Konga面板接入LDAP踩坑实战

version: '3.7'

services:
  konga:
    image: pantsel/konga
    container_name: konga
    restart: always
    environment:
      - KONGA_AUTH_PROVIDER=${KONGA_AUTH_PROVIDER}
      - KONGA_LDAP_HOST=${KONGA_LDAP_HOST}
      - KONGA_LDAP_BIND_DN=${KONGA_LDAP_BIND_DN}
      - KONGA_LDAP_BIND_PASSWORD=${KONGA_LDAP_BIND_PASSWORD}
      - KONGA_LDAP_USER_SEARCH_BASE=${KONGA_LDAP_USER_SEARCH_BASE}
      - KONGA_LDAP_USER_SEARCH_FILTER=${KONGA_LDAP_USER_SEARCH_FILTER}
      - KONGA_LDAP_USER_ATTRS=${KONGA_LDAP_USER_ATTRS}
      - KONGA_LDAP_GROUP_SEARCH_BASE=${KONGA_LDAP_GROUP_SEARCH_BASE}
      - KONGA_LDAP_GROUP_SEARCH_FILTER=${KONGA_LDAP_GROUP_SEARCH_FILTER}
      - KONGA_LDAP_GROUP_ATTRS=${KONGA_LDAP_GROUP_ATTRS}
      - KONGA_ADMIN_GROUP_REG=${KONGA_ADMIN_GROUP_REG}
      - KONGA_LDAP_ATTR_USERNAME=${KONGA_LDAP_ATTR_USERNAME}
      - KONGA_LDAP_ATTR_FIRSTNAME=${KONGA_LDAP_ATTR_FIRSTNAME}
      - KONGA_LDAP_ATTR_LASTNAME=${KONGA_LDAP_ATTR_LASTNAME}
      - KONGA_LDAP_ATTR_EMAIL=${KONGA_LDAP_ATTR_EMAIL}
    ports:
      - 1337:1337
    volumes:
      - ${KONGA_DATA:-kong}:/app/kongadata

环境变量 .env内容如下：

# Dashboard 目录映射
KONGA_DATA=./konga_data

# LDAP 配置文件
KONGA_AUTH_PROVIDER=ldap
KONGA_LDAP_HOST=ldap://localhost:5031
KONGA_LDAP_BIND_DN=cn=admin,dc=test,dc=com
KONGA_LDAP_BIND_PASSWORD=password
KONGA_LDAP_USER_SEARCH_BASE=dc=test,dc=com
KONGA_LDAP_USER_SEARCH_FILTER=(|(uid={{username}})(sAMAccountName={{username}}))
KONGA_LDAP_USER_ATTRS=uid,uidNumber,givenName,sn,mail
KONGA_LDAP_GROUP_SEARCH_BASE=dc=test,dc=com
KONGA_LDAP_GROUP_SEARCH_FILTER=(|(memberUid={{uid}})(memberUid={{uidNumber}})(sAMAccountName={{uid}}))
KONGA_LDAP_GROUP_ATTRS=member,cn,dn,ou
KONGA_ADMIN_GROUP_REG=^(konga|admin)$
KONGA_LDAP_ATTR_USERNAME=uid
KONGA_LDAP_ATTR_FIRSTNAME=givenName
KONGA_LDAP_ATTR_LASTNAME=sn
KONGA_LDAP_ATTR_EMAIL=mail

值得注意的地方是通过上述文件就可以搭建起konga面板，同时也可以用ldap的用户进行登录，但是此时是无法用konga的管理员账号进行登录，此外还需要特别的设置。

需要通过ldap管理工具创建posixGroup类型的组，并将需要登录的管理员账号加入到该组中即可。