docker-compose启动Ldap+web管理+自助密码修改
前言
本文提供使用docker-compose快速搭建Ldap的一套方案。
包括三个部分:
1)openldap :ldap本尊
2)phpldapadmin:一个管理服务,可以在web上管理ldap
3)self-service-password:用户自助修改密码服务
1. openldap
1.1 yaml文件
version: '3' services: ldap: image: osixia/openldap:1.3.0 ports: - "389:389" - "636:636" volumes: - ./ldap:/var/lib/ldap - ./slapd.d:/etc/ldap/slapd.d restart: always
说明:
- 两个目录必须同时挂载出来。
原因:如果只挂载出数据目录 /var/lib/ldap。再次启动容器的时候,程序会发现配置文件的目录里没有文件,于是开始初始化,但是又发现数据目录中有数据了,因此会报错。坑的是报错说数据目录找不到~~~~。如果两个都挂载出来,启动的时候程序发现配置文件目录中文件有了,便不进行初始化了。
- 389 是业务端口,客户端链接的时候使用这个端口
1.2 配置的说明
- 默认配置
dn : dc=example,dc=org
admin : cn=admin,dc=example,dc=org
password : admin
登陆使用 cn=admin,dc=example,dc=org/ admin
- 输出配置的命令
docker exec -it ldap_ldap_1 ldapsearch -x -H ldap://localhost:389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
输出内容
# extended LDIF # # LDAPv3 # base <dc=example,dc=org> with scope subtree # filter: (objectclass=*) # requesting: ALL # # example.org dn: dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: Example Inc. dc: example # admin, example.org dn: cn=admin,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9VGpERTFMN1FuZGJDT3pKT0poQnhnQnNxRDN6QTV5WFE= # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
2. phpldapadmin
- yml文件
version: '3' phpldapadmin: container_name: phpldapadmin image: osixia/phpldapadmin:0.9.0 ports: - "8080:80" environment: - PHPLDAPADMIN_HTTPS="false" - PHPLDAPADMIN_LDAP_HOSTS=openldap links: - openldap depends_on: - openldap
- 启动
- 登陆
登陆使用 cn=admin,dc=example,dc=org/ admin
3. self-service-password
说明:用户自助修改密码服务
- docker-compose.yml
version: '3' services: openldap: image: kadimasolutions/self-service-password container_name: self-service-password ports: - "80:80" volumes: - ./config.inc.php:/var/www/html/conf/config.inc.php restart: always
- 配置文件
./config.inc.php
<?php #============================================================================== # LTB Self Service Password # # Copyright (C) 2009 Clement OUDOT # Copyright (C) 2009 LTB-project.org # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # GPL License: http://www.gnu.org/licenses/gpl.txt # #============================================================================== #============================================================================== # All the default values are kept here, you should not modify it but use # config.inc.local.php file instead to override the settings from here. #============================================================================== #============================================================================== # Configuration #============================================================================== # Debug mode # true: log and display any errors or warnings (use this in configuration/testing) # false: log only errors and do not display them (use this in production) $debug = false; # LDAP #此处修改server的信息 $ldap_url = "ldap://10.10.xxx.xxx:389"; $ldap_starttls = false; $ldap_binddn = "cn=admin,dc=example,dc=org"; $ldap_bindpw = "admin"; # 以下是server的架构里要修改密码的用户所在组织 $ldap_base = "ou=智能物联首席技术官组织,dc=example,dc=org"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))"; #修改121行 ,配置用户修改权限,使用user则需要在ldap中开启用户修改权限,使用admin,则给予用户在此服务使用的权限 。 # Who changes the password? # Also applicable for question/answer save # user: the user itself # manager: the above binddn $who_change_password = "admin"; #修改231行 $keyphrase = "secret";中 secret 为其它字符,最好超过6个不常用字符。 $keyphrase = "liubei@2021"; #设置密码复杂度,可以不修改。 # Local password policy # This is applied before directory password policy # Minimal length ##最小8位最大30位 $pwd_min_length = 8; # Maximal length $pwd_max_length = 30; ##大小写和数字都最少有一个 # Minimal lower characters $pwd_min_lower = 1; # Minimal upper characters $pwd_min_upper = 1; # Minimal digit characters $pwd_min_digit = 1; # Minimal special characters $pwd_min_special = 0; # Definition of special characters $pwd_special_chars = "^a-zA-Z0-9"; # Forbidden characters #$pwd_forbidden_chars = "@%"; # Don't reuse the same password as currently $pwd_no_reuse = true; # Check that password is different than login $pwd_diff_login = true; # Complexity: number of different class of character required $pwd_complexity = 0; # Show policy constraints message: # always # never # onerror $pwd_show_policy = "never"; # Position of password policy constraints message: # above - the form # below - the form $pwd_show_policy_pos = "above";
posted on 2022-09-26 20:49 运维开发玄德公 阅读(403) 评论(0) 编辑 收藏 举报 来源
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了