{"id":1009,"date":"2021-04-07T09:44:43","date_gmt":"2021-04-07T01:44:43","guid":{"rendered":"https:\/\/www.linuxdevops.cn\/?p=1009"},"modified":"2021-04-07T11:05:12","modified_gmt":"2021-04-07T03:05:12","slug":"docker-compose-deploys-openldap-phpldapadm-ssp","status":"publish","type":"post","link":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/","title":{"rendered":"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1"},"content":{"rendered":"<h2>\u4ecb\u7ecd<\/h2>\n<p>\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u4e09\u53e5\u8bdd\u5feb\u901f\u7684\u8ba4\u8bc6\u4e00\u4e0bLDAP\uff1a<\/p>\n<ol>\n<li>LDAP\uff1aLightweight Directory Access Protocol\uff0c\u8f7b\u91cf\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\u3002<\/li>\n<li>LDAP\u670d\u52a1\u662f\u4e00\u4e2a\u4e3a\u53ea\u8bfb\uff08\u67e5\u8be2\u3001\u6d4f\u89c8\u3001\u641c\u7d22\uff09\u8bbf\u95ee\u800c\u4f18\u5316\u7684\u975e\u5173\u7cfb\u578b\u6570\u636e\u5e93\uff0c\u5448\u6811\u72b6\u7ed3\u6784\u7ec4\u7ec7\u6570\u636e\u3002<\/li>\n<li>LDAP\u4e3b\u8981\u7528\u505a\u7528\u6237\u4fe1\u606f\u67e5\u8be2\uff08\u5982\u90ae\u7bb1\u3001\u7535\u8bdd\u7b49\uff09\u6216\u5bf9\u5404\u79cd\u670d\u52a1\u8bbf\u95ee\u505a\u540e\u53f0\u8ba4\u8bc1\u4ee5\u53ca\u7528\u6237\u6570\u636e\u6743\u9650\u7ba1\u63a7\u3002<\/li>\n<\/ol>\n<p><strong>\u540d\u8bcd\u89e3\u91ca<\/strong><\/p>\n<ul>\n<li>DC\uff1adomain component\u4e00\u822c\u4e3a\u516c\u53f8\u540d\uff0c\u4f8b\u5982\uff1adc=163,dc=com<\/li>\n<li>OU\uff1aorganization unit\u4e3a\u7ec4\u7ec7\u5355\u5143\uff0c\u6700\u591a\u53ef\u4ee5\u6709\u56db\u7ea7\uff0c\u6bcf\u7ea7\u6700\u957f32\u4e2a\u5b57\u7b26\uff0c\u53ef\u4ee5\u4e3a\u4e2d\u6587<\/li>\n<li>CN\uff1acommon name\u4e3a\u7528\u6237\u540d\u6216\u8005\u670d\u52a1\u5668\u540d\uff0c\u6700\u957f\u53ef\u4ee5\u523080\u4e2a\u5b57\u7b26\uff0c\u53ef\u4ee5\u4e3a\u4e2d\u6587<\/li>\n<li>DN\uff1adistinguished name\u4e3a\u4e00\u6761LDAP\u8bb0\u5f55\u9879\u7684\u540d\u5b57\uff0c\u6709\u552f\u4e00\u6027\uff0c\u4f8b\u5982\uff1adc:\u201dcn=admin,ou=developer,dc=163,dc=com\u201d<\/li>\n<\/ul>\n<p><strong>\u56fe\u5f62\u793a\u4f8b<\/strong><\/p>\n<p>\u4e0a\u8fb9\u6765\u4e86\u4e00\u5806\u7684\u540d\u8bcd\u89e3\u91ca\uff0c\u770b\u7684\u4e91\u91cc\u96fe\u91cc\uff0c\u8fd8\u4e0d\u662f\u5f88\u660e\u767d\uff0c\u600e\u4e48\u8ddf\u81ea\u5df1\u7684\u7ec4\u7ec7\u67b6\u6784\u5bf9\u5e94\u8d77\u6765\u5462\uff1f\u770b\u770b\u4e0b\u8fb9\u7684\u56fe\u662f\u4e0d\u662f\u6e05\u6670\u660e\u4e86<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/1.png\" alt=\"\" \/><br \/>\n<a href=\"https:\/\/wandouduoduo.github.io\/articles\/543cefa7.html\">\u8c4c\u8c46\u591a\u591a<\/a><\/p>\n<h2>\u90e8\u7f72<\/h2>\n<h3>docker-compose \u90e8\u7f72\u670d\u52a1<\/h3>\n<pre><code class=\"language-yaml\">services:\n#openladp \u670d\u52a1\n  openldap:\n    image: tiredofit\/openldap:7.1.14\n    container_name: ldap-service\n    ports:\n      - 389:389\n      - 636:636\n    volumes:\n      - .\/backup:\/data\/backup\n      - .\/data:\/var\/lib\/openldap\n      - .\/config:\/etc\/openldap\/slapd.d\n      - .\/certs:\/certs\n    environment:\n      - HOSTNAME=ldap-service\n      - ORGANIZATION=\u725b\u903c\u514b\u62c9\u65af\u6709\u9650\u516c\u53f8\n      - LOG_LEVEL=256\n      - DOMAIN=ldap.example.com\n      - ADMIN_PASS=123456\n      - CONFIG_PASS=123456\n      - DEBUG_MODE=FALSE\n\n      - ENABLE_READONLY_USER=FALSE\n      - READONLY_USER_USER=reader\n      - READONLY_USER_PASS=reader\n\n      - ENABLE_TLS=FALSE\n      - TLS_CRT_FILENAME=cert.pem\n      - TLS_KEY_FILENAME=key.pem\n      - TLS_ENFORCE=FALSE\n      - TLS_CIPHER_SUITE=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA\n      - TLS_VERIFY_CLIENT=never\n      - SSL_HELPER_PREFIX=ldap\n\n      - ENABLE_REPLICATION=FALSE\n      - REPLICATION_CONFIG_SYNCPROV=binddn=&quot;cn=config&quot; bindmethod=simple credentials=&quot;admin&quot; searchbase=&quot;cn=config&quot; type=refreshAndPersist retry=&quot;5 5 60 +&quot; timeout=1 filter=&quot;(!(objectclass=olcGlobal))&quot;\n      - REPLICATION_DB_SYNCPROV=binddn=&quot;cn=admin,dc=example,dc=org&quot; bindmethod=simple credentials=&quot;admin&quot; searchbase=&quot;dc=example,dc=org&quot; type=refreshAndPersist interval=00:00:00:10 retry=&quot;5 5 60 +&quot; timeout=1\n      - REPLICATION_HOSTS=ldap:\/\/ldap1.example.com ldap:\/\/ldap2.example.com ldap:\/\/ldap3.example.com\n      - REMOVE_CONFIG_AFTER_SETUP=false\n\n      - ENABLE_BACKUP=TRUE\n      - BACKUP_INTERVAL=0400\n      - BACKUP_RETENTION=10080\n    networks:\n      - ldapnetworks\n    restart: always\n\n# ldap \u7ba1\u7406\u7aef\n  phpldapadmin:\n    image: osixia\/phpldapadmin:0.9.0\n    container_name: phpldapadmin-service\n    ports:\n      - 6680:80\n    environment:\n      - TZ=Asia\/Shanghai\n      - PHPLDAPADMIN_HTTPS=&quot;false&quot;\n      - PHPLDAPADMIN_LDAP_HOSTS=ldap-service\n    networks:\n      - ldapnetworks\n    restart: always\n\n#ldap \u81ea\u52a8\u5bc6\u7801\u670d\u52a1\n  self-service-password:\n    image: &#039;tiredofit\/self-service-password:latest&#039;\n    container_name: &#039;self-service-password&#039;\n    ports:\n      - &#039;80:80&#039;\n    environment:\n      - LDAP_SERVER=ldap:\/\/ldap-service:389\n      - LDAP_BINDDN=cn=admin,dc=example,dc=com\n      - LDAP_BINDPASS=123456\n      - LDAP_BASE_SEARCH=ou=\u6280\u672f\u90e8,dc=example,dc=com\n      - LDAP_LOGIN_ATTRIBUTE=cn \n      - MAIL_FROM_NAME= Self Service Password\n      - MAIL_FROM=admin@example.com\n      - SMTP_DEBUG=0\n      - SMTP_HOST=smtp.qiye.aliyun.com\n      - SMTP_USER=admin@example.com\n      - SMTP_PASS=123456\n      - SMTP_PORT=465\n      - SMTP_SECURE_TYPE=ssl\n      - SMTP_AUTH_ON=true\n    volumes:\n      - .\/self-service-password\/data:\/www\/ssp\n      - .\/self-service-password\/logs:\/www\/logs\n    networks:\n      - ldapnetworks\n    restart: always\n\nnetworks:\n  ldapnetworks:\n    external: true\n<\/code><\/pre>\n<h3>\u66f4\u591a\u90e8\u7f72\u53d8\u91cf\uff1a<\/h3>\n<p><a href=\"https:\/\/registry.hub.docker.com\/r\/tiredofit\/openldap\"><strong>OpenLdap<\/strong>:  https:\/\/registry.hub.docker.com\/r\/tiredofit\/openldap <\/a><\/p>\n<p><a href=\"https:\/\/github.com\/osixia\/docker-phpLDAPadmin\"><strong>phpLDAPadmin<\/strong>:  https:\/\/github.com\/osixia\/docker-phpLDAPadmin<\/a><\/p>\n<p><a href=\"https:\/\/registry.hub.docker.com\/r\/tiredofit\/self-service-password\"><strong>self-service-password(SSP)<\/strong> :  https:\/\/registry.hub.docker.com\/r\/tiredofit\/self-service-password<\/a><\/p>\n<h2>WEB \u9875\u9762<\/h2>\n<h3>phpldapadmin \u7ba1\u7406\u7aef<\/h3>\n<ul>\n<li><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201219095023293.png\" alt=\"image-20201219095023293\" \/><\/li>\n<\/ul>\n<h3>\u81ea\u52a9\u5bc6\u7801\u670d\u52a1self-service-password<\/h3>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/20210407092221.png\" alt=\"\" \/><\/p>\n<blockquote>\n<p>\u81ea\u52a9\u5bc6\u7801\u670d\u52a1\u53d1\u9001\u90ae\u4ef6\u662f\u56e0\u4e3a\u53cd\u5411\u4ee3\u7406\u6216\u8005\u5176\u4f59\u4ec0\u4e48\u539f\u56e0\u83b7\u53d6\u7684url \u5e76\u4e0d\u6b63\u786e\uff0c\u9700\u8981\u624b\u5de5\u4fee\u6539\u4e0b<strong>sendtoken.php<\/strong>,\u6211\u8fd9\u91cc\u662f\u76f4\u63a5\u5199\u6b7b\u7684\u3002<\/p>\n<p>.\/self-service-password\/data\/pages\/sendtoken.php<\/p>\n<\/blockquote>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/20210407095209.png\" alt=\"\" \/><\/p>\n<h2>GItlab \u96c6\u6210\u5bf9\u63a5  LDAP<\/h2>\n<blockquote>\n<p>ldap\u96c6\u6210gitlab\u6ce8\u610f\u4e8b\u9879\uff1a<\/p>\n<ol>\n<li>\u5728ldap \u521b\u5efa\u7528\u6237\u65f6\u5fc5\u987b\u6dfb\u52a0Email \u7528\u6237\u9644\u52a0\u5c5e\u6027\uff0c\u4e0d\u7136\u65e0\u6cd5\u767b\u9646gitlab<\/li>\n<li>\u901a\u8fc7ldap \u767b\u5f55gitlab\u7684\u7528\u6237\u662f\u9ed8\u8ba4\u6743\u9650\uff0c\u9700\u8981\u7ba1\u7406\u5458\u624b\u52a8\u5206\u914d\u6743\u9650<\/li>\n<li>LDAP\u7528\u6237\u540c\u6b65\u8fc7\u7a0b\uff1a\n<ul>\n<li>\u66f4\u65b0\u73b0\u6709\u7528\u6237\u3002<\/li>\n<li>\u9996\u6b21\u767b\u5f55\u65f6\u521b\u5efa\u65b0\u7528\u6237\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/blockquote>\n<h3>1\u3001\u4fee\u6539gitlab\u914d\u7f6e\u6587\u4ef6<\/h3>\n<pre><code class=\"language-yaml\">### LDAP Settings\n###! Docs: https:\/\/docs.gitlab.com\/omnibus\/settings\/ldap.html\n###! **Be careful not to break the indentation in the ldap_servers block. It is\n###!   in yaml format and the spaces must be retained. Using tabs will not work.**\n\ngitlab_rails[&#039;ldap_enabled&#039;] = true  #\u542f\u7528ldap\ngitlab_rails[&#039;ldap_sync_worker_cron&#039;] = &quot;0 *\/12 * * *&quot;  #gitlab \u540c\u6b65ldap\u7528\u6237\u6570\u636e\n\n###! **remember to close this block with &#039;EOS&#039; below**\ngitlab_rails[&#039;ldap_servers&#039;] = YAML.load &lt;&lt;-&#039;EOS&#039;\n  main: # &#039;main&#039; is the GitLab &#039;provider ID&#039; of this LDAP server\n    label: &#039;LDAP&#039;  #\u767b\u5f55\u65f6\u663e\u793a\u7684\u9009\u9879\n    host: &#039;64.115.5.33&#039;   #ldap \u4e3b\u673a\n    port: 389  #ldap\u7aef\u53e3\n    uid: &#039;cn&#039;  #\u7528\u6237\u540d\u7684LDAP\u5c5e\u6027 &#039;sAMAccountName&#039; or &#039;uid&#039; or &#039;userPrincipalName&#039;\n    bind_dn: &#039;cn=admin,dc=wangfeng,dc=com&#039; #\u7ed1\u5b9a\u7684\u7528\u6237\u7684\u5b8c\u6574DN\u3002 \n    password: &#039;wangfeng&#039;  #\u5bc6\u7801\n    encryption: &#039;plain&#039; #\u52a0\u5bc6\u65b9\u6cd5\u3002  &quot;start_tls&quot; or &quot;simple_tls&quot; or &quot;plain&quot;\n    verify_certificates: false #\u5982\u679c\u52a0\u5bc6\u65b9\u6cd5\u662fstart_tls\u6216simple_tls\uff0c\u5219\u542f\u7528SSL\u8bc1\u4e66\u9a8c\u8bc1\u3002\u9ed8\u8ba4\u4e3atrue\u3002\n    active_directory: false  #\u6b64\u8bbe\u7f6e\u6307\u5b9aLDAP\u670d\u52a1\u5668\u662f\u5426\u4e3aActive Directory LDAP\u670d\u52a1\u5668\u3002\u5bf9\u4e8e\u975eAD\u670d\u52a1\u5668\uff0c\u5b83\u5c06\u8df3\u8fc7AD\u7279\u5b9a\u67e5\u8be2\u3002\u5982\u679c\u60a8\u7684LDAP\u670d\u52a1\u5668\u4e0d\u662fAD\uff0c\u8bf7\u5c06\u5176\u8bbe\u7f6e\u4e3afalse\u3002\n    allow_username_or_email_login: true #\u90ae\u7bb1\u767b\u5f55\n    lowercase_usernames: true #\u5982\u679c\u542f\u7528\u4e86lowercase_usernames\uff0c\u5219GitLab\u4f1a\u5c06\u540d\u79f0\u8f6c\u6362\u4e3a\u5c0f\u5199\u3002\n    block_auto_created_users: false\n    base: &#039;dc=wangfeng,dc=com&#039; #\u6211\u4eec\u53ef\u4ee5\u5728\u5176\u4e2d\u641c\u7d22\u7528\u6237\u7684\u57fa\u7840\u3002\n    user_filter: &#039;&#039;  #\u7528\u6237\u8fc7\u6ee4\n    ## EE only\n    group_base: &#039;&#039;\n    admin_group: &#039;&#039;\n    sync_ssh_keys: false\n    attributes: #gitlab \u540c\u6b65\u5c5e\u6027\n      username: [&#039;cn&#039;, &#039;uid&#039;, &#039;userid&#039;, &#039;sAMAccountName&#039;]\n      email: [&#039;mail&#039;, &#039;email&#039;, &#039;userPrincipalName&#039;]\n      name:       &#039;cn&#039;\n      first_name: &#039;givenName&#039;\n      last_name:  &#039;sn&#039;\n\n#   secondary: # &#039;secondary&#039; is the GitLab &#039;provider ID&#039; of second LDAP server\n#     label: &#039;LDAP&#039;\n#     host: &#039;_your_ldap_server&#039;\n#     port: 389\n#     uid: &#039;sAMAccountName&#039;\n#     bind_dn: &#039;_the_full_dn_of_the_user_you_will_bind_with&#039;\n#     password: &#039;_the_password_of_the_bind_user&#039;\n#     encryption: &#039;plain&#039; # &quot;start_tls&quot; or &quot;simple_tls&quot; or &quot;plain&quot;\n#     verify_certificates: true\n#     smartcard_auth: false\n#     active_directory: true\n#     allow_username_or_email_login: false\n#     lowercase_usernames: false\n#     block_auto_created_users: false\n#     base: &#039;&#039;\n#     user_filter: &#039;&#039;\n#     ## EE only\n#     group_base: &#039;&#039;\n#     admin_group: &#039;&#039;\n#     sync_ssh_keys: false\n###\u6ce8\u610f\u6700\u4e0b\u9762\u8fd9\u4e2aEOS \u6ce8\u89e3\u53bb\u6389\u3002\nEOS<\/code><\/pre>\n<h3>2\u3001\u91cd\u542fgitlab \u767b\u5f55\u6d4b\u8bd5<\/h3>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201219102021906.png\" alt=\"image-20201219102021906\" \/><\/p>\n<h2>Jenkins \u96c6\u6210\u5bf9\u63a5 Ldap<\/h2>\n<h3>1\u3001<strong>\u5b89\u88c5LDAP\u63d2\u4ef6<\/strong><\/h3>\n<p>\u4f7f\u7528LDAP\u8ba4\u8bc1\u9700\u8981\u5b89\u88c5LDAP\u63d2\u4ef6\uff0c<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221112824754.png\" alt=\"image-20201221112824754\" \/><\/p>\n<h3>2\u3001<strong>\u914d\u7f6eLDAP\u8ba4\u8bc1<\/strong><\/h3>\n<p>\u767b\u5f55Jenkins --&gt; \u7cfb\u7edf\u7ba1\u7406 --&gt; \u5168\u5c40\u5b89\u5168\u914d\u7f6e<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221112936762.png\" alt=\"image-20201221112936762\" \/><\/p>\n<p>\u8bbf\u95ee\u63a7\u5236\u9009\u62e9\u201cLDAP\u201d\uff0cServer\u8f93\u5165LDAP\u670d\u52a1\u5668\u5730\u5740\uff0c\u6709\u5176\u4ed6\u914d\u7f6e\u53ef\u4ee5\u70b9\u51fb\u201cAdvanced Server Configuration\u2026\u201d<\/p>\n<p><strong>Server<\/strong>\uff1a\u670d\u52a1\u5668\u5730\u5740\uff0c\u53ef\u4ee5\u76f4\u63a5\u586b\u5199LDAP\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\u6216IP\uff0c\u4f8b\u5982<code>ldap.domain.com<\/code>\uff08\u9ed8\u8ba4\u7aef\u53e3389\uff09\uff0c\u6216\u8005<code>ldap.domain.com:1389<\/code>\uff0c\u5982\u679c\u7528\u4e86SSL\uff0c\u53ef\u4ee5\u586b\u5199<code>ldaps:\/\/ldap.domain.com<\/code>\uff08\u9ed8\u8ba4\u7aef\u53e3636\uff09\uff0c\u6216\u8005<code>ldaps:\/\/ldap.domain.com:1636<\/code><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221113037351.png\" alt=\"image-20201221113037351\" \/><\/p>\n<p><strong>root DN<\/strong>\uff1a\u8fd9\u91cc\u7684root DN\u53ea\u662f\u6307\u641c\u7d22\u7684\u6839\uff0c\u5e76\u975eLDAP\u670d\u52a1\u5668\u7684root dn\u3002\u7531\u4e8eLDAP\u6570\u636e\u5e93\u7684\u6570\u636e\u7ec4\u7ec7\u7ed3\u6784\u7c7b\u4f3c\u4e00\u9897\u5927\u6811\uff0c\u800c\u641c\u7d22\u662f\u9012\u5f52\u6267\u884c\u7684\uff0c\u7406\u8bba\u4e0a\uff0c\u6211\u4eec\u5982\u679c\u4ece\u5b50\u8282\u70b9\uff08\u800c\u4e0d\u662f\u6839\u8282\u70b9\uff09\u5f00\u59cb\u641c\u7d22\uff0c\u56e0\u4e3a\u7f29\u5c0f\u4e86\u641c\u7d22\u8303\u56f4\u90a3\u4e48\u5c31\u53ef\u4ee5\u83b7\u5f97\u66f4\u9ad8\u7684\u6027\u80fd\u3002\u8fd9\u91cc\u7684root DN\u6307\u7684\u5c31\u662f\u8fd9\u4e2a\u5b50\u8282\u70b9\u7684DN\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u4e0d\u586b\uff0c\u8868\u793a\u4eceLDAP\u7684\u6839\u8282\u70b9\u5f00\u59cb\u641c\u7d22<\/p>\n<p><strong>User search base<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u4e5f\u662f\u4e3a\u4e86\u7f29\u5c0fLDAP\u641c\u7d22\u7684\u8303\u56f4\uff0c\u4f8b\u5982Jenkins\u7cfb\u7edf\u53ea\u5141\u8bb8ou\u4e3aAdmin\u4e0b\u7684\u7528\u6237\u624d\u80fd\u767b\u9646\uff0c\u90a3\u4e48\u4f60\u8fd9\u91cc\u53ef\u4ee5\u586b\u5199<code>ou=Admin<\/code>\uff0c\u8fd9\u662f\u4e00\u4e2a\u76f8\u5bf9\u7684\u503c\uff0c\u76f8\u5bf9\u4e8e\u4e0a\u8fb9\u7684root DN\uff0c\u4f8b\u5982\u4f60\u4e0a\u8fb9\u7684root DN\u586b\u5199\u7684\u662f<code>dc=domain,dc=com<\/code>\uff0c\u90a3\u4e48user search base\u8fd9\u91cc\u586b\u5199\u4e86<code>ou=Admin<\/code>\uff0c\u90a3\u4e48\u767b\u9646\u7528\u6237\u53bbLDAP\u641c\u7d22\u65f6\u5c31\u53ea\u4f1a\u641c\u7d22<code>ou=Admin,dc=domain,dc=com<\/code>\u4e0b\u7684\u7528\u6237\u4e86<\/p>\n<p><strong>User search filter<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5b9a\u4e49\u767b\u9646\u7684\u201c\u7528\u6237\u540d\u201d\u5bf9\u5e94LDAP\u4e2d\u7684\u54ea\u4e2a\u5b57\u6bb5\uff0c\u5982\u679c\u4f60\u60f3\u7528LDAP\u4e2d\u7684uid\u4f5c\u4e3a\u7528\u6237\u540d\u6765\u767b\u5f55\uff0c\u90a3\u4e48\u8fd9\u91cc\u53ef\u4ee5\u914d\u7f6e\u4e3a<code>uid={0}<\/code>\uff08{0}\u4f1a\u81ea\u52a8\u7684\u66ff\u6362\u4e3a\u7528\u6237\u63d0\u4ea4\u7684\u7528\u6237\u540d\uff09\uff0c\u5982\u679c\u4f60\u60f3\u7528LDAP\u4e2d\u7684mail\u4f5c\u4e3a\u7528\u6237\u540d\u6765\u767b\u5f55\uff0c\u90a3\u4e48\u8fd9\u91cc\u5c31\u9700\u8981\u6539\u4e3a<code>mail={0}<\/code>\u3002\u5728\u6d4b\u8bd5\u7684\u65f6\u5019\u5982\u679c\u63d0\u793a\u4f60<code>user xxx does not exist<\/code>\uff0c\u800c\u4f60\u786e\u5b9a\u5bc6\u7801\u8f93\u5165\u6b63\u786e\u65f6\uff0c\u5c31\u8981\u8003\u8651\u4e0b\u8f93\u5165\u7684\u7528\u6237\u540d\u662f\u4e0d\u662f\u8fd9\u91cc\u5b9a\u4e49\u7684\u8fd9\u4e2a\u503c\u4e86<\/p>\n<p><strong>Group search base<\/strong>\uff1a\u53c2\u8003\u4e0a\u8fb9<code>User search base<\/code>\u89e3\u91ca<\/p>\n<p><strong>Group search filter<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5141\u8bb8\u4f60\u5c06\u8fc7\u6ee4\u5668\u9650\u5236\u4e3a\u6240\u9700\u7684objectClass\u6765\u63d0\u9ad8\u641c\u7d22\u6027\u80fd\uff0c\u4e5f\u5c31\u662f\u8bf4\u53ef\u4ee5\u53ea\u641c\u7d22\u7528\u6237\u5c5e\u6027\u4e2d\u5305\u542b\u67d0\u4e2aobjectClass\u7684\u7528\u6237\uff0c\u8fd9\u5c31\u8981\u6c42\u4f60\u5bf9\u4f60\u7684LDAP\u8db3\u591f\u4e86\u89e3\uff0c\u4e00\u822c\u6211\u4eec\u4e5f\u4e0d\u914d\u7f6e<\/p>\n<p><strong>Group membership<\/strong>\uff1a\u6ca1\u914d\u7f6e\uff0c\u6ca1\u6709\u8be6\u7ec6\u7814\u7a76<\/p>\n<p><strong>Manager DN<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5728\u4f60\u7684LDAP\u670d\u52a1\u5668\u4e0d\u5141\u8bb8\u533f\u540d\u8bbf\u95ee\u7684\u60c5\u51b5\u4e0b\u7528\u6765\u505a\u8ba4\u8bc1\uff08\u8be6\u7ec6\u7684\u8ba4\u8bc1\u8fc7\u7a0b\u53c2\u8003\u6587\u7ae0LDAP\u843d\u5730\u5b9e\u6218\uff08\u4e8c\uff09\uff1aSVN\u96c6\u6210OpenLDAP\u8ba4\u8bc1\u4e2d\u5173\u4e8eLDAP\u670d\u52a1\u5668\u8ba4\u8bc1\u8fc7\u7a0b\u7684\u8bb2\u89e3\uff09\uff0c\u901a\u5e38DN\u4e3a<code>cn=admin,dc=domain,dc=com<\/code>\u8fd9\u6837<\/p>\n<p><strong>Manager Password<\/strong>\uff1a\u4e0a\u8fb9\u914d\u7f6edn\u7684\u5bc6\u7801<\/p>\n<p><strong>Display Name LDAP attribute<\/strong>\uff1a\u914d\u7f6e\u7528\u6237\u7684\u663e\u793a\u540d\u79f0\uff0c\u4e00\u822c\u4e3a\u663e\u793a\u540d\u79f0\u5c31\u914d\u7f6e\u4e3auid\uff0c\u5982\u679c\u4f60\u60f3\u663e\u793a\u5176\u4ed6\u5b57\u6bb5\u5c5e\u6027\u4e5f\u53ef\u4ee5\u8fd9\u91cc\u914d\u7f6e\uff0c\u4f8b\u5982mail<\/p>\n<p><strong>Email Address LDAP attribute<\/strong>\uff1a\u914d\u7f6e\u7528\u6237Email\u5bf9\u5e94\u7684\u5b57\u6bb5\u5c5e\u6027\uff0c\u4e00\u822c\u6ca1\u6709\u4fee\u6539\u8fc7\u7684\u8bdd\u90fd\u662fmail\uff0c\u9664\u975e\u4f60\u7528\u5176\u4ed6\u7684\u5b57\u6bb5\u5c5e\u6027\u6765\u6807\u8bc6\u7528\u6237\u90ae\u7bb1\uff0c\u8fd9\u91cc\u53ef\u4ee5\u914d\u7f6e<\/p>\n<p>\u4e0b\u8fb9\u8fd8\u6709\u4e00\u4e9b\u914d\u7f6e\u5982\uff1a\u73af\u5883\u53d8\u91cfEnvironment Properties\u3001servlet\u5bb9\u5668\u4ee3\u7406\u7b49\uff0c\u5f88\u5c11\u7528\u5c31\u4e0d\u591a\u89e3\u91ca\u4e86\u3002\u6709\u4e00\u4e2a\u914d\u7f6e<code>Enable cache<\/code>\u53ef\u80fd\u4f1a\u7528\u5f97\u5230\uff0c\u5f53\u4f60\u7684LDAP\u6570\u636e\u91cf\u5f88\u5927\u6216\u8005LDAP\u670d\u52a1\u5668\u6027\u80fd\u8f83\u5dee\u65f6\uff0c\u53ef\u4ee5\u5f00\u542f\u7f13\u5b58\uff0c\u914d\u7f6e\u7f13\u5b58\u6761\u6570\u548c\u8fc7\u671f\u65f6\u95f4\uff0c\u90a3\u4e48\u5728\u8fc7\u671f\u65f6\u95f4\u5185\u65b0\u8bf7\u6c42\u4f18\u5148\u67e5\u627e\u672c\u5730\u7f13\u5b58\u8ba4\u8bc1\uff0c\u8ba4\u8bc1\u901a\u8fc7\u5219\u4e0d\u4f1a\u53bbLDAP\u670d\u52a1\u5668\u8bf7\u6c42\uff0c\u4ee5\u51cf\u8f7bLDAP\u670d\u52a1\u5668\u7684\u538b\u529b<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221113121213.png\" alt=\"image-20201221113121213\" \/><\/p>\n<p>\u914d\u7f6e\u5b8c\u6210\u540e\u53ef\u4ee5\u70b9\u51fb\u4e0b\u65b9\u7684\u201cTest LDAP sttings\u201d\u6765\u6d4b\u8bd5\u914d\u7f6e\u7684\u51c6\u786e\u6027<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221113145120.png\" alt=\"image-20201221113145120\" \/><\/p>\n<p>\u8fd9\u91cc\u8f93\u5165\u7684\u7528\u6237\u540d\u5c31\u662f\u4f60\u4e0a\u8fb9\u914d\u7f6e\u7684<code>User search filter<\/code>\u91cc\u5b9a\u4e49\u7684LDAP\u4e2d\u7684\u5c5e\u6027\uff0c\u5bc6\u7801\u5c31\u662fLDAP\u7684\u5bc6\u7801<\/p>\n<h3>3\u3001<strong>\u767b\u5f55<\/strong><\/h3>\n<p>\u914d\u7f6e\u5b8c\u6210\u5e76\u6d4b\u8bd5\u901a\u8fc7\u540e\u5c31\u53ef\u4ee5\u7528LDAP\u76f4\u63a5\u767b\u5f55\u4e86\uff0c\u6ce8\u610f\uff1a\u542f\u7528\u4e86LDAP\u767b\u5f55\u540e\u5c06\u65e0\u6cd5\u518d\u7528\u4e4b\u524d\u7684\u767b\u5f55\u65b9\u5f0f\uff08\u4f8b\u5982\u672c\u5730\u8ba4\u8bc1\uff09\u767b\u5f55<\/p>\n<h3>\u53c2\u8003\u6587\u6863: <a href=\"https:\/\/cloud.tencent.com\/developer\/article\/1193729\"><em>\u8fd0\u7ef4\u5496\u5561\u5427<\/em><\/a><\/h3>\n<h2>Archery \u96c6\u6210\u5bf9\u63a5 Ldap<\/h2>\n<h3>1\u3001\u5b89\u88c5\u6269\u5c55\u5305<\/h3>\n<pre><code class=\"language-bash\">#\u8fdb\u5165archery\u5bb9\u5668\ndocker exec -it archery  \/bin\/bash\nyum install openldap-devel\npip install django-auth-ldap<\/code><\/pre>\n<h3>2\u3001\u4fee\u6539Archery\u914d\u7f6e<\/h3>\n<pre><code class=\"language-bash\">vi \/opt\/archery\/archery\/settings.py\n\n# LDAP\nENABLE_LDAP = True\nif ENABLE_LDAP:\n    import ldap\n    from django_auth_ldap.config import LDAPSearch\n\n    AUTHENTICATION_BACKENDS = (\n        &#039;django_auth_ldap.backend.LDAPBackend&#039; ,  # \u914d\u7f6e\u4e3a\u5148\u4f7f\u7528LDAP\u8ba4\u8bc1\uff0c\u5982\u901a\u8fc7\u8ba4\u8bc1\u5219\u4e0d\u518d\u4f7f\u7528\u540e\u9762\u7684\u8ba4\u8bc1\u65b9\u5f0f\n        &#039;django.contrib.auth.backends.ModelBackend&#039;,  # django\u7cfb\u7edf\u4e2d\u624b\u52a8\u521b\u5efa\u7684\u7528\u6237\u4e5f\u53ef\u4f7f\u7528\uff0c\u4f18\u5148\u7ea7\u9760\u540e\u3002\u6ce8\u610f\u8fd92\u884c\u7684\u987a\u5e8f\n    )\n\n    AUTH_LDAP_SERVER_URI = &quot;ldap:\/\/xxx&quot;\n    AUTH_LDAP_BING_DN = &#039;CN=admin,dc=wangfeng,dc=com&#039;\n    AUTH_LDAP_BING_PASSWORD = &#039;wangfeng&#039;\n    AUTH_LDAP_USER_DN_TEMPLATE = &quot;cn=%(user)s,cn=user,dc=wangfeng,dc=com&quot;\n    AUTH_LDAP_ALWAYS_UPDATE_USER = True  # \u6bcf\u6b21\u767b\u5f55\u4eceldap\u540c\u6b65\u7528\u6237\u4fe1\u606f\n    AUTH_LDAP_USER_ATTR_MAP = {  # key\u4e3aarchery.sql_users\u5b57\u6bb5\u540d\uff0cvalue\u4e3aldap\u4e2d\u5b57\u6bb5\u540d\uff0c\u7528\u6237\u540c\u6b65\u4fe1\u606f\n        &quot;username&quot;: &quot;cn&quot;,\n        &quot;display&quot;: &quot;displayname&quot;,\n        &quot;email&quot;: &quot;mail&quot;\n    }\n<\/code><\/pre>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223114142302.png\" alt=\"image-20201223114142302\" \/><\/p>\n<h3>3\u3001\u91cd\u542fArchery \u767b\u5f55\u6d4b\u8bd5<\/h3>\n<pre><code class=\"language-bash\">docker restart archery<\/code><\/pre>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223114307947.png\" alt=\"image-20201223114307947\" \/><\/p>\n<h3>4\u3001\u914d\u7f6e\u767b\u5f55\u7528\u6237\u9ed8\u8ba4\u6743\u9650<img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223114406789.png\" alt=\"image-20201223114406789\" \/><\/h3>\n<h2>Rancher \u96c6\u6210\u5bf9\u63a5 Ldap<\/h2>\n<blockquote>\n<p>\u7b80\u5355\uff0c\u914d\u7f6e\u597d\u8fde\u63a5\u53c2\u6570\u5373\u53ef\u3002\u767b\u5f55\u65f6\u53ef\u9009\u62e9ldap\u767b\u5f55\u6216\u8005\u672c\u5730\u767b\u5f55\u3002<\/p>\n<\/blockquote>\n<p><img decoding=\"async\" src=\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223133948011.png\" alt=\"image-20201223133948011\" \/><\/p>\n<h2>Jumpserver \u96c6\u6210\u5bf9\u63a5 Ldap<\/h2>\n<h3>1\u3001LDAP \u8bbe\u7f6e\u8bf4\u660e<\/h3>\n<pre><code>LDAP\u5730\u5740  ldap:\/\/serverurl:389  \u6216\u8005  ldaps:\/\/serverurl:636(\u9700\u8981\u52fe\u9009ssl)\n# \u6b64\u5904\u662f\u8bbe\u7f6eLDAP\u7684\u670d\u52a1\u5668,\u63a8\u8350\u4f7f\u7528IP, \u9632\u6b62\u89e3\u6790\u95ee\u9898\n\n\u7ed1\u5b9aDN  cn=administrator,cn=Users,dc=jumpserver,dc=org\n# \u8fd9\u91cc\u662f\u8bbe\u7f6e\u8ba4\u8bc1\u7528\u6237\u7684\u4fe1\u606f, jumpserver\u4f1a\u4f7f\u7528\u8fd9\u4e2a\u7528\u6237\u53bb\u6821\u9a8cldap\u7684\u4fe1\u606f\u662f\u5426\u6b63\u786e\n\n\u5bc6\u7801   # \u4e0a\u9762\u8ba4\u8bc1\u7528\u6237\u7684\u5bc6\u7801\n\n\u7528\u6237OU  ou=jumpserver,dc=jumpserver,dc=org\n# \u8fd9\u91cc\u662f\u8bbe\u7f6e\u7528\u6765\u767b\u5f55jumpserver\u7684\u7ec4\u7ec7\u5355\u5143, \u6bd4\u5982\u6211\u8981\u7528\u67d0\u4e2aou\u7684\u7528\u6237\u6765\u767b\u5f55jumpserver\n# \u591aOU\u7528\u6cd5  ou=jumpserver,dc=jumpserver,dc=org | ou=user,dc=jumpserver,dc=org | ou=xxx,dc=jumpserver,dc=org\n\n\u7528\u6237\u8fc7\u6ee4\u5668  (cn=%(user)s)\n# \u8fd9\u91cc\u662f\u8bbe\u7f6e\u7b5b\u9009ldap\u7528\u6237\u7684\u54ea\u4e9b\u5c5e\u6027, \u4e0d\u80fd\u6709\u591a\u4f59\u7684\u7a7a\u683c\n\nLADP\u5c5e\u6027\u6620\u5c04  {&quot;username&quot;: &quot;cn&quot;, &quot;name&quot;: &quot;sn&quot;, &quot;email&quot;: &quot;mail&quot;}\nusername name email \u662fjumpserver\u7684\u7528\u6237\u5c5e\u6027(\u4e0d\u53ef\u66f4\u6539)\ncn       sn   mail  \u662fldap\u7684\u7528\u6237\u5c5e\u6027(\u53ef\u81ea\u5b9a\u4e49)\n# \u8fd9\u91cc\u7684\u610f\u601d\u662f, \u628aldap\u7528\u6237\u7684\u5c5e\u6027\u6620\u5c04\u5230jumpserver\u4e0a\n\n\u4f7f\u7528SSL\n# \u52fe\u9009\u540e LDAP\u5730\u5740 \u9700\u8981\u8bbe\u7f6e\u6210 ldaps:\/\/serverurl:636\n\n\u542f\u52a8LDAP\u8ba4\u8bc1\n# \u5982\u679c\u9700\u8981\u4f7f\u7528 LDAP\u6216\u57df\u7528\u6237 \u767b\u5f55 jumpserver,\u5219\u5fc5\u9009<\/code><\/pre>\n<blockquote>\n<p>\u8865\u5145<\/p>\n<\/blockquote>\n<pre><code>DN \u4e00\u5b9a\u8981\u662f\u5b8c\u6574\u7684DN, \u4e0d\u80fd\u8df3\u8fc7OU, \u53ef\u4ee5\u4f7f\u7528\u5176\u4ed6\u5de5\u5177\u67e5\u8be2\n\u5982\uff1acn=admin,ou=aaa,dc=jumpserver,dc=org,\u5fc5\u987b\u8981\u5199\u6210cn=admin,ou=aaa,dc=jumpserver,dc=org \u4e0d\u80fd\u7f29\u5199\u6210cn=admin,dc=jumpserver,dc=org\n\n\u7528\u6237OU \u7528\u6237OU\u53ef\u4ee5\u53ea\u5199\u9876\u5c42OU, \u4e0d\u5199\u5b50OU\n\u5982\uff1aou=aaa,ou=bbb,ou=ccc,dc=jumpserver,dc=org,\u53ef\u4ee5\u53ea\u5199ou=ccc,dc=jumpserver,dc=org,\u6839\u636e\u9700\u6c42\u81ea\u884c\u4fee\u6539\n\n\u7528\u6237\u8fc7\u6ee4\u5668  \u7b5b\u9009\u7528\u6237\u7684\u89c4\u5219, \u70b9\u51fb\u6d4b\u8bd5\u8fde\u63a5\u5c31\u662f\u6839\u636e\u8fd9\u4e2a\u89c4\u5219\u5230\u7528\u6237OU\u91cc\u9762\u53bb\u68c0\u7d22\u7528\u6237, \u53ef\u4ee5\u81ea\u5b9a\u4e49\u89c4\u5219\n\u5982\uff1a(uid=%(user)s) \u6216 (sAMAccountName=%(user)s)  \u7b49, \u8fd9\u91cc\u7684\u5c5e\u6027\u9700\u8981\u4e0e\u4e0b\u9762\u7684\u5c5e\u6027\u6620\u5c04\u8bbe\u7f6e\u4e00\u81f4\n\nLADP\u5c5e\u6027\u6620\u5c04  username name email \u8fd9\u4e09\u9879\u4e0d\u53ef\u4fee\u6539\u5220\u9664, \u5c5e\u6027\u6620\u5c04\u7684\u5b57\u6bb5\u5fc5\u987b\u5b58\u5728, \u4e14\u767b\u5f55\u7528\u6237\u540d\u548c\u90ae\u4ef6\u4e0d\u53ef\u4ee5\u91cd\u590d\n\u5982\uff1a{&quot;username&quot;: &quot;uid&quot;, &quot;name&quot;: &quot;sn&quot;, &quot;email&quot;: &quot;mail&quot;} \u6216 {&quot;username&quot;: &quot;sAMAccountName&quot;, &quot;name&quot;: &quot;cn&quot;, &quot;email&quot;: &quot;mail&quot;}\n&quot;username&quot;: &quot;uid&quot; \u8fd9\u91cc\u7684 uid \u5fc5\u987b\u548c\u4e0a\u9762\u7684 (uid=%(user)s) \u8fd9\u91cc\u7684 uid \u4e00\u81f4\n\u5982\u679c\u4e0a\u9762\u662f(sAMAccountName=%(user)s) \u90a3\u4e48\u4e0b\u9762\u4e5f\u5e94\u8be5\u4fee\u6539\u4e3a{&quot;username&quot;: &quot;sAMAccountName&quot;,\nusername \u662f jumpserver \u7684\u7528\u6237\u7528\u6237\u540d, name \u662f jumpserver \u7684\u7528\u6237\u540d\u79f0, mail \u662f jumpserver \u7528\u6237\u7684\u90ae\u7bb1\n\u5c5e\u6027\u6620\u5c04\u7684\u610f\u601d\u662f\u628aldap\u7684\u4ec0\u4e48\u5c5e\u6027\u6765\u4f5c\u4e3ajumpserver\u7684\u7528\u6237\u7528\u6237\u540d, \u628aldap\u7684\u4ec0\u4e48\u5c5e\u6027\u4f5c\u4e3ajumpserver\u7684\u7528\u6237\u540d\u79f0, \u628aldap\u7684\u4ec0\u4e48\u5c5e\u6027\u4f5c\u4e3ajumpserver\u7684\u7528\u6237\u90ae\u7bb1<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u4ecb\u7ecd \u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u4e09\u53e5\u8bdd\u5feb\u901f\u7684\u8ba4\u8bc6\u4e00\u4e0bLDAP\uff1a LDAP\uff1aLightweight Directory Acc<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[91,90,72,73,92,85,86,87,88,89],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1 - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1 - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\" \/>\n<meta property=\"og:description\" content=\"\u4ecb\u7ecd \u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u4e09\u53e5\u8bdd\u5feb\u901f\u7684\u8ba4\u8bc6\u4e00\u4e0bLDAP\uff1a LDAP\uff1aLightweight Directory Acc\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-07T01:44:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-07T03:05:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/gitee.com\/wangfeng-1\/images\/raw\/master\/1.png\" \/>\n<meta name=\"author\" content=\"\u7ba1\u7406\u5458\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/\"},\"author\":{\"name\":\"\u7ba1\u7406\u5458\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"headline\":\"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1\",\"datePublished\":\"2021-04-07T01:44:43+00:00\",\"dateModified\":\"2021-04-07T03:05:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/\"},\"wordCount\":199,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"keywords\":[\"archery\",\"docker-compose\",\"Gitlab\",\"Jenkins\",\"jumpserver\",\"openldap\",\"phpldapadmin\",\"self-service-password\",\"ssp\",\"\u81ea\u52a9\u5bc6\u7801\"],\"articleSection\":[\"Linux\"],\"inLanguage\":\"zh-CN\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/\",\"url\":\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/\",\"name\":\"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1 - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\",\"isPartOf\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#website\"},\"datePublished\":\"2021-04-07T01:44:43+00:00\",\"dateModified\":\"2021-04-07T03:05:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#breadcrumb\"},\"inLanguage\":\"zh-CN\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.linuxdevops.cn\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Linux\",\"item\":\"https:\/\/www.linuxdevops.cn\/linux\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#website\",\"url\":\"https:\/\/www.linuxdevops.cn\/\",\"name\":\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\",\"description\":\"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\u7b14\u8bb0\",\"publisher\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\"},\"alternateName\":\"linuxdevops\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.linuxdevops.cn\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-CN\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1\",\"name\":\"\u7ba1\u7406\u5458\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-CN\",\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg\",\"contentUrl\":\"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg\",\"width\":512,\"height\":512,\"caption\":\"\u7ba1\u7406\u5458\"},\"logo\":{\"@id\":\"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/\"},\"description\":\"\u7ba1\u7406\u5458\",\"url\":\"https:\/\/www.linuxdevops.cn\/author\/root\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1 - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/","og_locale":"zh_CN","og_type":"article","og_title":"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1 - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","og_description":"\u4ecb\u7ecd \u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u4e09\u53e5\u8bdd\u5feb\u901f\u7684\u8ba4\u8bc6\u4e00\u4e0bLDAP\uff1a LDAP\uff1aLightweight Directory Acc","og_url":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/","og_site_name":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","article_published_time":"2021-04-07T01:44:43+00:00","article_modified_time":"2021-04-07T03:05:12+00:00","og_image":[{"url":"https:\/\/gitee.com\/wangfeng-1\/images\/raw\/master\/1.png"}],"author":"\u7ba1\u7406\u5458","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#article","isPartOf":{"@id":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/"},"author":{"name":"\u7ba1\u7406\u5458","@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"headline":"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1","datePublished":"2021-04-07T01:44:43+00:00","dateModified":"2021-04-07T03:05:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/"},"wordCount":199,"commentCount":0,"publisher":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"keywords":["archery","docker-compose","Gitlab","Jenkins","jumpserver","openldap","phpldapadmin","self-service-password","ssp","\u81ea\u52a9\u5bc6\u7801"],"articleSection":["Linux"],"inLanguage":"zh-CN","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/","url":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/","name":"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1 - Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","isPartOf":{"@id":"https:\/\/www.linuxdevops.cn\/#website"},"datePublished":"2021-04-07T01:44:43+00:00","dateModified":"2021-04-07T03:05:12+00:00","breadcrumb":{"@id":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#breadcrumb"},"inLanguage":"zh-CN","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.linuxdevops.cn\/2021\/04\/docker-compose-deploys-openldap-phpldapadm-ssp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.linuxdevops.cn\/"},{"@type":"ListItem","position":2,"name":"Linux","item":"https:\/\/www.linuxdevops.cn\/linux\/"},{"@type":"ListItem","position":3,"name":"docker-compose \u90e8\u7f72openLDAP+phpldapadmin+SSP + \u5bf9\u63a5\u96c6\u6210\u5404\u79cd\u670d\u52a1"}]},{"@type":"WebSite","@id":"https:\/\/www.linuxdevops.cn\/#website","url":"https:\/\/www.linuxdevops.cn\/","name":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4","description":"Linux\u81ea\u52a8\u5316\u8fd0\u7ef4\u7b14\u8bb0","publisher":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1"},"alternateName":"linuxdevops","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.linuxdevops.cn\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-CN"},{"@type":["Person","Organization"],"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/3e206335d5796fdd8679e449df72a0d1","name":"\u7ba1\u7406\u5458","image":{"@type":"ImageObject","inLanguage":"zh-CN","@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/","url":"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg","contentUrl":"https:\/\/www.linuxdevops.cn\/wp-content\/uploads\/2019\/07\/cropped-index.jpg","width":512,"height":512,"caption":"\u7ba1\u7406\u5458"},"logo":{"@id":"https:\/\/www.linuxdevops.cn\/#\/schema\/person\/image\/"},"description":"\u7ba1\u7406\u5458","url":"https:\/\/www.linuxdevops.cn\/author\/root\/"}]}},"_links":{"self":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/1009"}],"collection":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/comments?post=1009"}],"version-history":[{"count":4,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/1009\/revisions"}],"predecessor-version":[{"id":1015,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/posts\/1009\/revisions\/1015"}],"wp:attachment":[{"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/media?parent=1009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/categories?post=1009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.linuxdevops.cn\/wp-json\/wp\/v2\/tags?post=1009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}