Description Enterprise-grade OpenLDAP container with FIPS 140-2 compliance for secure directory services. Features include hardened security configurations, STIG compliance, and optimized performance for authentication and directory management in regulated environments.
Key Features Core capabilities and strengths of this container
FIPS 140-2 validated cryptographic modules STIG-compliant security configurations High-performance directory services Enterprise authentication support Common Use Cases Typical scenarios where this container excels
Enterprise directory services Government and military deployments Healthcare authentication systems Financial services infrastructure Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/openldap-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/openldap-fips:latest-devBasic Run Run the container with basic configuration
bash docker run -d --name openldap-fips \
-p 389:389 \
-p 636:636 \
clnstrt-images.cleanstart.com/$ORGANIZATION/openldap-fips:latestProduction Deployment Deploy with production security settings
bash docker run -d --name openldap-fips-prod \
--read-only \
--security-opt=no-new-privileges \
-p 389:389 \
-p 636:636 \
-v ldap-data:/var/lib/ldap \
-v ldap-config:/etc/ldap/slapd.d \
-e LDAP_ORGANISATION="Example Corp" \
-e LDAP_DOMAIN="example.com" \
clnstrt-images.cleanstart.com/$ORGANIZATION/openldap-fips:latestVolume Mount Mount local directory for persistent data
bash docker run -d \
-v ldap-data:/var/lib/ldap \
-v ldap-config:/etc/ldap/slapd.d \
clnstrt-images.cleanstart.com/$ORGANIZATION/openldap-fips:latestPort Forwarding Run with custom port mappings
bash docker run -d \
-p 1389:389 \
-p 1636:636 \
clnstrt-images.cleanstart.com/$ORGANIZATION/openldap-fips:latestEnvironment Variables Configuration options available through environment variables
| Variable | Default | Description |
|----------|---------|-------------|
| LDAP_ORGANISATION | Example Inc | Organization name |
| LDAP_DOMAIN | example.com | LDAP domain |
| LDAP_ADMIN_PASSWORD | admin | Admin password |
| LDAP_CONFIG_PASSWORD | config | Config password |
| LDAP_TLS | true | Enable TLS |
| LDAP_READONLY_USER | false | Enable readonly user | Security Best Practices Recommended security configurations and practices
Always use TLS/SSL for production deployments Implement strong password policies Regular backup of LDAP data Monitor access logs for suspicious activity Use custom certificates for production Implement access control lists (ACLs) Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
add: ["NET_BIND_SERVICE"]Documentation Resources Essential links and resources for further information