随笔分类

马宝技术贴(2)

1、YAML文件编辑

vim docker-compose.yml

#version: "2.28.1"
services:
  ldap:
    image: osixia/openldap
    container_name: openldap
    hostname: openldap
    restart: always
    ports:
      - 389:389
    volumes:
      - ldapconfig:/etc/ldap/slapd.d
      - ldapdata:/var/lib/ldap
      - ldapit:/var/lib/openldap/openldap-data
    environment:
      LDAP_ORGANISATION: "accelecom.local"
      LDAP_DOMAIN: "accelecom.local"
      LDAP_BASE_DN: "dc=accelecom,dc=local"
      LDAP_ADMIN_PASSWORD: "123456"
    networks:
      - openldap-network

  ldapadmin:
    image: osixia/phpldapadmin
    container_name: phpldapadmin
    hostname: phpldapadmin
    restart: always
    ports:
      - 8080:80
    depends_on:
      - ldap
    environment:
      PHPLDAPADMIN_HTTPS: "false"
      PHPLDAPADMIN_LDAP_HOSTS: openldap
    networks:
      - openldap-network

volumes:
  ldaphost:
  ldapconfig:
    driver_opts:
       type: none
       o: bind
       device: /home/ldap/openldap/slapd.d
  ldapdata:
    driver_opts:
       type: none
       o: bind
       device: /home/ldap/openldap/ldap
  ldapit:
    driver_opts:
       type: none
       o: bind
       device: /home/ldap/openldap
networks:
  openldap-network:
    driver: bridge

2、常用命令

备份用户数据

ldapsearch -LLL -w $passwd -x -H ldap://$IP -D  "cn=admin,dc=XXX,dc=XXX"  -b  "dc=XXX,dc=XXX"  > bak-ldap.ldif

恢复用户数据

ldapadd -x -H ldap://$IP:389 -D "cn=admin,dc=XXX,dc=XXX" -w $passwd -f bak-ldap.ldif

修改管理员密码

#修改admin密码
1、进入openldap容器
[root@cd67 ~]# docker exec -it e4b6b630cd02 /bin/bash

2、检查数据库
root@e4b6b630cd02:~# ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW
dn: olcDatabase={0}config,cn=config
olcRootDN: cn=admin,cn=config
olcRootPW: {SSHA}fXyDNsKUXYNkpnXWV55DJgJLIkibpd8m

dn: olcDatabase={1}mdb,cn=config
olcRootDN: cn=admin,dc=accelecom,dc=local
olcRootPW: {SSHA}Wy9XHbkG/CkQeraA2wigoyGrBV+9M9sy

3、使用slappasswd生成新密码
root@e4b6b630cd02:~# slappasswd -s Yy19880922!
{SSHA}4Lo7h3ii1zjEGiwD55JrIDT/qxV3BI+h

4、新开新终端编辑配置文件
[root@cd67 ~]# cat newpasswd.ldif 
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}4Lo7h3ii1zjEGiwD55JrIDT/qxV3BI+h

5、拷贝配置文件至容器
[root@cd67 ~]# docker cp /root/newpasswd.ldif e4b6b630cd02:/etc/ldap/slapd.d/
Successfully copied 2.05kB to e4b6b630cd02:/etc/ldap/slapd.d/

6、ldapmodify修改条目
root@e4b6b630cd02:/etc/ldap/slapd.d# ldapmodify -H ldapi:// -Y EXTERNAL -f newpasswd.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}mdb,cn=config"

ldap客户端配置

yum install -y openldap-clients nss-pam-ldapd authconfig
authconfig-tui
systemctl restart nslcd
systemctl enable nslcd

vim /etc/pam.d/sshd
session    required     pam_mkhomedir.so

docker-compose相关命令

[root@cd67 openldap]# docker-compose up -d
[+] Running 3/3
✔ Network openldap_openldap-network  Created            0.1s
✔ Container openldap                 Started            0.4s
✔ Container phpldapadmin             Started            0.6s      

[root@cd67 openldap]# docker-compose stop
[+] Stopping 2/2
 ✔ Container phpldapadmin            Stopped            0.5s                                                                                                                        
 ✔ Container openldap                Stopped            0.2s  
[root@cd67 openldap]# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                   CREATED         STATUS                     PORTS                NAMES
d47335d170a3   osixia/phpldapadmin   "/container/tool/run"     3 minutes ago   Exited (0) 8 seconds ago                        phpldapadmin
4eb4b716277b   osixia/openldap       "/container/tool/run"     3 minutes ago   Exited (0) 7 seconds ago                        openldap

[root@cd67 openldap]# docker-compose start
[+] Running 2/2
 ✔ Container openldap                Started            0.3s                                                                                                                                                                                            
 ✔ Container phpldapadmin            Started            0.3s                                                                                                                                                                                           
[root@cd67 openldap]# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                   CREATED         STATUS         PORTS                           NAMES
d47335d170a3   osixia/phpldapadmin   "/container/tool/run"     6 minutes ago   Up 6 seconds   443/tcp, 0.0.0.0:8080->80/tcp   phpldapadmin
4eb4b716277b   osixia/openldap       "/container/tool/run"     6 minutes ago   Up 6 seconds   0.0.0.0:389->389/tcp, 636/tcp   openldap

[root@cd67 openldap]# docker-compose down
[+] Running 3/3
 ✔ Container phpldapadmin             Removed           0.6s                                                                                                                                                                                 
 ✔ Container openldap                 Removed           0.2s                                                                                                                                                                                 
 ✔ Network openldap_openldap-network  Removed           0.0s                                                                                                                                                                                 
[root@cd67 openldap]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                   CREATED       STATUS       PORTS                NAMES

posted on 2024-07-17 15:15 马宝阅读(65) 评论(0) 编辑收藏举报

刷新页面返回顶部

（评论功能已被禁用）

相关博文：

· docker-compose启动Ldap+web管理+自助密码修改

· Docker-compose 安装 LDAP+phpLDAPadmin

· Docker-compose部署ldap

· 1.openldap部署及配置

· docker安装openldap

阅读排行：
· 震惊！C++程序真的从main开始吗？99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码？零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾（3.3-3.9）
· winform 绘制太阳，地球，月球运作规律

导航

随笔分类