LDAP统一认证服务

LDAP统一认证服务

#docker#linux

我们在开始介绍之前先来看几个问题:

1. 我们日常的办公系统是不是有多个?

2. 每个系统之间是不是都有独立的账号密码?

3. 密码多了,有时候半天想不起来哪个密码对应哪个系统?

4. 每次新项目的开发,都需要重新开发和维护一套用户密码?

5. 维护多套系统的用户是不是非常头疼?

So,如今大家再也不用为上面的的问题头疼了,因为“LDAP统一认证服务”已经帮助大家解决这些问题了。

 

 

部署

通过docker-compose部署,

1.创建目录

mkdir -p /data/ldap/{certs,etc,ldif,lib,schema}

2.编写docker-compose文件

vim /data/ldap/docker-compose.yml

version: '3'
services:
  master:
    image: osixia/openldap:latest
    ports:
    - 389:389/tcp
    - 636:636/tcp
    environment:
      LDAP_ORGANISATION: zzzz-inc
      LDAP_BASE_DN: "dc=zzzz-inc, dc=cn"
      LDAP_DOMAIN: zzzz-inc.cn
      LDAP_ADMIN_PASSWORD: password
      LDAP_RFC2307BIS_SCHEMA: 'true'
      LDAP_REMOVE_CONFIG_AFTER_SETUP: 'true'
      LDAP_TLS_VERIFY_CLIENT: nerver
      LDAP_TLS: 'false'
    hostname: ldap.zzzz-inc.cn
    volumes:
    - /data/ldap/lib:/var/lib/ldap
    - /data/ldap/etc:/etc/ldap/slapd.d
    - /data/ldap/certs:/container/service/slapd/assets/certs
    - /data/ldap/schema:/etc/ldap/schema
    - /data/ldap/ldif:/ldif
    privileged: true
    restart: on-failure

3.运行启动

cd /data/ldap/docker-compose up -d

附:+管理工具的docker-compose

version: '3'
services:
  master:
    image: osixia/openldap:latest
    ports:
    - 389:389/tcp
    - 636:636/tcp
    environment:
      LDAP_ORGANISATION: zzz-inc
      LDAP_BASE_DN: "dc=zzzz-inc, dc=cn"
      LDAP_DOMAIN: zzzz-inc.cn
      LDAP_ADMIN_PASSWORD: password
      LDAP_RFC2307BIS_SCHEMA: 'true'
      LDAP_REMOVE_CONFIG_AFTER_SETUP: 'true'
      LDAP_TLS_VERIFY_CLIENT: nerver
      LDAP_TLS: 'false'
    hostname: ldap.zzzz-inc.cn
    volumes:
    - /data/ldap/lib:/var/lib/ldap
    - /data/ldap/etc:/etc/ldap/slapd.d
    - /data/ldap/certs:/container/service/slapd/assets/certs
    - /data/ldap/schema:/etc/ldap/schema
    - /data/ldap/ldif:/ldif
    privileged: true
    restart: on-failure
  admin:
    image: wheelybird/ldap-user-manager:latest
    environment:
      SERVER_HOSTNAME: 172.16.1.1
      LDAP_URI: ldap://172.16.1.1
      PHPLDAPADMIN_LDAP_HOSTS: 172.16.1.1
      LDAP_BASE_DN: "dc=zzzz-inc,dc=cn"
      LDAP_ADMINS_GROUP: admins
      NO_HTTPS: 'TRUE'
      LDAP_ADMIN_BIND_DN: "cn=admin, dc=zzzz-inc, dc=cn"
      LDAP_ADMIN_BIND_PWD: 
      LDAP_IGNORE_CERT_ERRORS: 'true'
      SMTP_HOSTNAME: smtp.exmail.qq.com
      SMTP_HOST_PORT: 465
      SMTP_PASSWORD: 
      SMTP_USERNAME: 
      SMTP_USE_TLS: 1
      SITE_NAME: 账号系统
    ports:
    - 80:80
    - 443:443
  padmin:
    image: osixia/phpldapadmin
    environment:
      SERVER_HOSTNAME: ldap-admin.zcsy-inc.cn
      LDAP_URI: ldap://172.16.1.1
      PHPLDAPADMIN_LDAP_HOSTS: 172.16.1.1
      LDAP_BASE_DN: "dc=zcsy-inc, dc=cn"
      LDAP_ADMINS_GROUP: admins
      LDAP_ADMIN_BIND_DN: "cn=admin, dc=zzzz-inc, dc=cn"
      LDAP_ADMIN_BIND_PWD: 
      LDAP_IGNORE_CERT_ERRORS: 'true'
      SMTP_HOSTNAME: smtp.exmail.qq.com
      SMTP_HOST_PORT: 465
      SMTP_PASSWORD: 
      SMTP_USERNAME: 
      SMTP_USE_TLS: 1
      SITE_NAME: 账号系统
    ports:
    - 11666:443
 
posted @ 2023-09-06 16:47  Charlottexss  阅读(109)  评论(0)    收藏  举报