1、安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2 //安装docker依赖包
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo //配置国内阿里云镜像仓库,解决镜像下载慢的问题。
yum install docker-ce docker-ce-cli containerd.io //安装docker-ce服务
systemctl start docker //启动docker命令
systemctl enable docker //添加到开机启动项2、拉取openldap与phpldapadmin镜像到本地
docker pull osixia/openldap
docker pull osixia/phpldapadmin3、运行镜像,启动openldap
1)、通过docker run命令运行openldap
docker run \
-d \
-p 389:389 \
-p 636:636 \
-v /usr/local/ldap:/usr/local/ldap \
-v /data/openldap/ldap:/var/lib/ldap \
-v /data/openldap/slapd.d:/etc/ldap/slapd.d \
--env LDAP_ORGANISATION="nedy" \
--env LDAP_DOMAIN="nedy.com" \
--env LDAP_ADMIN_PASSWORD="nedy123" \
--name openldap \
--hostname openldap-host\
--network bridge \
osixia/openldap注释如下:
-v /data/openldap/ldap:/var/lib/ldap:将数据持久化到本地
其中 -p 389:389 \ TCP/IP 访问端口,-p 636:636 \ SSL 连接端口。
--name your_ldap 自行设置容器名称
--network bridge 连接默认的 bridge 网络(docker0)
--hostname openldap-host 设置容器主机名称为 openldap-host
--env LDAP_ORGANISATION="nedy" 配置 LDAP 组织名称
--env LDAP_DOMAIN="nedy.com" 配置 LDAP 域名
--env LDAP_ADMIN_PASSWORD="nedy123" 配置 LDAP 密码
默认登录用户名:admin
查看openldap版本
# docker exec -it 5e2cc091b67f slapd -V
@(#) $OpenLDAP: slapd 2.4.57+dfsg-1~bpo10+1 (Jan 30 2021 06:59:51) $
Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4、运行镜像,启动phpldapadmin
通过docker run命令运行osixia/phpldapadmin
docker run \
-d \
--privileged \
-p 8080:80 \
--name ldapadmin \
--env PHPLDAPADMIN_HTTPS=false \
--env PHPLDAPADMIN_LDAP_HOSTS=xx.xx.xx.xx \
--detach osixia/phpldapadmin注释如下:
-d 分离模式启动容器
--privileged 特权模式启动(使用该参数,container内的root拥有真正的root权限。否则,container内的root只是外部的一个普通用户权限。)
--env PHPLDAPADMIN_HTTPS=false 禁用HTTPS
--env PHPLDAPADMIN_LDAP_HOSTS =xx.xx.xx.xx 配置openLDAP的IP或者域名
5、登录
通过访问phpldapadmin管理地址http://xx.xx.xx.xx:8080 进行登录与管理
点击login进行登录,
Login DN:cn=admin,dc=nedy,dc=com
Password:nedy1236、配置
首先要新建 Organisational Unit、Generic(组织单位),在该组织下新建Posix Group(默认用户组),然后再新建 User Account(用户帐户),按照顺序依次创建即可。
选择:Create a child entry,按顺序创建
如新建组织单位:ops,用户组:Users,用户帐户:rivalv, 密码:123456@qw如下图:
此时该用户的dn为cn=rivalv,ou=People,dc=nedy,dc=com如果想使用uid来识别用户可以在界面中rename修改用户的dn。
为该用户添加新的属性Add new attribute,如添加Email,输入用户邮箱即可
选择邮箱,输入邮箱地址
7,slapcat查询
[root@aliyuan-ops-01 ~]# docker exec -it 9e05b69b72ea slapcat -v
# id=00000001
dn: dc=nedy,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: nedy
structuralObjectClass: organization
entryUUID: 1c300e7e-588d-103c-8772-5143870169d9
creatorsName: cn=admin,dc=nedy,dc=com
createTimestamp: 20220425024236Z
o: Server cn
entryCSN: 20220426015544.098594Z#000000#000#000000
modifiersName: cn=admin,dc=nedy,dc=com
modifyTimestamp: 20220426015544Z
# id=0000000a
dn: ou=People,dc=nedy,dc=com
objectClass: organizationalUnit
objectClass: top
structuralObjectClass: organizationalUnit
entryUUID: cf5c56fe-58c6-103c-8770-4b5b8f901765
creatorsName: cn=admin,dc=nedy,dc=com
createTimestamp: 20220425093538Z
ou: People
entryCSN: 20220426015838.234595Z#000000#000#000000
modifiersName: cn=admin,dc=nedy,dc=com
modifyTimestamp: 20220426015838Z
# id=0000000c
dn: ou=Group,dc=nedy,dc=com
ou: Group
objectClass: organizationalUnit
objectClass: top
structuralObjectClass: organizationalUnit
entryUUID: 39debd90-594f-103c-8775-4b5b8f901765
creatorsName: cn=admin,dc=nedy,dc=com
createTimestamp: 20220426015208Z
entryCSN: 20220426015208.582659Z#000000#000#000000
modifiersName: cn=admin,dc=nedy,dc=com
modifyTimestamp: 20220426015208Z
# id=0000000d
dn: cn=Users,ou=People,dc=nedy,dc=com
cn: Users
gidNumber: 500
objectClass: posixGroup
objectClass: top
structuralObjectClass: posixGroup
entryUUID: 7b2563b6-5950-103c-8776-4b5b8f901765
creatorsName: cn=admin,dc=nedy,dc=com
createTimestamp: 20220426020107Z
entryCSN: 20220426020107.594296Z#000000#000#000000
modifiersName: cn=admin,dc=nedy,dc=com
modifyTimestamp: 20220426020107Z
# id=0000000e
dn: uid=tonglv,ou=People,dc=nedy,dc=com
givenName: tong
sn: lv
cn: tonglv
uid: tonglv
userPassword:: e01ENX1VZnM3ek5lYUhIS25VejBaU0NJeFlBPT0=
uidNumber: 1000
gidNumber: 500
homeDirectory: /home/users/tonglv
loginShell: /bin/bash
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
structuralObjectClass: inetOrgPerson
entryUUID: 9cd614ce-5950-103c-8777-4b5b8f901765
creatorsName: cn=admin,dc=nedy,dc=com
createTimestamp: 20220426020204Z
mail: tonglv@livemood.net
entryCSN: 20220426021236.689026Z#000000#000#000000
modifiersName: cn=admin,dc=nedy,dc=com
modifyTimestamp: 20220426021236Z
# id=0000000f
dn: cn=rivalv,ou=People,dc=nedy,dc=com
givenName: riva
sn: lv
cn: rivalv
uid: rivalv
userPassword:: e01ENX1VZnM3ek5lYUhIS25VejBaU0NJeFlBPT0=
uidNumber: 1001
gidNumber: 500
homeDirectory: /home/users/rivalv
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
structuralObjectClass: inetOrgPerson
entryUUID: 71a49ba8-5951-103c-8778-4b5b8f901765
creatorsName: cn=admin,dc=nedy,dc=com
createTimestamp: 20220426020801Z
entryCSN: 20220426020801.147551Z#000000#000#000000
modifiersName: cn=admin,dc=nedy,dc=com
modifyTimestamp: 20220426020801Z8, OpenLDAP自助修改或重置密码服务Self Service Password
Docker部署LDAP自助密码服务self-service-password
下载镜像
docker pull grams/ltb-self-service-password下载配置文件config.inc.php:
wget https://raw.githubusercontent.com/grams/docker-LTB-self-service-password/master/assets/config.inc.php
修改config.inc.php中的内容:
$ldap_url = "ldap://192.168.61.100:389";
$ldap_binddn = "cn=manager,dc=frognew,dc=com";
$ldap_bindpw = "password of manager";
$ldap_base = "dc=frognew,dc=com";
$hash = "SSHA";
$pwd_min_length = 8;
$pwd_max_length = 12;
$pwd_min_lower = 1;
$pwd_min_upper = 1;
$pwd_min_digit = 1;
$use_questions = false;
$mail_from = "xxx@163.com";
$notify_on_change = true;
$mail_smtp_host = 'smtp.163.com';
$mail_smtp_auth = true;
$mail_smtp_user = 'xxx@163.com';
$mail_smtp_pass = 'smtppass';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$use_sms = false;运行容器
docker run -p 8765:80 -d \
-v ~/config.inc.php:/usr/share/self-service-password/conf/config.inc.php \
--name ldap-ssp \
grams/ltb-self-service-password