Json2Ldap with Docker
The evaluation version of Json2Ldap is now also available as a Docker image.
1. Docker quick start
If Docker isn’t installed on your computer you can find instructions here. The Community Edition (CE) is sufficient to run a Json2Ldap instance.
The provided Docker image includes the required Java runtime and an Apache Tomcat web server with Json2Ldap installed as the sole application in it.
To run the Json2Ldap evaluation version in a Docker container:
-
Pull the latest image from Docker Hub
Where [version] is the latest available listed in the c2id Docker repository.
docker pull c2id/json2ldap-demo:[version]
-
Run a container with the Json2Ldap image
Replace host_port with an available port on your host:
docker run -p host_port:8080 --network host c2id/json2ldap-demo:[version]
The Json2Ldap configuration can be overridden with Java system properties passed via the CATALINA_OPTS environment variable into the container:
docker run -p host_port:8080 -e CATALINA_OPTS='-Dprop-name-1=value -Dprop-name-2=value' c2id/c2id-server:[version]
The CATALINA_OPTS environment variable can alternatively be stored in a text file passed via the
--env-file
switch. -
Verify
Verify that the Json2Ldap service is up by opening its banner page with a web browser:
-
Play
Check out the quick start guide.
When done the container can be terminated with
Ctrl + C
.
2. Docker file
The Docker file used to build the demo image of Json2Ldap:
# Use latest Tomcat 10.1.x with Java 17 on Ubuntu 24.04 LTS (Noble)
FROM tomcat:10.1.41-jdk17-temurin-noble
# Label the maintainer
LABEL maintainer="support@connect2id.com"
# Update Ubuntu packages
RUN apt-get update && \
apt-get upgrade -y --no-install-recommends && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Create non-root Tomcat user and group
RUN groupadd -r tomcat && useradd -r -g tomcat tomcat
# Define environment variables
ENV CATALINA_HOME=/usr/local/tomcat
ENV PATH=$CATALINA_HOME/bin:$PATH
ENV KEYSTORE_PATH=$CATALINA_HOME/conf/keystore.jks
ENV KEYSTORE_PASS_FILE=$CATALINA_HOME/conf/keystore-password.txt
# Create a Java keystore with a self-signed certificate for HTTPS in it, then
# configure Tomcat for HTTPS with the certificate
RUN set -eux; \
# Generate a random password for the keystore
KEYSTORE_PASSWORD="$(openssl rand -base64 16)"; \
echo "$KEYSTORE_PASSWORD" > "$KEYSTORE_PASS_FILE"; \
\
# Create the Java keystore
keytool -genkeypair \
-alias tomcat \
-keyalg RSA \
-keysize 2048 \
-validity 730 \
-keystore "$KEYSTORE_PATH" \
-storepass "$KEYSTORE_PASSWORD" \
-keypass "$KEYSTORE_PASSWORD" \
-dname "CN=localhost"; \
\
# Make the keystore files owned by Tomcat
chown tomcat:tomcat "$KEYSTORE_PATH" "$KEYSTORE_PASS_FILE"; \
chmod 640 "$KEYSTORE_PATH" "$KEYSTORE_PASS_FILE"; \
\
# Insert HTTPS connector into server.xml
sed -i '/<!-- A "Connector" using the shared thread pool-->/ i\
<Connector port="8443" \
protocol="org.apache.coyote.http11.Http11NioProtocol" \
SSLEnabled="true" \
maxThreads="150" \
scheme="https" \
secure="true"> \
<SSLHostConfig protocols="TLSv1.3"> \
<Certificate \
certificateKeystoreFile="conf/keystore.jks" \
certificateKeystorePasswordFile="conf/keystore-password.txt" \
type="RSA" /> \
</SSLHostConfig> \
</Connector>' \
"$CATALINA_HOME/conf/server.xml"; \
\
# Hide Tomcat version in Tomcat status and error pages
mkdir -p "$CATALINA_HOME/lib/org/apache/catalina/util"; \
\
echo 'server.info=' >> "$CATALINA_HOME/lib/org/apache/catalina/util/ServerInfo.properties"
# Change ownership of Tomcat files
RUN chown -R tomcat:tomcat /usr/local/tomcat
# Copy the Json2Ldap WAR as the root (/) web application
COPY war/eval/json2ldap.war /usr/local/tomcat/webapps/ROOT.war
# Direct Json2Ldap logging to STDOUT
ENV CATALINA_OPTS="$CATALINA_OPTS -Dlog4j.loggers.root.appender=console"
# Tomcat binds on port 8080 for HTTP and 8443 for HTTPS
EXPOSE 8080 8443
# Health check
HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -f http://localhost:8080/ || exit 1
# Switch to non-root user
USER tomcat
# Start Tomcat
CMD ["catalina.sh", "run"]