8
openldap docker-compose快速启动以及常见操作
source link: https://blog.51cto.com/linyingyong/5765467
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
openldap docker-compose快速启动以及常见操作
精选 原创docker-compose
version: '2'
networks:
my-network:
driver: bridge
services:
openldap:
image: bitnami/openldap:2
ports:
- '389:1389'
- '636:1636'
environment:
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=xxxxxxxxxx
- LDAP_USERS=linyingyong,user02
- LDAP_PASSWORDS=xxxxxxxx,pas3word2422223
- LDAP_ROOT=dc=iyunw,dc=cn
# - LDAP_PORT_NUMBER=389
# - LDAP_LDAPS_PORT_NUMBER=636
networks:
- my-network
volumes:
- './openldap_data:/bitnami/openldap'
phpldapadmin:
container_name: phpldapadmin
image: osixia/phpldapadmin:0.9.0-amd64
restart: always
links:
- openldap
depends_on:
- openldap
ports:
- 8099:80
volumes:
- /etc/localtime:/etc/localtime
environment:
- PHPLDAPADMIN_LDAP_HOSTS=10.0.20.5 # 修改这个
- PHPLDAPADMIN_HTTPS=false
networks:
- my-network
networks:
my-network:
driver: bridge
services:
openldap:
image: bitnami/openldap:2
ports:
- '389:1389'
- '636:1636'
environment:
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=xxxxxxxxxx
- LDAP_USERS=linyingyong,user02
- LDAP_PASSWORDS=xxxxxxxx,pas3word2422223
- LDAP_ROOT=dc=iyunw,dc=cn
# - LDAP_PORT_NUMBER=389
# - LDAP_LDAPS_PORT_NUMBER=636
networks:
- my-network
volumes:
- './openldap_data:/bitnami/openldap'
phpldapadmin:
container_name: phpldapadmin
image: osixia/phpldapadmin:0.9.0-amd64
restart: always
links:
- openldap
depends_on:
- openldap
ports:
- 8099:80
volumes:
- /etc/localtime:/etc/localtime
environment:
- PHPLDAPADMIN_LDAP_HOSTS=10.0.20.5 # 修改这个
- PHPLDAPADMIN_HTTPS=false
networks:
- my-network
ldapsearch -h iyunw.cn -p 389 -x -b "dc=iyunw,dc=cn" -D "cn=admin,dc=iyunw,dc=cn" -w "123456" > back.ldif
参数说明:
-h: ldap主机
-p: ldap端口
-x:进行简单的验证
-D:用来绑定服务器的DN
-w:绑定DN的密码
-b:要查询的根节点
admin账号要有"dc=iyunw,dc=cn"的查询权限
参数说明:
-h: ldap主机
-p: ldap端口
-x:进行简单的验证
-D:用来绑定服务器的DN
-w:绑定DN的密码
-b:要查询的根节点
admin账号要有"dc=iyunw,dc=cn"的查询权限
恢复(界面或者命令)
ldapadd -x -c -D "cn=admin,dc=iyunw,dc=cn" -w "smile" -f ldap.ldif
参数说明:
-c:出错后继续执行程序不终止,默认出错即停止
-f:从文件内读取信息还原,而不是标准输入
还原的DN最好为管理员账号,至少也要有要LDAP的写入权限
参数说明:
-c:出错后继续执行程序不终止,默认出错即停止
-f:从文件内读取信息还原,而不是标准输入
还原的DN最好为管理员账号,至少也要有要LDAP的写入权限
关闭匿名用户查询
新建一个文件disablenoauth.ldif
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon
dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
--------------------------------------
登录容器后执行 ldapadd -Y EXTERNAL -H ldapi:/// -f disablenoauth.ldif
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon
dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
--------------------------------------
登录容器后执行 ldapadd -Y EXTERNAL -H ldapi:/// -f disablenoauth.ldif
- 打赏
- 赞
- 收藏
- 评论
- 分享
- 举报
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK