From 547af79f2b212557155cd0f129682a8b16b39681 Mon Sep 17 00:00:00 2001 From: Louis De Jaeger Date: Mon, 20 Mar 2017 16:57:14 +0100 Subject: [PATCH 1/2] Added AD config --- Dockerfile | 5 ++++- howtorun | 20 ++++++++++++++++++++ jaas.conf | 13 +++++++++++++ start.sh | 2 +- 4 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 howtorun create mode 100644 jaas.conf diff --git a/Dockerfile b/Dockerfile index 5050ce2..68e16e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,10 @@ RUN mkdir -p /opt \ EXPOSE 8443/tcp VOLUME ["/a/keydb"] +RUN rm /opt/KeyBox-jetty/jetty/keybox/WEB-INF/classes/jaas.conf +ADD jaas.conf /opt/KeyBox-jetty/jetty/keybox/WEB-INF/classes/jaas.conf + ADD start.sh /a/start.sh RUN chmod +x /a/start.sh -ENTRYPOINT ["/a/start.sh"] \ No newline at end of file +ENTRYPOINT ["/a/start.sh"] diff --git a/howtorun b/howtorun new file mode 100644 index 0000000..4f76b9d --- /dev/null +++ b/howtorun @@ -0,0 +1,20 @@ +Build the docker image + +$ docker build -t keybox-ad . + +$ docker run -d \ + -v /Users/louis.dejaeger/Docker/keybox:/a/keydb \ + -p 8443:8443 \ + -e resetApplicationSSHKey=false \ + -e sshKeyType=rsa \ + -e privateKey=/a/keydb/sshkey/private \ + -e publicKey=/a/keydb/sshkey/private.pub \ + -e enableInternalAudit=false \ + -e deleteAuditLogAfter=90 \ + -e serverAliveInterval=60 \ + -e oneTimePassword=optional \ + -e keyManagementEnabled=true \ + -e forceUserKeyGeneration=false \ + -e authKeysRefreshInterval=120 \ + -e jaasModule=ldap-ad \ + keybox-ad diff --git a/jaas.conf b/jaas.conf new file mode 100644 index 0000000..c03f598 --- /dev/null +++ b/jaas.conf @@ -0,0 +1,13 @@ +ldap-ad { + //AD example config + com.sun.security.auth.module.LdapLoginModule REQUIRED + userProvider="ldap://:389/DC=,DC=" + //authIdentity="{USERNAME}" + userFilter="(&(samAccountName={USERNAME})(objectClass=user))" + authzIdentity="{displayName}" //set this to return full name + java.naming.security.authentication="simple" + java.naming.security.principal="" + java.naming.security.credentials="" + useSSL=false + debug=false; +}; diff --git a/start.sh b/start.sh index 33d2956..421c79b 100644 --- a/start.sh +++ b/start.sh @@ -35,4 +35,4 @@ ln -sf /a/keydb /opt/KeyBox-jetty/jetty/keybox/WEB-INF/classes/ #Start keybox cd /opt/KeyBox-jetty/jetty/ -java -Xmx1024m -jar start.jar \ No newline at end of file +java -Xmx1024m -jar start.jar From c2eb7510e5b324abe5475270e78b30e2071ae734 Mon Sep 17 00:00:00 2001 From: Louis De Jaeger Date: Mon, 20 Mar 2017 17:01:39 +0100 Subject: [PATCH 2/2] Update of readme --- README.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 054b564..7eb93e2 100644 --- a/README.md +++ b/README.md @@ -178,7 +178,6 @@ set an audit log server using log4j (ex: logstash). Edit the log4j.xml to config enable two-factor authentication - ### Example: ```console @@ -188,6 +187,27 @@ In this example two-factor authentication is disabled and the SSH Key Length is If you use docker-compose you can get a example "docker-compose.yml" in my GitHub Repository. +## Active directory +Edit the jaas.conf file and include the necessary data. + +### Example +```console +ldap-ad { + //AD example config + com.sun.security.auth.module.LdapLoginModule REQUIRED + userProvider="ldap://172.16.0.1:389/DC=company,DC=com" + //authIdentity="{USERNAME}" + userFilter="(&(samAccountName={USERNAME})(objectClass=user))" + authzIdentity="{displayName}" //set this to return full name + java.naming.security.authentication="simple" + java.naming.security.principal="CN=service ldap,OU=Active Directory,OU=Service Accounts,DC=company,DC=com" + java.naming.security.credentials="passw0rd" + useSSL=false + debug=false; +}; + +``` + ## Supported Docker versions This image is officially supported on Docker version 1.9.1. @@ -198,4 +218,4 @@ Support for older versions (down to 1.6) is provided on a best-effort basis. ## Issues -If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/aditosoftware/docker-keybox/issues). \ No newline at end of file +If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/aditosoftware/docker-keybox/issues).