Wren:DS is an LDAPv3 compliant directory service, which has been developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes Wren:DS the simplest, fastest directory to deploy and manage.

Wren:DS is one of the projects in the Wren Security Suite, a community initiative that adopted open‐source projects formerly developed by ForgeRock, which has its own roots in Sun Microsystems’ products.

You can run Wren:DS through this command:

docker run --rm --name wrends-test -p 1389:1389 -p 1636:1636 wrensecurity/wrends:latest

Then you can perform base LDAP search request through this command:

docker exec -it wrends-test ldapsearch --port 1389 --bindDN "cn=Directory Manager" --bindPassword password --baseDN dc=example,dc=com "(objectClass=*)"

Alternatively you can connect to the server through your favorite directory browser (e.g. Apache Directory Studio) using the following properties:

• hostname –⁠ localhost
• port –⁠ 1389 (LDAP) or 1636 (LDAPS)
• user –⁠ cn=Directory Manager
• password –⁠ password

Wren:DS instance can be configured through the following predefined environment properties:

There is a couple of ways how to initialize empty Wren:DS directory.

Custom data can be imported at first run through LDIF files. These LDIF files must be mounted to the container's directory /opt/wrends/bootstrap/init.

Local file 01-data.ldif can be imported at first run through this command:

docker run --rm --name wrends-test -p 1389:1389 -p 1636:1636 -v "$(pwd)/01-data.ldif":/opt/wrends/bootstrap/init/01-data.ldif wrensecurity/wrends:latest

You can perform advanced Wren:DS directory configuration through custom bash scripts. These bash script files must be mounted to the container's directory /opt/wrends/bootstrap/init. You can use any Wren:DS binary (e.g. dsconfig) or any predefined environment variable within bash script.

Local file 01-replication.sh can be processed at first run through this command:

docker run --rm --name wrends-test -p 1389:1389 -p 1636:1636 -v "$(pwd)/01-replication.sh":/opt/wrends/bootstrap/init/01-replication.sh wrensecurity/wrends:latest

You can enhance base Wren:DS directory schema through LDIF files. These LDIF files must be mounted to the container's directory /opt/wrends/template/config/schema.

Local file 50-schema.ldif can be processed at first run through this command:

docker run --rm --name wrends-test -p 1389:1389 -p 1636:1636 -v "$(pwd)/50-schema.ldif":/opt/wrends/template/config/schema/50-schema.ldif wrensecurity/wrends:latest

Wren:DS will generate self-signed certificate for LDAPS at first run when using default configuration (see option --generateSelfSignedCertificate). You can use your own certificate through environment variable SSL_OPTIONS.

Below is complete example how to use your own certificate (also self-signed):

// 1. Ensure that exist local directory 'security'
// 2. Generate RSA key
keytool \
  -genkey \
  -alias server-cert \
  -keyalg rsa \
  -ext "san=dns:example.com" \
  -dname "CN=example.com,DC=wrensecurity,DC=org" \
  -keystore security/keystore \
  -storepass changeit \
  -keypass changeit

// 3. Run Wren:DS with custom SSL options
docker run --rm --name wrends-test -p 1389:1389 -p 1636:1636 -v "$(pwd)/security":/opt/wrends/security -e SSL_OPTIONS="--usePkcs12keyStore /opt/wrends/security/keystore --keyStorePassword changeit" wrensecurity/wrends:latest

List of all available SSL options can be found in Utils class.

Large portions of the source code are based on the open-source projects previously released by:

• Sun Microsystems
• ForgeRock

We'd like to thank them for supporting the idea of open-source software.

Please note that the acknowledged parties are not affiliated with this project. Their trade names, product names and trademarks should not be used to refer to the Wren Security products, as it might be considered an unfair commercial practice.

Wren Security is open source and always will be.