes, and the user has no |
|||
# value for the authorizedService attribute, and |
|||
# pam_ldap is configured for account management |
|||
# (authorization) then the user will not be allowed |
|||
# to login. |
|||
#pam_check_service_attr yes |
|||
|
|||
# Group to enforce membership of |
|||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com |
|||
|
|||
# Group member attribute |
|||
#pam_member_attribute uniquemember |
|||
|
|||
# Specify a minium or maximum UID number allowed |
|||
#pam_min_uid 0 |
|||
#pam_max_uid 0 |
|||
|
|||
# Template login attribute, default template user |
|||
# (can be overriden by value of former attribute |
|||
# in user's entry) |
|||
#pam_login_attribute userPrincipalName |
|||
#pam_template_login_attribute uid |
|||
#pam_template_login nobody |
|||
|
|||
# HEADS UP: the pam_crypt, pam_nds_passwd, |
|||
# and pam_ad_passwd options are no |
|||
# longer supported. |
|||
# |
|||
# Do not hash the password at all; presume |
|||
# the directory server will do it, if |
|||
# necessary. This is the default. |
|||
#pam_password clear |
|||
|
|||
# Hash password locally; required for University of |
|||
# Michigan LDAP server, and works with Netscape |
|||
# Directory Server if you're using the UNIX-Crypt |
|||
# hash mechanism and not using the NT Synchronization |
|||
# service. |
|||
#pam_password crypt |
|||
|
|||
# Remove old password first, then update in |
|||
# cleartext. Necessary for use with Novell |
|||
# Directory Services (NDS) |
|||
#pam_password nds |
|||
|
|||
# RACF is an alias for the above. For use with |
|||
# IBM RACF |
|||
#pam_password racf |
|||
|
|||
# Update Active Directory password, by |
|||
# creating Unicode password and updating |
|||
# unicodePwd attribute. |
|||
#pam_password ad |
|||
|
|||
# Use the OpenLDAP password change |
|||
# extended operation to update the password. |
|||
#pam_password exop |
|||
|
|||
# Redirect users to a URL or somesuch on password |
|||
# changes. |
|||
#pam_password_prohibit_message Please visit http://internal to change your password. |
|||
|
|||
# Use backlinks for answering initgroups() |
|||
#nss_initgroups backlink |
|||
|
|||
# Enable support for RFC2307bis (distinguished names in group |
|||
# members) |
|||
#nss_schema rfc2307bis |
|||
|
|||
# RFC2307bis naming contexts |
|||
# Syntax: |
|||
# nss_base_XXX base?scope?filter |
|||
# where scope is {base,one,sub} |
|||
# and filter is a filter to be &'d with the |
|||
# default filter. |
|||
# You can omit the suffix eg: |
|||
# nss_base_passwd ou=People, |
|||
# to append the default base DN but this |
|||
# may incur a small performance impact. |
|||
#nss_base_passwd ou=People,dc=padl,dc=com?one |
|||
#nss_base_shadow ou=People,dc=padl,dc=com?one |
|||
#nss_base_group ou=Group,dc=padl,dc=com?one |
|||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one |
|||
#nss_base_services ou=Services,dc=padl,dc=com?one |
|||
#nss_base_networks ou=Networks,dc=padl,dc=com?one |
|||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one |
|||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one |
|||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne |
|||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one |
|||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one |
|||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one |
|||
|
|||
# attribute/objectclass mapping |
|||
# Syntax: |
|||
#nss_map_attribute rfc2307attribute mapped_attribute |
|||
#nss_map_objectclass rfc2307objectclass mapped_objectclass |
|||
|
|||
# configure --enable-nds is no longer supported. |
|||
# NDS mappings |
|||
#nss_map_attribute uniqueMember member |
|||
|
|||
# Services for UNIX 3.5 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount User |
|||
#nss_map_attribute uid msSFU30Name |
|||
#nss_map_attribute uniqueMember msSFU30PosixMember |
|||
#nss_map_attribute userPassword msSFU30Password |
|||
#nss_map_attribute homeDirectory msSFU30HomeDirectory |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_objectclass posixGroup Group |
|||
#pam_login_attribute msSFU30Name |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-mssfu-schema is no longer supported. |
|||
# Services for UNIX 2.0 mappings |
|||
#nss_map_objectclass posixAccount User |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid msSFUName |
|||
#nss_map_attribute uniqueMember posixMember |
|||
#nss_map_attribute userPassword msSFUPassword |
|||
#nss_map_attribute homeDirectory msSFUHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup Group |
|||
#nss_map_attribute cn msSFUName |
|||
#pam_login_attribute msSFUName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# RFC 2307 (AD) mappings |
|||
#nss_map_objectclass posixAccount user |
|||
#nss_map_objectclass shadowAccount user |
|||
#nss_map_attribute uid sAMAccountName |
|||
#nss_map_attribute homeDirectory unixHomeDirectory |
|||
#nss_map_attribute shadowLastChange pwdLastSet |
|||
#nss_map_objectclass posixGroup group |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute sAMAccountName |
|||
#pam_filter objectclass=User |
|||
#pam_password ad |
|||
|
|||
# configure --enable-authpassword is no longer supported |
|||
# AuthPassword mappings |
|||
#nss_map_attribute userPassword authPassword |
|||
|
|||
# AIX SecureWay mappings |
|||
#nss_map_objectclass posixAccount aixAccount |
|||
#nss_base_passwd ou=aixaccount,?one |
|||
#nss_map_attribute uid userName |
|||
#nss_map_attribute gidNumber gid |
|||
#nss_map_attribute uidNumber uid |
|||
#nss_map_attribute userPassword passwordChar |
|||
#nss_map_objectclass posixGroup aixAccessGroup |
|||
#nss_base_group ou=aixgroup,?one |
|||
#nss_map_attribute cn groupName |
|||
#nss_map_attribute uniqueMember member |
|||
#pam_login_attribute userName |
|||
#pam_filter objectclass=aixAccount |
|||
#pam_password clear |
|||
|
|||
# For pre-RFC2307bis automount schema |
|||
#nss_map_objectclass automountMap nisMap |
|||
#nss_map_attribute automountMapName nisMapName |
|||
#nss_map_objectclass automount nisObject |
|||
#nss_map_attribute automountKey cn |
|||
#nss_map_attribute automountInformation nisMapEntry |
|||
|
|||
# Netscape SDK LDAPS |
|||
#ssl on |
|||
|
|||
# Netscape SDK SSL options |
|||
#sslpath /etc/ssl/certs |
|||
|
|||
# OpenLDAP SSL mechanism |
|||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 |
|||
#ssl start_tls |
|||
#ssl on |
|||
|
|||
# OpenLDAP SSL options |
|||
# Require and verify server certificate (yes/no) |
|||
# Default is to use libldap's default behavior, which can be configured in |
|||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for |
|||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". |
|||
#tls_checkpeer yes |
|||
|
|||
# CA certificates for server certificate verification |
|||
# At least one of these are required if tls_checkpeer is "yes" |
|||
#tls_cacertfile /etc/ssl/ca.cert |
|||
#tls_cacertdir /etc/ssl/certs |
|||
|
|||
# Seed the PRNG if /dev/urandom is not provided |
|||
#tls_randfile /var/run/egd-pool |
|||
|
|||
# SSL cipher suite |
|||
# See man ciphers for syntax |
|||
#tls_ciphers TLSv1 |
|||
|
|||
# Client certificate and key |
|||
# Use these, if your server requires client authentication. |
|||
#tls_cert |
|||
#tls_key |
|||
|
|||
# Disable SASL security layers. This is needed for AD. |
|||
#sasl_secprops maxssf=0 |
|||
|
|||
# Override the default Kerberos ticket cache location. |
|||
#krb5_ccname FILE:/etc/.ldapcache |
|||
|
@ -0,0 +1,19 @@ |
|||
# /etc/nsswitch.conf |
|||
# |
|||
# Example configuration of GNU Name Service Switch functionality. |
|||
# If you have the `glibc-doc-reference' and `info' packages installed, try: |
|||
# `info libc "Name Service Switch"' for information about this file. |
|||
|
|||
passwd: compat ldap |
|||
group: compat ldap |
|||
shadow: compat |
|||
|
|||
hosts: files dns |
|||
networks: files |
|||
|
|||
protocols: db files |
|||
services: db files |
|||
ethers: db files |
|||
rpc: db files |
|||
|
|||