docker方式运行openldap,对接 redmine

拿来的轮子跑起来 https://github.com/osixia/docker-openldap
调整下挂载和必要的 base dn 等参数

cat docker-compose.yml

version: '2'
services:
  openldap:
    image: osixia/openldap:1.2.1
    container_name: openldap
    environment:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: "YunMao"
      LDAP_DOMAIN: "yunmao.org"
      LDAP_BASE_DN: "yunmao.org"
      LDAP_ADMIN_PASSWORD: "admin"
      LDAP_CONFIG_PASSWORD: "config"
      LDAP_READONLY_USER: "false"
      #LDAP_READONLY_USER_USERNAME: "readonly"
      #LDAP_READONLY_USER_PASSWORD: "readonly"
      LDAP_RFC2307BIS_SCHEMA: "false"
      LDAP_BACKEND: "mdb"
      LDAP_TLS: "false"
      #LDAP_TLS_CRT_FILENAME: "ldap.crt"
      #LDAP_TLS_KEY_FILENAME: "ldap.key"
      #LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
      #LDAP_TLS_ENFORCE: "false"
      #LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
      #LDAP_TLS_PROTOCOL_MIN: "3.1"
      #LDAP_TLS_VERIFY_CLIENT: "demand"
      LDAP_REPLICATION: "false"
      #LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
      #LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
      #LDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
      KEEP_EXISTING_CONFIG: "false"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
      LDAP_SSL_HELPER_PREFIX: "ldap"
    tty: true
    stdin_open: true
    volumes:
      - /data/docker/openldap/ldap:/var/lib/ldap
      - /data/docker/openldap/slapd.d:/etc/ldap/slapd.d
    ports:
      - "389:389"
      - "636:636"
    domainname: "ldap.yunmao" # important: same as hostname
    hostname: "ldap.yunmao"
  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
      PHPLDAPADMIN_HTTPS: "false"
    ports:
      - "8100:80"
    volumes:
      - /data/docker/openldap/phpldapadmin.yaml:/container/environment/01-custom/env.yaml
    depends_on:
      - openldap

docker-composer -f ./docker-composer.yml up -d

对接 redmine 3.4.x 系统时
官方说明 login 为 uid,我改为了 mail,以利于多个子公司不同邮箱域名区别

对接 freeradius 时走验证没问题,但如果是 vpn 对接 radius 认证,虽然 ldap 存为明文但vpn走 l2tp-ipsec 方式还是验证不成功 🙁

发表评论

电子邮件地址不会被公开。 必填项已用*标注