2024-11-01 - 统一身份认证 - OpenLdap - 中间件 - 流雨声

摘要

2024-11-01 周五 杭州 暴雨

小记: 。。。

课程内容

OpenLDAP是轻型目录访问协议(Lightweight Directory Access Protocol,LDAP)

为了验证 OpenLDAP 快速接入系统的能力,并验证其功能,本文通过 docker 部署并验证其能力。

安装部署

  • Ldap 服务端
docker run \
    -d \
    -p 389:389 \
    -p 636:636 \
    -v /usr/local/ldap:/usr/local/ldap \
    -v /data/openldap/ldap:/var/lib/ldap \
    -v /data/openldap/slapd.d:/etc/ldap/slapd.d \
    --env LDAP_ORGANISATION="Manager" \
    --env LDAP_DOMAIN="aces.com" \
    --env LDAP_ADMIN_PASSWORD="123456" \
    --name openldap \
    --hostname openldap-host\
    --network bridge \
    harbor.jianmucloud.com:30003/docker-repo/openldap
  • Ldap 客户端
docker run \
    -p 10001:80 \
    --privileged \
    --name phpldapadmin \
    --env PHPLDAPADMIN_HTTPS=false \
    --env PHPLDAPADMIN_LDAP_HOSTS=192.168.200.101  \
    --detach harbor.jianmucloud.com:30003/docker-repo/phpldapadmin

访问应用

  • Web 使用
Login DN:cn=admin,dc=aces,dc=com
Password:123456

  • 桌面版使用

跳板堡垒机

version: '3.0'
services:
  jms_mysql:
    image: harbor.jianmucloud.com:30003/docker-repo/mariadb:10.6
    container_name: jms_mysql
    restart: always
    environment:
      MARIADB_DATABASE: jumpserver
      MARIADB_ROOT_PASSWORD: devops666
    healthcheck:
      test: "mysql -h127.0.0.1 -uroot -pdevops666 -e 'SHOW DATABASES;'"
      interval: 10s
      timeout: 5s
      retries: 3
    volumes:
      - ./data-mysql:/var/lib/mysql
    networks:
      - devopsnetwork

  jms_redis:
    image: harbor.jianmucloud.com:30003/docker-repo/redis:6.2
    container_name: jms_redis
    restart: always
    command: redis-server --requirepass devops666
    environment:
      REDIS_PASSWORD: devops666
    healthcheck:
      test: "redis-cli -h 127.0.0.1 -a devops666 info Replication"
      interval: 10s
      timeout: 5s
      retries: 3
    volumes:
      - ./data-redis:/data
    networks:
      - devopsnetwork
      
  jms_server:
    container_name: jms_all
    restart: always
    image: harbor.jianmucloud.com:30003/docker-repo/jms_all:v3.8.1
    volumes:
      - ./data-server/core/data:/opt/jumpserver/data # Core 持久化目录, 存储录像日志
      - ./data-server/koko/data:/opt/koko/data # Koko 持久化目录
      - ./data-server/lion/data:/opt/lion/data # Lion 持久化目录
      - ./data-server/magnus/data:/opt/magnus/data # Magnus 持久化目录
      - ./data-server/kael/data:/opt/kael/data # Kael 持久化目录
      - ./data-server/chen/data:/opt/chen/data # Chen 持久化目录
      - ./data-server/web/log:/var/log/nginx # Nginx 日志持久化目录
    privileged: true
    environment:
      - SECRET_KEY=2FsdGVkX19mzMum9dqqphTCNpm9dqqphTCNpm9dqqphTCNpm9dqqphTCNpm9dqqphTCNpm9dqqphTCNpm9dqqphTCNpCPV
      - BOOTSTRAP_TOKEN=m9dqqphTCNpm9dqqphTCNpm9dqqphTCNp 
      - LOG_LEVEL=ERROR
      - REDIS_HOST=jms_redis
      - REDIS_PORT=6379
      - REDIS_PASSWORD=devops666
      - DB_HOST=jms_mysql
      - DB_PORT=3306
      - DB_USER=root
      - DB_NAME=jumpserver
      - DB_PASSWORD=devops666
      - DOMAINS=jumpserver.devops.test.com,192.168.200.101:10081
    ports:
      - '10081:80'
    networks:
      - devopsnetwork

networks:
  devopsnetwork:
    external: true
  • 网站访问

说明: 默认账户和密码,admin/admin,登陆后需要更改密码。

总结

至此,通过 LDAP 创建的用户信息已经导入到了系统中,可以基于 LDAP 导入的用户实现资源配置操作。

URL1: https://www.cnblogs.com/regit/p/17853032.html
URL2: https://blog.csdn.net/yhl18931306541/article/details/128253735
URL3: https://juejin.cn/post/7299357175444095027

posted @ 2024-11-01 21:30  流雨声  阅读(12)  评论(0编辑  收藏  举报