目標(biāo)
利用 docker 快速搭建一套企業(yè)用戶目錄夷都,包含 OpenLDAP、PhpLdapAdmin
知識(shí)儲(chǔ)備
- docker
- docker-compose
- LDAP
快速開始
編寫 docker-compose.yaml
version: '2'
services:
ldap-openldap:
container_name: ldap-openldap
image: dinkel/openldap # 如果拉取速度很慢穴亏,可以換成 registry.cn-hangzhou.aliyuncs.com/bxwill/openldap
restart: always
ports:
- "389:389"
environment:
- SLAPD_PASSWORD=opendevops # 自定義 admin 的密碼
- SLAPD_DOMAIN=qualitysphere.github.io # 自定義 LDAP 的域名褪储,admin 賬號(hào)即 cn=admin,dc=qualitysphere,dc=github,dc=io
volumes:
- ./ldap/db:/var/lib/ldap
- ./ldap/config:/etc/ldap
ldap-phpldapadmin:
container_name: ldap-phpldapadmin
image: dinkel/phpldapadmin # 如果拉取速度很慢寝蹈,可以換成 registry.cn-hangzhou.aliyuncs.com/bxwill/phpldapadmin
restart: always
ports:
- "8080:80"
environment:
- LDAP_SERVER_HOST=ldap-openldap # 使用 compose 啟動(dòng)容器,可以直接使用服務(wù)名
啟動(dòng)容器
docker-compose -f docker-compose.yaml up -d
該命令會(huì)自動(dòng)拉取鏡像侄非,然后運(yùn)行容器在后臺(tái)蕉汪。
Creating network "ldap_default" with the default driver
Pulling ldap-openldap (registry.cn-hangzhou.aliyuncs.com/bxwill/openldap:)...
latest: Pulling from bxwill/openldap
3e731ddb7fc9: Pull complete
13c25f64fb95: Pull complete
ea04acf4d1c7: Pull complete
698e147b1a14: Pull complete
785315087f01: Pull complete
Digest: sha256:eab96e00fb6c61bc62b31d4be3374bd7135d2d28f8258444bb54f2ec33bc171d
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/bxwill/openldap:latest
Pulling ldap-phpldapadmin (registry.cn-hangzhou.aliyuncs.com/bxwill/phpldapadmin:)...
latest: Pulling from bxwill/phpldapadmin
2bb30e6532d8: Pull complete
4f4fb700ef54: Pull complete
356a56dc0f33: Pull complete
7297012dc270: Pull complete
e50d050ecbcb: Pull complete
1d90d6cb6813: Pull complete
4b4db6a38010: Pull complete
a19943242af0: Pull complete
70fe1e7e8823: Pull complete
65ea61459158: Pull complete
193cb54f7ff2: Pull complete
f66701481e0d: Pull complete
af6fb5a4e30d: Pull complete
b00e580e6cd0: Pull complete
b38050511c0b: Pull complete
Digest: sha256:eb3a89ebd1b9a6b1f7db7b416b0d5a97fed9b1d23c09dd8b31893bb7ec342a49
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/bxwill/phpldapadmin:latest
Creating ldap-openldap ... done
Creating ldap-phpldapadmin ... done
檢查服務(wù)
docker-compose -f docker-compose.yaml ps
狀態(tài)都為 Up 即說明容器運(yùn)行正常:
Name Command State Ports
----------------------------------------------------------------------------------
ldap-openldap /entrypoint.sh slapd -d 32 ... Up 0.0.0.0:389->389/tcp
ldap-phpldapadmin /bootstrap.sh /run.sh Up 0.0.0.0:8080->80/tcp
登錄 LDAP
在瀏覽器中輸入主機(jī) IP 加 8080 端口流译,可以訪問到如下界面:
通過自定義的 admin 賬號(hào)和密碼登錄 OpenLDAP:
點(diǎn)擊左側(cè)欄的 Create new entry here 進(jìn)入模板列表:
選擇一個(gè)模板填入信息即可創(chuàng)建:
自定義用戶模板
在實(shí)際工作中,模板其實(shí)不需要這么多者疤,通常會(huì)定制一個(gè)適合自己場(chǎng)景的模板福澡。
比如定制一個(gè)更輕量的用戶賬號(hào)模板:
該模板采用 xml 編寫,上圖的模板 xml 如下:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE template SYSTEM "template.dtd">
<template>
<askcontainer>1</askcontainer>
<description>Open DevOps Account</description>
<icon>ldap-user.png</icon>
<invalid>0</invalid>
<rdn>cn</rdn>
<!--<regexp>^ou=People,o=.*,</regexp>-->
<title>OpenDevOps: Account</title>
<visible>1</visible>
<objectClasses>
<objectClass id="inetOrgPerson"></objectClass>
</objectClasses>
<attributes>
<attribute id="cn">
<display>Common Name</display>
<icon>ldap-uid.png</icon>
<order>1</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
<attribute id="sn">
<display>Last name</display>
<order>2</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
<attribute id="uid">
<display>User Name</display>
<order>3</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
<attribute id="mail">
<display>Email</display>
<icon>mail.png</icon>
<value>@qualitysphere.github.io</value>
<order>4</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
<attribute id="displayName">
<display>Display Name</display>
<order>5</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
<attribute id="mobile">
<display>Mobile</display>
<icon>phone.png</icon>
<order>6</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
<attribute id="userPassword">
<display>Password</display>
<default>opendevops</default>
<order>7</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
</attributes>
</template>
將其放入 PhpLdapAdmin 模板目錄:
docker cp ldap/templates/myTemplate.xml ldap-phpldapadmin:/etc/phpldapadmin/templates/creation/
再次刷新模板列表頁面即可看到它被加載:
或者直接掛載模板目錄驹马,使得模板列表中只顯示自定義的模板革砸,頁面更簡(jiǎn)潔,修改 docker-compose.yaml 中的最后兩行窥翩,添加定義 ldap-phpldapadmin 的掛載目錄:
version: '2'
services:
ldap-openldap:
container_name: ldap-openldap
image: dinkel/openldap # 如果拉取速度很慢业岁,可以換成 registry.cn-hangzhou.aliyuncs.com/bxwill/openldap
restart: always
ports:
- "389:389"
environment:
- SLAPD_PASSWORD=opendevops # 自定義 admin 的密碼
- SLAPD_DOMAIN=qualitysphere.github.io # 自定義 LDAP 的域名,admin 賬號(hào)即 cn=admin,dc=qualitysphere,dc=github,dc=io
volumes:
- ./ldap/db:/var/lib/ldap
- ./ldap/config:/etc/ldap
ldap-phpldapadmin:
container_name: ldap-phpldapadmin
image: dinkel/phpldapadmin # 如果拉取速度很慢寇蚊,可以換成 registry.cn-hangzhou.aliyuncs.com/bxwill/phpldapadmin
restart: always
ports:
- "8080:80"
environment:
- LDAP_SERVER_HOST=ldap-openldap # 使用 compose 啟動(dòng)容器笔时,可以直接使用服務(wù)名
volumes:
- ./ldap/templates:/etc/phpldapadmin/templates/creation/ # 掛載自定義模板目錄
重新運(yùn)行 docker-compose 命令:
docker-compose -f docker-compose.yaml up -d
ldap-phpldapadmin 容器會(huì)自動(dòng)重新創(chuàng)建:
ldap-openldap is up-to-date
Recreating ldap-phpldapadmin ... done
再次訪問 PhpLdapAdmin 頁面,需要重新登錄仗岸,登錄后點(diǎn)擊創(chuàng)建鏈接進(jìn)如模板列表頁面允耿,只會(huì)看到自己定義的模板:
