ldap 服务
password=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12`
docker run \
-d -p 389:389 -p 636:636 \
--name ldap-service \
--restart=always \
--hostname openldap \
-v /opt/docker-data/slapd/database:/var/lib/ldap \
--volume /opt/docker-data/slapd/config:/etc/ldap/slapd.d \
--env LDAP_ORGANISATION="abc.com" \
--env LDAP_DOMAIN="abc.com" \
--env LDAP_BASE_DN="dc=abc,dc=com" \
--env LDAP_ADMIN_PASSWORD=$password \
osixia/openldap:latest
echo "passwod: $password" > openldap.txt
ldap管理端
web工具
docker run -p 6443:443 \
--name ldapadmin \
--link ldap-service:ldap \
--env PHPLDAPADMIN_LDAP_HOSTS=ldap \
--detach osixia/phpldapadmin:0.9.0
window工具
http://www.ldapadmin.org/
自助修改密码
## docker-compose.yml 自助密码
version: "3"
services:
self-service-password:
container_name: self-service-password
image: tiredofit/self-service-password:latest
restart: always
ports:
- 8096:80
environment:
- LDAP_SERVER=ldap://172.16.1.198:389
- LDAP_BINDDN=cn=admin,dc=abc,dc=com
- LDAP_BINDPASS=cSyWvLRUMaLc
- LDAP_BASE_SEARCH=dc=abc,dc=com
- MAIL_FROM=ops@xxx.com
- SMTP_DEBUG=0
- SMTP_HOST=smtp.larksuite.com
- SMTP_USER=ops@xxx.com
- SMTP_PASS=xxxxxx
- SMTP_PORT=465
- SMTP_SECURE_TYPE=ssl
- SMTP_AUTH_ON=true
volumes:
- /etc/localtime:/etc/localtime
- /data/openldap/self-service-password/htdocs:/www/ssp
- /data/openldap/self-service-password/logs:/www/logs
deploy:
resources:
limits:
memory: 2G
reservations:
memory: 512M
# 启动
docker-compose up -d
接入LDAP
gitlab
/etc/gitlab/gitlab.rb
gitlab_rails['ldap_enabled'] = true
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: ' GitLab LDAP'
host: '10.0.0.200'
port: 389
uid: 'uid'
method: 'plain' # "start_tls" or "simple_tls" or "plain"
bind_dn: 'CN=admin,DC=huored,DC=com'
password: 'XXX密码'
base: 'DC=huored,DC=com'
EOS
jumpserver
jenkins
