Docker Volumes

[luckyraul]

What folders should I share within image to keep settings ?
I use 2.0.5 currently

[coudot]

If you have the default configuration backend, you need to keep /var/lib/lemonldap-ng/conf/

[luckyraul]

Your production docker image does not have VOLUME inside. It is not only question

[luckyraul]

If I want custom theme and LDAP auth?

[j-ledoux]

Hey @luckyraul you don't necessarily need a volume to de declared in the Dockerfile, you can declare a volume mount in your docker-compose.yml file in the volumes section (see https://docs.docker.com/compose/compose-file/#volumes)

If you want to add a custom theme to the container, you can use volumes mount as well, or extends Lemonldap-ng image to copy your own custom theme inside the container.
Here is a link that explain how to create a custom theme: https://lemonldap-ng.org/documentation/latest/portalcustom

LDAP auth conf is also explained here: https://lemonldap-ng.org/documentation/latest/authldap?s[]=ldap
Much of it has to be done in the configuration files. Although, it is a bit more complicated if you need a TLS connection. You'd have to customize LDAP conf. Here is how I achieve this with CentOS or Debian:

RUN \
    # LDAP SSL Certificates (will be stored in an mount volume)
    mkdir -p /etc/ldap/certs && \
    { \
        echo 'TLS_REQCERT never'; \
        echo 'TLS_CACERT /etc/ldap/certs/ca-cert.pem'; \
        echo 'TLS_CACERTDIR /etc/ldap/certs'; \
    } > /etc/ldap/ldap.conf

Then use a volume mount to set your certificate, such as

  volumes:
    - ../certificates/ca-cert-local.pem:/etc/ldap/certs/ca-cert.pem:ro

[luckyraul]

Thanks, I know about docker-compose.
Normally I look in Dokerfile to find persistent folders.
I did not find them.

[luckyraul]

If I share the conf folder, It is not starting. You probably should copy the default config if it is not exists in the entrypoint

Unable to protect this server (Lemonldap::NG::Common::Conf::Backends::File loaded. Error: No configuration available in backend. Error: No configuration found in local cache)

[luckyraul]

Also You should create folders inside /var/lib/lemonldap-ng/sessions

Could not open file (/var/lib/lemonldap-ng/sessions/lock/Apache-Session-0c2506b69add847765e6927b1a2ffdba5d6d7e7ed362e459ca97b4eee1d2bae7.lock)

[j-ledoux]

Indeed you need to put a configuration file in your local volume first which has to be named lmConf-1.json by default, or lmConf-1.yaml if you set YAMLFile type in lemonldap-ng.ini file located in /var/lib/lemonldap-ng.

You can find sample of those files in gitlab repo here and here.

You might also need to dig a bit into Nginx or Apache2 conf.

Take a look at this repo as well (it is also on Docker Hub), I haven't tried it out myself but this guy seems to have spent a lot of time to make Lemonldap-ng work out of the box.

[j-ledoux]

Also You should create folders /var/lib/lemonldap-ng/sessions

Could not open file (/var/lib/lemonldap-ng/sessions/lock/Apache-Session-0c2506b69add847765e6927b1a2ffdba5d6d7e7ed362e459ca97b4eee1d2bae7.lock)

At first I've added named volume for session file too

In your service:

lemonldap:
....
  volumes:
    - lemonldap-sessions:/var/lib/lemonldap-ng/sessions
    - lemonldap-psessions:/var/lib/lemonldap-ng/psessions
...

And in the volumes section:

volumes:
    lemonldap-sessions:
        driver: local
    lemonldap-psessions:
        driver: local

But regarding performances, you better set up a Redis or MySQL server for sessions storage. It is also more reliable for persisting data.

[luckyraul]

You don't understand the issue =)
When I mount folders - they are empty.
When I created /var/lib/lemonldap-ng/sessions/lock - the issue resolved

It should be normalized in the entrypoint.sh

[j-ledoux]

My bad, normally you shouldn’t have to do that, I guess your issue is related to the user that runs the web server and/or lemonldap’s folders users and permissions. I’ve run into similar issues myself.

[luckyraul]

Yes, I did chown

[coudot]

@luckyraul could you test the latest commits? #28

[luckyraul]

Sorry for late answer
@coudot PR is not working. Still have empty folders if mount them. And you definitely need to chown folders before start

drwxrwx--- 2 www-data www-data 4096 Jun 29 21:00 captcha
drwxr-xr-x 2 root     root     4096 Aug 10 00:08 conf
drwxr-x--- 2 www-data www-data 4096 Aug 10 00:01 conf-orig
drwxrwx--- 2 www-data www-data 4096 Jun 29 21:00 notifications
drwxr-xr-x 2 root     root     4096 Aug 10 00:08 psessions
drwxrwx--- 3 www-data www-data 4096 Aug 10 00:00 psessions-orig
drwxr-xr-x 2 root     root     4096 Aug 10 00:08 sessions
drwxrwx--- 3 www-data www-data 4096 Aug 10 00:00 sessions-orig
drwxr-xr-x 2 root     root     4096 Aug 10 00:00 test

[coudot]

Hello @luckyraul , see #30 from @tdemaret

[luckyraul]

Sorry for late answer, I think you need to chown after copy...

ls -la /var/lib/lemonldap-ng/
total 48
drwxr-xr-x 1 root     root     4096 Sep 10 09:18 .
drwxr-xr-x 1 root     root     4096 Aug 10 00:00 ..
drwxrwx--- 2 www-data www-data 4096 Jun 29 21:00 captcha
drwxr-xr-x 2 www-data www-data 4096 Sep 10 10:16 conf
drwxr-x--- 2 www-data www-data 4096 Aug 10 00:01 conf-orig
drwxrwx--- 2 www-data www-data 4096 Jun 29 21:00 notifications
drwxr-xr-x 2 root     root     4096 Aug 10 00:08 psessions
drwxrwx--- 3 www-data www-data 4096 Aug 10 00:00 psessions-orig
drwxr-xr-x 2 root     root     4096 Aug 10 00:08 sessions
drwxrwx--- 3 www-data www-data 4096 Aug 10 00:00 sessions-orig
drwxr-xr-x 2 root     root     4096 Aug 10 00:00 test
root@c0c69b70afe0:/# ls -la /var/lib/lemonldap-ng/conf
total 16
drwxr-xr-x 2 www-data www-data 4096 Sep 10 10:16 .
drwxr-xr-x 1 root     root     4096 Sep 10 09:18 ..
-rw-r----- 1 root     www-data 5865 Sep 10 10:16 lmConf-1.json