搭建Ldap
大约 2 分钟
docker 搭建 Ldap 相关服务
docker-compose.yml
version: "3"
services:
openldap:
image: osixia/openldap:1.5.0
container_name: openldap
privileged: true
restart: always
environment:
- TZ="Asia/Shanghai"
- LDAP_ORGANISATION=txra
- LDAP_DOMAIN=txra.com
- LDAP_ADMIN_PASSWORD=123456
ports:
- 389:389
- 636:636
volumes:
- ./data/openldap/slapd:/etc/ldap/slapd.d
- ./data/openldap/data:/var/lib/ldap
phpldapadmin:
image: osixia/phpldapadmin:0.9.0
container_name: phpldapadmin
privileged: true
restart: always
environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap
- PHPLDAPADMIN_HTTPS=false
links:
- openldap:openldap
depends_on:
- openldap
ports:
- 8081:80
volumes:
- ./data/phpldapadmin:/var/www/phpldapadmin
self-service-password:
container_name: ldap-password
image: tiredofit/self-service-password:5.1.2
restart: always
ports:
- 8082:80
links:
- openldap:openldap
depends_on:
- openldap
environment:
- LDAP_SERVER=openldap
- LDAP_BINDDN=cn=admin,dc=example,dc=com
- LDAP_BINDPASS=123456
- LDAP_BASE_SEARCH=dc=example,dc=com
- MAIL_FROM=dev_blog@163.com
- SMTP_DEBUG=0
- SMTP_HOST=smtp.163.com
- SMTP_USER=dev_blog@163.com
- SMTP_PASS=OCETSTXMGJHZWOID
- SMTP_PORT=465
- SMTP_SECURE_TYPE=ssl
- SMTP_AUTH_ON=true
volumes:
- /etc/localtime:/etc/localtime
- ./data/ldap-password/ssp:/www/ssp
- ./data/ldap-password/logs:/www/logs
deploy:
resources:
limits:
memory: 2G
reservations:
memory: 512M
org.ldif
dn:o=organize,dc=example,dc=com
objectclass:top
objectclass:organization
o:organize
description:所在组织
dn:ou=company,o=organize,dc=example,dc=com
objectclass:top
objectclass:organizationalUnit
ou:company
description:所在的单位
dn: ou=Roles,ou=company,o=organize,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Roles
description:角色节点
dn:cn=dev,ou=company,o=organize,dc=example,dc=com
objectclass:posixGroup
objectclass:top
cn:dev
gidNumber:500
description:研发部
dn:cn=test,ou=company,o=organize,dc=example,dc=com
objectclass:posixGroup
objectclass:top
cn:test
gidNumber:501
description:测试部
dn: uid=zhangsan,cn=dev,ou=company,o=organize,dc=example,dc=com
cn: zhangsan
displayname: zhangsan
gidnumber: 500
givenname: zhangsan
homedirectory: zhangsan
mail: zhangsan@163.com
objectclass: posixAccount
objectclass: top
objectclass: inetOrgPerson
sn: zhangsan
uid: zhangsan
uidnumber: 1000
userpassword: 123456
dn: uid=wangwu,cn=test,ou=company,o=organize,dc=example,dc=com
cn: wangwu
displayname: wangwu
gidnumber: 501
givenname: wangwu
homedirectory: wangwu
mail: wangwu@163.com
objectclass: posixAccount
objectclass: top
objectclass: inetOrgPerson
sn: wangwu
uid: wangwu
uidnumber: 1001
userpassword: 123456
dn: cn=jira, ou=Roles,ou=company,o=organize,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: jira
ou: Roles
description: 用于jira登录
uniqueMember: uid=zhangsan,cn=dev,ou=company,o=organize,dc=example,dc=com
uniqueMember: uid=wangwu,cn=test,ou=company,o=organize,dc=example,dc=com
########################
## 免费Windows LDAP客户端和管理工具:http://www.ldapadmin.org/download/ldapadmin.html
## http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
## https://ldapwiki.com/wiki/ObjectClass
## 自主密码修改:https://self-service-password.readthedocs.io/en/latest/
## 自主密码修改:https://github.com/ltb-project/self-service-password
########################
# Ldap服务
docker pull osixia/openldap:1.5.0
# Ldap web管理界面
docker pull osixia/phpldapadmin:0.9.0
# Ldap用户自助修改密码
docker pull tiredofit/self-service-password:5.1.2
# 创建挂载目录
rm -rf ./data/
mkdir -p ./data/openldap/{slapd,data}
mkdir -p ./data/phpldapadmin
mkdir -p ./data/ldap-password/{ssp,logs}
# 启动docker docker-compose.yml文件在上面
# 管理员 账号:cn=admin,dc=example,dc=org 密码:123456
docker-compose up -d
# 访问 http://localhost:8081(web管理) 和 http://localhost:8081 (自主修改密码)
# 导入组织和用户
docker cp org.ldif openldap:/opt/
docker exec -it openldap ldapadd -x -D "cn=admin,dc=example,dc=com" -w 123456 -f /opt/org.ldif
# 搜索数据
#docker exec -it openldap ldapsearch -x -H ldap://localhost -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -w 123456
# 搜索用户 后面通过phpldapadmin界面创建用户再搜索
#docker exec -it openldap ldapsearch -H ldapi:/// -b "dc=example,dc=com" "(uid=zhangsan)" -D "cn=admin,dc=example,dc=com" memberOf -w 123456
# 查看openldap服务下的dn配置都有哪些
#docker exec openldap ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn
#docker exec openldap ldapsearch -LLL -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -b "dc=example,dc=com" "(ou=*)"