docker部署openldap+phpldapadmin+gitlab
OpenLdap+PhpLdapaAmin部署
配置docker国内源
vim /etc/docker/daemon.json:
-----------------------------------------
{
"registry-mirrors" : [
"http://ovfftd6p.mirror.aliyuncs.com",
"http://registry.docker-cn.com",
"http://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
],
"insecure-registries" : [
"registry.docker-cn.com",
"docker.mirrors.ustc.edu.cn"
],
"debug" : true,
"experimental" : true
}
docker-compose.yml
version: '2.3'
services:
openldap:
image: osixia/openldap
container_name: openldap
environment:
- TZ=Asia/Shanghai
- LDAP_ORGANISATION=duanyiwen
- LDAP_DOMAIN=duanyiwen.com
- LDAP_ADMIN_PASSWORD=xxxxxx123
ports:
- 389:389
- 636:636
networks:
- ldapnet
command: [--copy-service, --loglevel, debug]
logging:
driver: json-file
options:
max-size: "10m"
max-file: "10"
php:
image: osixia/phpldapadmin
container_name: phpopenldap
environment:
- TZ=Asia/Shanghai
- PHPLDAPADMIN_HTTPS="false"
- PHPLDAPADMIN_LDAP_HOSTS=openldap
ports:
- 10004:80
networks:
- ldapnet
depends_on:
- openldap
links:
- openldap
logging:
driver: json-file
options:
max-size: "10m"
max-file: "10"
networks:
ldapnet:
name: ldap_network
- 登录账密
cn=admin,dc=duanyiwen,dc=com
xxxxxxx123
- 迁移或重启
注意关闭selinux
ldap概念介绍
关键字 | 英文全称 | 含义 |
---|
dc | Domain Component | 域名的部分,其格式是将完整的域名分成几部分,如域名为example.com变成dc=example,dc=com |
uid | User Id | 用户ID,如“tom” |
ou | Organization Unit | 组织单位,类似于Linux文件系统中的子目录,它是一个容器对象,组织单位可以包含其他各种对象(包括其他组织单元),如“market” |
cn | Common Name | 公共名称,如“Thomas Johansson” |
sn | Surname | 姓,如“Johansson” |
dn | Distinguished Name | 惟一辨别名,类似于Linux文件系统中的绝对路径,每个对象都有一个惟一的名称,如“uid= tom,ou=market,dc=example,dc=com”,在一个目录树中DN总是惟一的 |
rdn | Relative dn | 相对辨别名,类似于文件系统中的相对路径,它是与目录树结构无关的部分,如“uid=tom”或“cn= Thomas Johansson” |
c | Country | 国家,如“CN”或“US”等。 |
o | Organization | 组织名,如“Example, Inc.” |
- 组织大致结构
gitlab部署
version: '2'
services:
gitlab:
image: hub.xinluomed.com/gitlab-ce-zh:11.1.4
container_name: "gitlab"
tty: true
privileged: true
hostname: ${HOST_IP}
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
external_url ${GIT_HOST}
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "dyiwen@aliyun.com" #用自己的aliyun邮箱
gitlab_rails['smtp_password'] = "xxxxxxxxx"
gitlab_rails['smtp_domain'] = "aliyun.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'dyiwen@aliyun.com'
user['git_user_email'] = "dyiwen@aliyun.com"
gitlab_rails['gitlab_shell_ssh_port'] = 22000
nginx['listen_port'] = 80
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main:
lable: 'LDAP'
host: openldap
port: 389
uid: 'cn'
method: 'plain'
bind_dn: "cn=admin,dc=duanyiwen,dc=com"
password: 'xxxxxxxx'
allow_username_or_email_login: false
base: 'ou=People,dc=duanyiwen,dc=com'
attributes:
username: ['uid']
email: ['mail']
first_name: 'sn'
EOS
ports:
- '8080:80'
- '22000:22'
networks:
- git-net
volumes:
- /data/d-server/public/git/config:/etc/gitlab
- /data/d-server/public/git/data:/var/opt/gitlab
- /data/d-server/public/git/logs:/var/log/gitlab
networks:
git-net:
external:
name: ldap_network
version: '2'
services:
gitlab:
image: hub.xinluomed.com/gitlab-ce-zh:11.1.4
container_name: "gitlab"
restart: unless-stopped
tty: true
privileged: true
hostname: ${HOST_IP}
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
external_url ${GIT_HOST}
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "dyiwen@aliyun.com" #用自己的aliyun邮箱
gitlab_rails['smtp_password'] = "xxxxxxxx"
gitlab_rails['smtp_domain'] = "aliyun.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_from'] = 'dyiwen@aliyun.com'
user['git_user_email'] = "dyiwen@aliyun.com"
gitlab_rails['gitlab_shell_ssh_port'] = 22000
nginx['listen_port'] = 80
ports:
- '8080:80'
- '22000:22'
volumes:
- /data/d-server/public/git/config:/etc/gitlab
- /data/d-server/public/git/data:/var/opt/gitlab
- /data/d-server/public/git/logs:/var/log/gitlab