This guide explains how to compile OpenLDAP on arm64, and include it in a bitnami/openldap image build, that runs on arm64-based CPUs such as Raspberry Pi 4.
Not affiliated with Bitnami.
Use at your own risk, no guarantee provided.
⚠️ Don't use on production unless you know what you are doing!
bitnami/openldap Docker Hub | Github
As there is no official support yet for arm64 (see: https://github.com/bitnami/bitnami-docker-openldap/issues/18, bitnami/charts#7305), I decided to make my own, and document the steps for others and for my future self :)
- Compile (build) OpenLDAP 2.6 for arm64
- Package the compiled binary
- Modify
bitnami/openldaps Dockerfile - Deploy the modified image to a pi
- You're here
- Tested hardware
- Contribute
- Start
- Raspberry Pi 4 (RPI OS Lite x64)
Contributions are needed especially given the vast options OpenLDAP offers
If you had an issue, and fixed it: please feel free to open a pull request, if you're lazy, just create an issue with label enhancement describing what you needed to do in order to fix it/ mention any resources you used.
If you still facing issues, you can create an issue with label help wanted and hope for the best :D
Use this as a last resort, search your favorite engine and read the manual instead.
Note: I used my Pi to compile the source, so I didn't need extra setup for targeting arm64.
It's a good idea to visit: https://www.openldap.org/doc
Select the version you have, and navigate to the Running configure manual.. for 2.6: https://www.openldap.org/doc/admin26/install.html#Running%20configure
This guide uses OpenLDAP 2.6.3 - If you're using a different version, you should check the steps here with the respective manual, and follow it along
This guide assumes:
- Source directory:
/src, change as you like - Output directory:
/opt/bitnami/openldap, DON'T CHANGE
⚠️ Changing the output directory will cause a runtime error
Mentioned in 3.1.1 Configure
The following packages are needed to compile OpenLDAP:
apt install -y build-essential libsasl2-dev libltdl-dev libevent-dev libltdl7 openssl libssl-dev libcrack2-dev libwrap0-dev libevent-devI'm not 100% sure on which packages exactly are needed to compile OpenLDAP,
Also, you might need extra packages based on your module/ overlay selection..
For example, if you want to authenticate with argon2, you'll need to install either libargon2-dev or libsodium-dev.
To see what packages you might need, we'll need the source and use the configure script..
Official repos can be checked @ openldap.org
cd /src
git clone https://git.openldap.org/openldap/openldap
cd openldap
In order to build OpenLDAP, we'll need to:
From the source directory, run:
# Displays information about the available options/ modules
./configure -h
Read through the displayed options and take a note of what you need for your installation.
For example, if you want to enable argon2 auth with libsodium as library, then you need to pass --enable-argon2 --with-argon2=libsodium to the configure script.
Play around with
configureand see if your args are correct by using the--no-createarg.. when added, theconfigurewill just check against your system and displays errors without writing any config/ cache files.You can always use
make cleanto remove your choices and start fresh.
--prefix=/opt/bitnami/openldapsets the installation output to/opt/bitnami/openldap(Required, literal)
⚠️ --prefix=/opt/bitnami/openldap is mandatory for this setup, basically the whole software will be installed in/opt/bitnami/openldapto be packaged later, this path MUST match the installation path in the container, which is/opt/bitnami/openldapper bitnami image.In the
configuresource I also found that this prefix is being used at runtime to find the slapd.conf file, not setting this correctly will successfully build the image but will cause runtime error:bind(8): errno=2 (No such file or directory)
CPPFLAGS="-I/opt/bitnami/openldap/include" LDFLAGS="-L/opt/bitnami/openldap/lib -Wl,-rpath,/opt/bitnami/openldap/lib"sets linker/ compiler flags to include the lib directory (Required, literal)
⚠️ Without this flag the binary will fail to locate lib files, and runtime errors such aslibldap-whatever.so.0: cannot open shared object file: No such file or directorywill occur.
--enable-modulesis required if you want to enable modules (Conditional)
Note: We maybe should use the original configure args used to build the OpenLDAP binary in the bitnami image, but I can't find it..
Use this command as a base command, append your modules/ overlays accordingly:
./configure --prefix=/opt/bitnami/openldap CPPFLAGS="-I/opt/bitnami/openldap/include" LDFLAGS="-L/opt/bitnami/openldap/lib -Wl,-rpath,/opt/bitnami/openldap/lib" --enable-modules --enable-slapi --enable-ldap --enable-mdb --with-tls=openssl --with-cyrus-saslThe configure command I used for testing is:
./configure --prefix=/opt/bitnami/openldap CPPFLAGS="-I/opt/bitnami/openldap/include" LDFLAGS="-L/opt/bitnami/openldap/lib -Wl,-rpath,/opt/bitnami/openldap/lib" --enable-modules --enable-slapi --with-tls=openssl --enable-dnssrv --enable-ldap --enable-mdb --enable-relay --enable-asyncmeta --enable-passwd --enable-null --enable-meta --enable-crypt --disable-cleartext --enable-valsort --enable-unique --enable-homedir --enable-accesslog --enable-dynlist --enable-dyngroup --enable-auditlog --enable-rwm --enable-ppolicy --enable-argon2 --with-argon2=libsodium --with-cyrus-saslThe last message should be Please "make depend" to build dependencies, which indicates a successful build configuration.. proceed to the next step
If configure failed, you need to review the errors, usually a module you specified and is not present in the machine, fixable by installing the missing package.
Consult the manual pages for the requirements in the Prerequisite software section, select your version here: https://www.openldap.org/doc.
As the message suggests, run the command:
make dependCheck for any errors/ warnings, you might need to adjust your configure command to accommodate..
Once done, we're good to build OpenLDAP!
Simply:
makeOnce done, you can test the compiled binaries with:
make testCheck the README file in
/testsfor more about running the tests...
Don't worry about non-configured failing tests.
Finally, install:
# Note the use of elevated privileges
sudo make install
This will install our binary and it's dependencies to the --prefix= folder we specified earlier with the configure command.. which should be --prefix=/opt/bitnami/openldap
In order to package OpenLDAP to use it in Bitnami's bitnami/openldap image, we need to match our built binaries paths with the original amd64 package, and provide it for the Dockerfile..
(Optional) To check the original package, download it from the original Dockerfile find the binary link here
Unzip it and examine the folders..
First, let's cd to the output directory:
cd /opt/bitnami/openldap
# If you're not running as root, you might need to change the folder permissions,
# change user:group to match your systems.
sudo chown user:group * -RYou should see a list of directories such as bin, etc etc... :D
- Move
ldap.conffrom./etc/openldapto./etc/
mv ./etc/openldap/ldap.conf ./etc/- Move
schemadirectory from./etc/openldapto./etc/
mv ./etc/openldap/schema ./etc/- Remove
./etc/openldapdirectory and it's content
rm -r ./etc/openldap- Add
certsfolder toetc:
mkdir ./etc/certs- Copy
slapd.ldifto./sharefrom either:- this repo
- Download the amd64 binary from the original Dockerfile find the binary link here, unzip it, and inspect
/files/openldap/share/you'll find theslapd.ldifin question
nano ./share/slapd.ldif- Create
slapddirectory in./var/run
mkdir ./var/run/slapdYour directory tree should look something like this:
# Files omitted for brevity
opt
└── bitnami
└── openldap
├── bin
├── etc
│ ├── certs
│ ├── ldap.conf
│ └── schema
├── include
├── lib
│ └── pkgconfig
├── libexec
│ └── openldap
├── sbin
├── share
│ └── slapd.ldif
└── var
└── run
We're ready to package it!
Let's now put it all together with tar:
# Change directory up so you are in the `/opt/bitnami` folder
# cd ..
# alternatively:
cd /opt/bitnami
# It's okay to choose your own package name
tar -cvzf openldap-2.6.3-linux-arm64.tar.gz openldapThis should output a single file (package), of which we will install in our bitnami/openldap image.
This guide still assumes:
- Source directory:
/srcchange as you like
In this step, we'll edit the Dockerfile of bitnami/openldap to use our own package.
Note: this can be done on a different host, in this guide, I used a Windows machine to do it, although it can be done on the pi
⚠️ If you used a Windows machine to modify and build the image, make sure yourgituseslfAppend line:
*.txt text eol=lfto.gitattributesfileOr globally:
git config --global core.eol lf git config --global core.autocrlf input
cd /src
git clone https://github.com/bitnami/containers.git
# Dive in, choose version
cd containers/bitnami/openldap/2.6/debian-11Let's first apply some important changes to the Dockerfile:
Changes are presented as diff
- Change the base image to use arm64 version instead:
-FROM docker.io/bitnami/minideb:bullseye
+FROM docker.io/bitnami/minideb:latest-arm64-
Replace
gosuwith arm64 version:Find a matching version on the official releases page
In this guide, we'll use v1.14.0 as per the Dockerfile:
- RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
- if [ ! -f gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz ]; then \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz -O ; \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz.sha256 -O ; \
- fi && \
- sha256sum -c gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz.sha256 && \
- tar -zxf gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
- rm -rf gosu-1.14.0-154-linux-${OS_ARCH}-debian-11.tar.gz
+ RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+ curl -SsLf https://github.com/tianon/gosu/releases/download/1.14/gosu-arm64 > gosu && \
+ mv gosu /opt/bitnamihttps://github.com/tianon/gosu/releases/download/1.14/gosu-arm64.asc is available as well.
- Modify the default environment variables to include
slapdbin and the libraries:
ENV APP_VERSION="2.6.3" \
BITNAMI_APP_NAME="openldap" \
- PATH="/opt/bitnami/openldap/bin:/opt/bitnami/openldap/sbin:/opt/bitnami/common/bin:$PATH"
+ PATH="/opt/bitnami/openldap/bin:/opt/bitnami/openldap/sbin:/opt/bitnami/common/bin:/opt/bitnami/openldap/lib:/opt/bitnami/openldap/libexec:/opt/bitnami/openldap/libexec/openldap:$PATH"- Optionally -for advanced use only- you can specify the UID:GID for the container user as follow:
EXPOSE 1389 1636
+RUN chown 1001:995 /opt/bitnami -R
-USER 1001
+USER 1001:995
⚠️ Editing the group id (
gid) requires extra change in the setup script.Mentioned in 5. Modify libopenldap.sh script
Where 1001 is the UID and 995 is the GID
Only single modification remains, which is how the image will get the OpenLDAP binaries we built
It's up to you on how to deliver it in the Dockerfile.. we'll cover two options, pick one:
- First, lets copy the package we built into the
/src/containers/bitnami/openldap/2.6/debian-11next to the Dockerfile:
cp /opt/bitnami/openldap-2.6.3-linux-arm64.tar.gz /src/containers/bitnami/openldap/2.6/debian-11
# scp can be used to transfer files between machines with ssh
# scp /opt/bitnami/openldap-2.6.3-linux-arm64.tar.gz username@host:/dir/on/host
# or the way around
# scp username@host:/opt/bitnami/openldap-2.6.3-linux-arm64.tar.gz dir/on/host- Apply Dockerfile changes:
- RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
- if [ ! -f openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz ]; then \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -O ; \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 -O ; \
- fi && \
- sha256sum -c openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 && \
- tar -zxf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
- rm -rf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz
+ COPY openldap-2.6.3-linux-arm64.tar.gz /
+ RUN mkdir /opt/bitnami/openldap && mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+ mv /openldap-2.6.3-linux-arm64.tar.gz . && \
+ tar -zxf openldap-2.6.3-linux-arm64.tar.gz -C /opt/bitnami --no-same-owner --wildcards '*/*' && \
+ rm -rf openldap-2.6.3-linux-arm64.tar.gzMake sure to change
openldap-2.6.3-linux-arm64.tar.gzto match your package name.
- Choose a desired local server (or computer), that can open ports
- Create a directory in
/var/www/htmlor any public dir - Place your packaged binary in the created dir
- Make sure the permissions are correct by giving anyone the ability to read
- Start your favorite http server in that directory, with external connections allowed, specifying the port
- Take a note of the local IP address and the port
todo: details missing
- Apply Dockerfile changes:
- RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
- if [ ! -f openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz ]; then \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -O ; \
- curl -SsLf https://downloads.bitnami.com/files/stacksmith/openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 -O ; \
- fi && \
- sha256sum -c openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz.sha256 && \
- tar -zxf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
- rm -rf openldap-2.5.13-5-linux-${OS_ARCH}-debian-11.tar.gz
+ RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+ curl -SsLf http://[your-package-host-ip]:[port]/public_folder/openldap-2.6.3-linux-arm64.tar.gz -O ; \
+ tar -zxf openldap-2.6.3-linux-arm64.tar.gz -C /opt/bitnami --no-same-owner && \
+ rm -rf openldap-2.6.3-linux-arm64.tar.gzMake sure to change
openldap-2.6.3-linux-arm64.tar.gzto match your package name.Also, change the package path (ip, port, folder etc..) to match your server ip.
localhostwon't work since this will be called from inside the container.
We need to make sure that our libs and slapd bin paths are exported while setup, this can be done by modifying libopenldap.sh file:
cd /src/containers/bitnami/openldap/2.6/debian-11/rootfs/opt/bitnami/scripts
# nano|vi|code|whatever libopenldap.sh
Make the following changes within ldap_env function:
ldap_env() {
cat << "EOF"
# Paths
...
+export LDAP_LIB_DIR="${LDAP_BASE_DIR}/lib:${LDAP_BASE_DIR}/libexec:${LDAP_BASE_DIR}/libexec/openldap"
...
-export PATH="${LDAP_BIN_DIR}:${LDAP_SBIN_DIR}:$PATH"
+export PATH="${LDAP_LIB_DIR}:${LDAP_BIN_DIR}:${LDAP_SBIN_DIR}:$PATH"Note: for debugging, you can also export
BITNAMI_DEBUG=truein this file, and useLDAP_LOGLEVEL=-1env in thedocker runcommand
The following change is required ONLY if you're using a different
gidfor the container:
ldap_create_online_configuration() {
info "Creating LDAP online configuration"
-! am_i_root && replace_in_file "${LDAP_SHARE_DIR}/slapd.ldif" "uidNumber=0" "uidNumber=$(id -u)"
+! am_i_root && replace_in_file "${LDAP_SHARE_DIR}/slapd.ldif" "uidNumber=0" "uidNumber=$(id -u)" && replace_in_file "${LDAP_SHARE_DIR}/slapd.ldif" "gidNumber=0" "gidNumber=$(id -g)"docker buildx use mybuilder
docker buildx build --progress=plain --no-cache --rm --push --platform linux/arm64 -t $(NAME):$(VERSION) -t $(NAME):latest .
Assuming you have Docker buildx
mybuilder, you can simply create one bydocker buildx create -name mybuilderChange
mybuilderto suit your preferences.Added
--progress=plainto see what errors might occur during scripts runningChange to suit your preferences.
Flag
--pushused to push the image to my registry.Consult buildx docs on how to load the image after building instead of pushing.
Flag
--platform linux/arm64specifies the architecture.Change to suit your needs.
Modify
NAMEandVERSIONto suit your needs.
Take notes of any errors/ warnings you might see, especially in RUN install_packages .. and RUN postunpack.sh commands..
Now, you can the use the newly built image tag instead of bitnami/openldap:latest, and pass the config you desire, for example:
docker run -d --name openldap -p 1636:1636 -p 1389:1389 -e "LDAP_ROOT=dc=mydomain,dc=com" -e LDAP_CONFIG_ADMIN_ENABLED=true -e LDAP_USER_DC=users -e TZ=Asia/Riyadh -e LDAP_ADMIN_USERNAME=admin -e "LDAP_ADMIN_PASSWORD=some-strong-pass" -e "LDAP_USERS=myuser" -e "LDAP_PASSWORDS=myuser-password" --mount type=bind,src=/openldap,dst=/bitnami/openldap/ docker.io/mghzawi/bitnami-openldap:latestReplace tag
docker.io/mghzawi/bitnami-openldap:latestwith the tag you chose earlier..
For more about the env vars you can pass to the container, consult with the official Bitnami README at Github, Docker Hub