\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u4e09\u53e5\u8bdd\u5feb\u901f\u7684\u8ba4\u8bc6\u4e00\u4e0bLDAP\uff1a<\/h3>\n\n- LDAP\uff1aLightweight Directory Access Protocol\uff0c\u8f7b\u91cf\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\u3002<\/li>\n
- LDAP\u670d\u52a1\u662f\u4e00\u4e2a\u4e3a\u53ea\u8bfb\uff08\u67e5\u8be2\u3001\u6d4f\u89c8\u3001\u641c\u7d22\uff09\u8bbf\u95ee\u800c\u4f18\u5316\u7684\u975e\u5173\u7cfb\u578b\u6570\u636e\u5e93\uff0c\u5448\u6811\u72b6\u7ed3\u6784\u7ec4\u7ec7\u6570\u636e\u3002<\/li>\n
- LDAP\u4e3b\u8981\u7528\u505a\u7528\u6237\u4fe1\u606f\u67e5\u8be2\uff08\u5982\u90ae\u7bb1\u3001\u7535\u8bdd\u7b49\uff09\u6216\u5bf9\u5404\u79cd\u670d\u52a1\u8bbf\u95ee\u505a\u540e\u53f0\u8ba4\u8bc1\u4ee5\u53ca\u7528\u6237\u6570\u636e\u6743\u9650\u7ba1\u63a7\u3002<\/li>\n<\/ol>\n
\u540d\u8bcd\u89e3\u91ca<\/p>\n
\n- DC\uff1adomain component\u4e00\u822c\u4e3a\u516c\u53f8\u540d\uff0c\u4f8b\u5982\uff1adc=163,dc=com<\/li>\n
- OU\uff1aorganization unit\u4e3a\u7ec4\u7ec7\u5355\u5143\uff0c\u6700\u591a\u53ef\u4ee5\u6709\u56db\u7ea7\uff0c\u6bcf\u7ea7\u6700\u957f32\u4e2a\u5b57\u7b26\uff0c\u53ef\u4ee5\u4e3a\u4e2d\u6587<\/li>\n
- CN\uff1acommon name\u4e3a\u7528\u6237\u540d\u6216\u8005\u670d\u52a1\u5668\u540d\uff0c\u6700\u957f\u53ef\u4ee5\u523080\u4e2a\u5b57\u7b26\uff0c\u53ef\u4ee5\u4e3a\u4e2d\u6587<\/li>\n
- DN\uff1adistinguished name\u4e3a\u4e00\u6761LDAP\u8bb0\u5f55\u9879\u7684\u540d\u5b57\uff0c\u6709\u552f\u4e00\u6027\uff0c\u4f8b\u5982\uff1adc:\u201dcn=admin,ou=developer,dc=163,dc=com\u201d<\/li>\n<\/ul>\n
\u56fe\u5f62\u793a\u4f8b<\/h3>\n
\u4e0a\u8fb9\u6765\u4e86\u4e00\u5806\u7684\u540d\u8bcd\u89e3\u91ca\uff0c\u770b\u7684\u4e91\u91cc\u96fe\u91cc\uff0c\u8fd8\u4e0d\u662f\u5f88\u660e\u767d\uff0c\u600e\u4e48\u8ddf\u81ea\u5df1\u7684\u7ec4\u7ec7\u67b6\u6784\u5bf9\u5e94\u8d77\u6765\u5462\uff1f\u770b\u770b\u4e0b\u8fb9\u7684\u56fe\u662f\u4e0d\u662f\u6e05\u6670\u660e\u4e86<\/p>\n
![](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/1.png\")
<\/p>\n
\n- docker \u8fd0\u884copenLDAP<\/li>\n<\/ul>\n
docker run -d --name ldap-service --hostname ldap-service -p 389:389 -p 689:689 -v \/data\/openldap\/database:\/var\/lib\/ldap -v \/data\/openldap\/config:\/etc\/ldap\/slapd.d --env LDAP_ORGANISATION="wangfeng.com" --env LDAP_DOMAIN="wangfeng.com" --env LDAP_ADMIN_PASSWORD="wangfeng" --env LDAP_TLS=false --detach osixia\/openldap:1.4.0\n\n<\/code><\/pre>\n\n- docker \u8fd0\u884c phpldapadmin \u7ba1\u7406\u7aef<\/li>\n<\/ul>\n
docker run --name phpldapadmin-service -p 6443:443 -p 6680:80 --hostname phpldapadmin-service --link ldap-service:wangfeng.com --env PHPLDAPADMIN_LDAP_HOSTS=wangfeng.com --env PHPLDAPADMIN_HTTPS=false --detach osixia\/phpldapadmin:0.9.0\n<\/code><\/pre>\n- docker-compose \u8fd0\u884c <\/li>\n<\/ul>\n
\nservices:\n#openladp \u670d\u52a1\n openldap:\n image: tiredofit\/openldap:7.1.14\n container_name: ldap-service\n ports:\n - 389:389\n - 636:636\n volumes:\n - .\/backup:\/data\/backup\n - .\/data:\/var\/lib\/openldap\n - .\/config:\/etc\/openldap\/slapd.d\n - .\/certs:\/certs\n environment:\n - HOSTNAME=ldap-service\n - ORGANIZATION=\u725b\u903c\u514b\u62c9\u65af\u6709\u9650\u516c\u53f8\n - LOG_LEVEL=256\n - DOMAIN=ldap.example.com\n - ADMIN_PASS=wangfeng123\n - CONFIG_PASS=wangfeng123\n - DEBUG_MODE=FALSE\n\n - ENABLE_READONLY_USER=FALSE\n - READONLY_USER_USER=reader\n - READONLY_USER_PASS=reader\n\n - ENABLE_TLS=FALSE\n - TLS_CRT_FILENAME=cert.pem\n - TLS_KEY_FILENAME=key.pem\n - TLS_ENFORCE=FALSE\n - TLS_CIPHER_SUITE=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA\n - TLS_VERIFY_CLIENT=never\n - SSL_HELPER_PREFIX=ldap\n\n - ENABLE_REPLICATION=FALSE\n - REPLICATION_CONFIG_SYNCPROV=binddn=\"cn=config\" bindmethod=simple credentials=\"admin\" searchbase=\"cn=config\" type=refreshAndPersist retry=\"5 5 60 +\" timeout=1 filter=\"(!(objectclass=olcGlobal))\"\n - REPLICATION_DB_SYNCPROV=binddn=\"cn=admin,dc=example,dc=org\" bindmethod=simple credentials=\"admin\" searchbase=\"dc=example,dc=org\" type=refreshAndPersist interval=00:00:00:10 retry=\"5 5 60 +\" timeout=1\n - REPLICATION_HOSTS=ldap:\/\/ldap1.example.com ldap:\/\/ldap2.example.com ldap:\/\/ldap3.example.com\n - REMOVE_CONFIG_AFTER_SETUP=false\n\n - ENABLE_BACKUP=TRUE\n - BACKUP_INTERVAL=0400\n - BACKUP_RETENTION=10080\n networks:\n - ldapnetworks\n restart: always\n\n# ldap \u7ba1\u7406\u7aef\n phpldapadmin:\n image: osixia\/phpldapadmin:0.9.0\n container_name: phpldapadmin-service\n ports:\n - 6680:80\n environment:\n - TZ=Asia\/Shanghai\n - PHPLDAPADMIN_HTTPS=\"false\"\n - PHPLDAPADMIN_LDAP_HOSTS=ldap-service\n networks:\n - ldapnetworks\n restart: always\n\n#ldap \u81ea\u52a8\u5bc6\u7801\u670d\u52a1\n self-service-password:\n image: 'tiredofit\/self-service-password:latest'\n container_name: 'self-service-password'\n ports:\n - '80:80'\n environment:\n - LDAP_SERVER=ldap:\/\/ldap-service:389\n - LDAP_BINDDN=cn=admin,dc=example,dc=com\n - LDAP_BINDPASS=wangfeng123\n - LDAP_BASE_SEARCH=ou=\u6280\u672f\u90e8,dc=example,dc=com\n - LDAP_LOGIN_ATTRIBUTE=cn \n - MAIL_FROM_NAME= Self Service Password\n - MAIL_FROM=admin@example.com\n - SMTP_DEBUG=0\n - SMTP_HOST=smtp.qiye.aliyun.com\n - SMTP_USER=admin@example.com\n - SMTP_PASS=wangfeng123\n - SMTP_PORT=465\n - SMTP_SECURE_TYPE=ssl\n - SMTP_AUTH_ON=true\n volumes:\n - .\/self-service-password\/data:\/www\/ssp\n - .\/self-service-password\/logs:\/www\/logs\n networks:\n - ldapnetworks\n restart: always\n\nnetworks:\n ldapnetworks:\n external: true\n\n<\/code><\/pre>\n\n- \n
\u767b\u5f55phpldapadmin \u7ba1\u7406\u7aef<\/p>\n<\/p>\n<\/li>\n
- \n
![\"image-20201219095023293\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201219095023293.png\")
<\/p>\n<\/li>\n
- \n
\u521b\u5efa\u4e00\u4e2auser \u5b50\u6761\u76ee\uff08\u7528\u6237\u7ec4\uff09<\/p>\n<\/li>\n<\/ul>\n
![\"image-20201219095315429\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201219095315429.png\")
<\/p>\n
![\"image-20201219095339499\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201219095339499.png\")
<\/p>\n
\n- \u521b\u5efa\u7528\u6237 \u65f6\u9009\u62e9 Generic: User Account<\/li>\n
- <\/li>\n<\/ul>\n
\n\u81ea\u52a9\u5bc6\u7801\u670d\u52a1
\n<\/h2>\n
![](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/20210407091838.png\")
<\/li>\nLdap \u96c6\u6210GItlab<\/h2>\n\nldap\u96c6\u6210gitlab\u6ce8\u610f\u4e8b\u9879\uff1a<\/p>\n
\n- \n
\u5728ldap \u521b\u5efa\u7528\u6237\u65f6\u5fc5\u987b\u6dfb\u52a0Email \u7528\u6237\u9644\u52a0\u5c5e\u6027\uff0c\u4e0d\u7136\u65e0\u6cd5\u767b\u9646gitlab<\/p>\n<\/li>\n
- \n
\u901a\u8fc7ldap \u767b\u5f55gitlab\u7684\u7528\u6237\u662f\u9ed8\u8ba4\u6743\u9650\uff0c\u9700\u8981\u7ba1\u7406\u5458\u624b\u52a8\u5206\u914d\u6743\u9650<\/p>\n<\/li>\n
- \n
LDAP\u7528\u6237\u540c\u6b65\u8fc7\u7a0b\uff1a<\/p>\n
\n- \u66f4\u65b0\u73b0\u6709\u7528\u6237\u3002<\/li>\n
- \u9996\u6b21\u767b\u5f55\u65f6\u521b\u5efa\u65b0\u7528\u6237\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/blockquote>\n
\n- \u4fee\u6539gitlab\u914d\u7f6e\u6587\u4ef6<\/li>\n<\/ul>\n
### LDAP Settings\n###! Docs: https:\/\/docs.gitlab.com\/omnibus\/settings\/ldap.html\n###! **Be careful not to break the indentation in the ldap_servers block. It is\n###! in yaml format and the spaces must be retained. Using tabs will not work.**\n\ngitlab_rails['ldap_enabled'] = true #\u542f\u7528ldap\ngitlab_rails['ldap_sync_worker_cron'] = "0 *\/12 * * *" #gitlab \u540c\u6b65ldap\u7528\u6237\u6570\u636e\n\n###! **remember to close this block with 'EOS' below**\ngitlab_rails['ldap_servers'] = YAML.load <<-'EOS'\n main: # 'main' is the GitLab 'provider ID' of this LDAP server\n label: 'LDAP' #\u767b\u5f55\u65f6\u663e\u793a\u7684\u9009\u9879\n host: '64.115.5.33' #ldap \u4e3b\u673a\n port: 389 #ldap\u7aef\u53e3\n uid: 'cn' #\u7528\u6237\u540d\u7684LDAP\u5c5e\u6027 'sAMAccountName' or 'uid' or 'userPrincipalName'\n bind_dn: 'cn=admin,dc=wangfeng,dc=com' #\u7ed1\u5b9a\u7684\u7528\u6237\u7684\u5b8c\u6574DN\u3002 \n password: 'wangfeng' #\u5bc6\u7801\n encryption: 'plain' #\u52a0\u5bc6\u65b9\u6cd5\u3002 "start_tls" or "simple_tls" or "plain"\n verify_certificates: false #\u5982\u679c\u52a0\u5bc6\u65b9\u6cd5\u662fstart_tls\u6216simple_tls\uff0c\u5219\u542f\u7528SSL\u8bc1\u4e66\u9a8c\u8bc1\u3002\u9ed8\u8ba4\u4e3atrue\u3002\n active_directory: false #\u6b64\u8bbe\u7f6e\u6307\u5b9aLDAP\u670d\u52a1\u5668\u662f\u5426\u4e3aActive Directory LDAP\u670d\u52a1\u5668\u3002\u5bf9\u4e8e\u975eAD\u670d\u52a1\u5668\uff0c\u5b83\u5c06\u8df3\u8fc7AD\u7279\u5b9a\u67e5\u8be2\u3002\u5982\u679c\u60a8\u7684LDAP\u670d\u52a1\u5668\u4e0d\u662fAD\uff0c\u8bf7\u5c06\u5176\u8bbe\u7f6e\u4e3afalse\u3002\n allow_username_or_email_login: true #\u90ae\u7bb1\u767b\u5f55\n lowercase_usernames: true #\u5982\u679c\u542f\u7528\u4e86lowercase_usernames\uff0c\u5219GitLab\u4f1a\u5c06\u540d\u79f0\u8f6c\u6362\u4e3a\u5c0f\u5199\u3002\n block_auto_created_users: false\n base: 'dc=wangfeng,dc=com' #\u6211\u4eec\u53ef\u4ee5\u5728\u5176\u4e2d\u641c\u7d22\u7528\u6237\u7684\u57fa\u7840\u3002\n user_filter: '' #\u7528\u6237\u8fc7\u6ee4\n ## EE only\n group_base: ''\n admin_group: ''\n sync_ssh_keys: false\n attributes: #gitlab \u540c\u6b65\u5c5e\u6027\n username: ['cn', 'uid', 'userid', 'sAMAccountName']\n email: ['mail', 'email', 'userPrincipalName']\n name: 'cn'\n first_name: 'givenName'\n last_name: 'sn'\n\n# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server\n# label: 'LDAP'\n# host: '_your_ldap_server'\n# port: 389\n# uid: 'sAMAccountName'\n# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'\n# password: '_the_password_of_the_bind_user'\n# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"\n# verify_certificates: true\n# smartcard_auth: false\n# active_directory: true\n# allow_username_or_email_login: false\n# lowercase_usernames: false\n# block_auto_created_users: false\n# base: ''\n# user_filter: ''\n# ## EE only\n# group_base: ''\n# admin_group: ''\n# sync_ssh_keys: false\n###\u6ce8\u610f\u6700\u4e0b\u9762\u8fd9\u4e2aEOS \u6ce8\u89e3\u53bb\u6389\u3002\nEOS\n<\/code><\/pre>\n\n- \u91cd\u542fgitlab \u767b\u5f55\u6d4b\u8bd5<\/li>\n
![\"image-20201219102021906\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201219102021906.png\")
<\/li>\n<\/ul>\nLdap \u96c6\u6210 Jenkins<\/h2>\n\u5b89\u88c5LDAP\u63d2\u4ef6<\/strong><\/h3>\n\u4f7f\u7528LDAP\u8ba4\u8bc1\u9700\u8981\u5b89\u88c5LDAP\u63d2\u4ef6\uff0c<\/p>\n
![\"image-20201221112824754\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221112824754.png\")
<\/p>\n
\u914d\u7f6eLDAP\u8ba4\u8bc1<\/strong><\/h3>\n\u767b\u5f55Jenkins --> \u7cfb\u7edf\u7ba1\u7406 --> \u5168\u5c40\u5b89\u5168\u914d\u7f6e<\/p>\n
![\"image-20201221112936762\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221112936762.png\")
<\/p>\n
\u8bbf\u95ee\u63a7\u5236\u9009\u62e9\u201cLDAP\u201d\uff0cServer\u8f93\u5165LDAP\u670d\u52a1\u5668\u5730\u5740\uff0c\u6709\u5176\u4ed6\u914d\u7f6e\u53ef\u4ee5\u70b9\u51fb\u201cAdvanced Server Configuration\u2026\u201d<\/p>\n
Server<\/strong>\uff1a\u670d\u52a1\u5668\u5730\u5740\uff0c\u53ef\u4ee5\u76f4\u63a5\u586b\u5199LDAP\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\u6216IP\uff0c\u4f8b\u5982ldap.domain.com<\/code>\uff08\u9ed8\u8ba4\u7aef\u53e3389\uff09\uff0c\u6216\u8005ldap.domain.com:1389<\/code>\uff0c\u5982\u679c\u7528\u4e86SSL\uff0c\u53ef\u4ee5\u586b\u5199ldaps:\/\/ldap.domain.com<\/code>\uff08\u9ed8\u8ba4\u7aef\u53e3636\uff09\uff0c\u6216\u8005ldaps:\/\/ldap.domain.com:1636<\/code><\/p>\n![\"image-20201221113037351\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221113037351.png\")
<\/p>\n
root DN<\/strong>\uff1a\u8fd9\u91cc\u7684root DN\u53ea\u662f\u6307\u641c\u7d22\u7684\u6839\uff0c\u5e76\u975eLDAP\u670d\u52a1\u5668\u7684root dn\u3002\u7531\u4e8eLDAP\u6570\u636e\u5e93\u7684\u6570\u636e\u7ec4\u7ec7\u7ed3\u6784\u7c7b\u4f3c\u4e00\u9897\u5927\u6811\uff0c\u800c\u641c\u7d22\u662f\u9012\u5f52\u6267\u884c\u7684\uff0c\u7406\u8bba\u4e0a\uff0c\u6211\u4eec\u5982\u679c\u4ece\u5b50\u8282\u70b9\uff08\u800c\u4e0d\u662f\u6839\u8282\u70b9\uff09\u5f00\u59cb\u641c\u7d22\uff0c\u56e0\u4e3a\u7f29\u5c0f\u4e86\u641c\u7d22\u8303\u56f4\u90a3\u4e48\u5c31\u53ef\u4ee5\u83b7\u5f97\u66f4\u9ad8\u7684\u6027\u80fd\u3002\u8fd9\u91cc\u7684root DN\u6307\u7684\u5c31\u662f\u8fd9\u4e2a\u5b50\u8282\u70b9\u7684DN\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u4e0d\u586b\uff0c\u8868\u793a\u4eceLDAP\u7684\u6839\u8282\u70b9\u5f00\u59cb\u641c\u7d22<\/p>\nUser search base<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u4e5f\u662f\u4e3a\u4e86\u7f29\u5c0fLDAP\u641c\u7d22\u7684\u8303\u56f4\uff0c\u4f8b\u5982Jenkins\u7cfb\u7edf\u53ea\u5141\u8bb8ou\u4e3aAdmin\u4e0b\u7684\u7528\u6237\u624d\u80fd\u767b\u9646\uff0c\u90a3\u4e48\u4f60\u8fd9\u91cc\u53ef\u4ee5\u586b\u5199ou=Admin<\/code>\uff0c\u8fd9\u662f\u4e00\u4e2a\u76f8\u5bf9\u7684\u503c\uff0c\u76f8\u5bf9\u4e8e\u4e0a\u8fb9\u7684root DN\uff0c\u4f8b\u5982\u4f60\u4e0a\u8fb9\u7684root DN\u586b\u5199\u7684\u662fdc=domain,dc=com<\/code>\uff0c\u90a3\u4e48user search base\u8fd9\u91cc\u586b\u5199\u4e86ou=Admin<\/code>\uff0c\u90a3\u4e48\u767b\u9646\u7528\u6237\u53bbLDAP\u641c\u7d22\u65f6\u5c31\u53ea\u4f1a\u641c\u7d22ou=Admin,dc=domain,dc=com<\/code>\u4e0b\u7684\u7528\u6237\u4e86<\/p>\nUser search filter<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5b9a\u4e49\u767b\u9646\u7684\u201c\u7528\u6237\u540d\u201d\u5bf9\u5e94LDAP\u4e2d\u7684\u54ea\u4e2a\u5b57\u6bb5\uff0c\u5982\u679c\u4f60\u60f3\u7528LDAP\u4e2d\u7684uid\u4f5c\u4e3a\u7528\u6237\u540d\u6765\u767b\u5f55\uff0c\u90a3\u4e48\u8fd9\u91cc\u53ef\u4ee5\u914d\u7f6e\u4e3auid={0}<\/code>\uff08{0}\u4f1a\u81ea\u52a8\u7684\u66ff\u6362\u4e3a\u7528\u6237\u63d0\u4ea4\u7684\u7528\u6237\u540d\uff09\uff0c\u5982\u679c\u4f60\u60f3\u7528LDAP\u4e2d\u7684mail\u4f5c\u4e3a\u7528\u6237\u540d\u6765\u767b\u5f55\uff0c\u90a3\u4e48\u8fd9\u91cc\u5c31\u9700\u8981\u6539\u4e3amail={0}<\/code>\u3002\u5728\u6d4b\u8bd5\u7684\u65f6\u5019\u5982\u679c\u63d0\u793a\u4f60user xxx does not exist<\/code>\uff0c\u800c\u4f60\u786e\u5b9a\u5bc6\u7801\u8f93\u5165\u6b63\u786e\u65f6\uff0c\u5c31\u8981\u8003\u8651\u4e0b\u8f93\u5165\u7684\u7528\u6237\u540d\u662f\u4e0d\u662f\u8fd9\u91cc\u5b9a\u4e49\u7684\u8fd9\u4e2a\u503c\u4e86<\/p>\nGroup search base<\/strong>\uff1a\u53c2\u8003\u4e0a\u8fb9User search base<\/code>\u89e3\u91ca<\/p>\nGroup search filter<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5141\u8bb8\u4f60\u5c06\u8fc7\u6ee4\u5668\u9650\u5236\u4e3a\u6240\u9700\u7684objectClass\u6765\u63d0\u9ad8\u641c\u7d22\u6027\u80fd\uff0c\u4e5f\u5c31\u662f\u8bf4\u53ef\u4ee5\u53ea\u641c\u7d22\u7528\u6237\u5c5e\u6027\u4e2d\u5305\u542b\u67d0\u4e2aobjectClass\u7684\u7528\u6237\uff0c\u8fd9\u5c31\u8981\u6c42\u4f60\u5bf9\u4f60\u7684LDAP\u8db3\u591f\u4e86\u89e3\uff0c\u4e00\u822c\u6211\u4eec\u4e5f\u4e0d\u914d\u7f6e<\/p>\nGroup membership<\/strong>\uff1a\u6ca1\u914d\u7f6e\uff0c\u6ca1\u6709\u8be6\u7ec6\u7814\u7a76<\/p>\nManager DN<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5728\u4f60\u7684LDAP\u670d\u52a1\u5668\u4e0d\u5141\u8bb8\u533f\u540d\u8bbf\u95ee\u7684\u60c5\u51b5\u4e0b\u7528\u6765\u505a\u8ba4\u8bc1\uff08\u8be6\u7ec6\u7684\u8ba4\u8bc1\u8fc7\u7a0b\u53c2\u8003\u6587\u7ae0LDAP\u843d\u5730\u5b9e\u6218\uff08\u4e8c\uff09\uff1aSVN\u96c6\u6210OpenLDAP\u8ba4\u8bc1\u4e2d\u5173\u4e8eLDAP\u670d\u52a1\u5668\u8ba4\u8bc1\u8fc7\u7a0b\u7684\u8bb2\u89e3\uff09\uff0c\u901a\u5e38DN\u4e3acn=admin,dc=domain,dc=com<\/code>\u8fd9\u6837<\/p>\nManager Password<\/strong>\uff1a\u4e0a\u8fb9\u914d\u7f6edn\u7684\u5bc6\u7801<\/p>\nDisplay Name LDAP attribute<\/strong>\uff1a\u914d\u7f6e\u7528\u6237\u7684\u663e\u793a\u540d\u79f0\uff0c\u4e00\u822c\u4e3a\u663e\u793a\u540d\u79f0\u5c31\u914d\u7f6e\u4e3auid\uff0c\u5982\u679c\u4f60\u60f3\u663e\u793a\u5176\u4ed6\u5b57\u6bb5\u5c5e\u6027\u4e5f\u53ef\u4ee5\u8fd9\u91cc\u914d\u7f6e\uff0c\u4f8b\u5982mail<\/p>\nEmail Address LDAP attribute<\/strong>\uff1a\u914d\u7f6e\u7528\u6237Email\u5bf9\u5e94\u7684\u5b57\u6bb5\u5c5e\u6027\uff0c\u4e00\u822c\u6ca1\u6709\u4fee\u6539\u8fc7\u7684\u8bdd\u90fd\u662fmail\uff0c\u9664\u975e\u4f60\u7528\u5176\u4ed6\u7684\u5b57\u6bb5\u5c5e\u6027\u6765\u6807\u8bc6\u7528\u6237\u90ae\u7bb1\uff0c\u8fd9\u91cc\u53ef\u4ee5\u914d\u7f6e<\/p>\n\u4e0b\u8fb9\u8fd8\u6709\u4e00\u4e9b\u914d\u7f6e\u5982\uff1a\u73af\u5883\u53d8\u91cfEnvironment Properties\u3001servlet\u5bb9\u5668\u4ee3\u7406\u7b49\uff0c\u5f88\u5c11\u7528\u5c31\u4e0d\u591a\u89e3\u91ca\u4e86\u3002\u6709\u4e00\u4e2a\u914d\u7f6eEnable cache<\/code>\u53ef\u80fd\u4f1a\u7528\u5f97\u5230\uff0c\u5f53\u4f60\u7684LDAP\u6570\u636e\u91cf\u5f88\u5927\u6216\u8005LDAP\u670d\u52a1\u5668\u6027\u80fd\u8f83\u5dee\u65f6\uff0c\u53ef\u4ee5\u5f00\u542f\u7f13\u5b58\uff0c\u914d\u7f6e\u7f13\u5b58\u6761\u6570\u548c\u8fc7\u671f\u65f6\u95f4\uff0c\u90a3\u4e48\u5728\u8fc7\u671f\u65f6\u95f4\u5185\u65b0\u8bf7\u6c42\u4f18\u5148\u67e5\u627e\u672c\u5730\u7f13\u5b58\u8ba4\u8bc1\uff0c\u8ba4\u8bc1\u901a\u8fc7\u5219\u4e0d\u4f1a\u53bbLDAP\u670d\u52a1\u5668\u8bf7\u6c42\uff0c\u4ee5\u51cf\u8f7bLDAP\u670d\u52a1\u5668\u7684\u538b\u529b<\/p>\n![\"image-20201221113121213\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221113121213.png\")
<\/p>\n
\u914d\u7f6e\u5b8c\u6210\u540e\u53ef\u4ee5\u70b9\u51fb\u4e0b\u65b9\u7684\u201cTest LDAP sttings\u201d\u6765\u6d4b\u8bd5\u914d\u7f6e\u7684\u51c6\u786e\u6027<\/p>\n
![\"image-20201221113145120\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201221113145120.png\")
<\/p>\n
\u540d\u8bcd\u89e3\u91ca<\/p>\n
- \n
- DC\uff1adomain component\u4e00\u822c\u4e3a\u516c\u53f8\u540d\uff0c\u4f8b\u5982\uff1adc=163,dc=com<\/li>\n
- OU\uff1aorganization unit\u4e3a\u7ec4\u7ec7\u5355\u5143\uff0c\u6700\u591a\u53ef\u4ee5\u6709\u56db\u7ea7\uff0c\u6bcf\u7ea7\u6700\u957f32\u4e2a\u5b57\u7b26\uff0c\u53ef\u4ee5\u4e3a\u4e2d\u6587<\/li>\n
- CN\uff1acommon name\u4e3a\u7528\u6237\u540d\u6216\u8005\u670d\u52a1\u5668\u540d\uff0c\u6700\u957f\u53ef\u4ee5\u523080\u4e2a\u5b57\u7b26\uff0c\u53ef\u4ee5\u4e3a\u4e2d\u6587<\/li>\n
- DN\uff1adistinguished name\u4e3a\u4e00\u6761LDAP\u8bb0\u5f55\u9879\u7684\u540d\u5b57\uff0c\u6709\u552f\u4e00\u6027\uff0c\u4f8b\u5982\uff1adc:\u201dcn=admin,ou=developer,dc=163,dc=com\u201d<\/li>\n<\/ul>\n
\u56fe\u5f62\u793a\u4f8b<\/h3>\n
\u4e0a\u8fb9\u6765\u4e86\u4e00\u5806\u7684\u540d\u8bcd\u89e3\u91ca\uff0c\u770b\u7684\u4e91\u91cc\u96fe\u91cc\uff0c\u8fd8\u4e0d\u662f\u5f88\u660e\u767d\uff0c\u600e\u4e48\u8ddf\u81ea\u5df1\u7684\u7ec4\u7ec7\u67b6\u6784\u5bf9\u5e94\u8d77\u6765\u5462\uff1f\u770b\u770b\u4e0b\u8fb9\u7684\u56fe\u662f\u4e0d\u662f\u6e05\u6670\u660e\u4e86<\/p>\n
<\/p>\n- \n
- docker \u8fd0\u884copenLDAP<\/li>\n<\/ul>\n
docker run -d --name ldap-service --hostname ldap-service -p 389:389 -p 689:689 -v \/data\/openldap\/database:\/var\/lib\/ldap -v \/data\/openldap\/config:\/etc\/ldap\/slapd.d --env LDAP_ORGANISATION="wangfeng.com" --env LDAP_DOMAIN="wangfeng.com" --env LDAP_ADMIN_PASSWORD="wangfeng" --env LDAP_TLS=false --detach osixia\/openldap:1.4.0\n\n<\/code><\/pre>\n- \n
- docker \u8fd0\u884c phpldapadmin \u7ba1\u7406\u7aef<\/li>\n<\/ul>\n
docker run --name phpldapadmin-service -p 6443:443 -p 6680:80 --hostname phpldapadmin-service --link ldap-service:wangfeng.com --env PHPLDAPADMIN_LDAP_HOSTS=wangfeng.com --env PHPLDAPADMIN_HTTPS=false --detach osixia\/phpldapadmin:0.9.0\n<\/code><\/pre>\n- docker-compose \u8fd0\u884c <\/li>\n<\/ul>\n
\nservices:\n#openladp \u670d\u52a1\n openldap:\n image: tiredofit\/openldap:7.1.14\n container_name: ldap-service\n ports:\n - 389:389\n - 636:636\n volumes:\n - .\/backup:\/data\/backup\n - .\/data:\/var\/lib\/openldap\n - .\/config:\/etc\/openldap\/slapd.d\n - .\/certs:\/certs\n environment:\n - HOSTNAME=ldap-service\n - ORGANIZATION=\u725b\u903c\u514b\u62c9\u65af\u6709\u9650\u516c\u53f8\n - LOG_LEVEL=256\n - DOMAIN=ldap.example.com\n - ADMIN_PASS=wangfeng123\n - CONFIG_PASS=wangfeng123\n - DEBUG_MODE=FALSE\n\n - ENABLE_READONLY_USER=FALSE\n - READONLY_USER_USER=reader\n - READONLY_USER_PASS=reader\n\n - ENABLE_TLS=FALSE\n - TLS_CRT_FILENAME=cert.pem\n - TLS_KEY_FILENAME=key.pem\n - TLS_ENFORCE=FALSE\n - TLS_CIPHER_SUITE=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA\n - TLS_VERIFY_CLIENT=never\n - SSL_HELPER_PREFIX=ldap\n\n - ENABLE_REPLICATION=FALSE\n - REPLICATION_CONFIG_SYNCPROV=binddn=\"cn=config\" bindmethod=simple credentials=\"admin\" searchbase=\"cn=config\" type=refreshAndPersist retry=\"5 5 60 +\" timeout=1 filter=\"(!(objectclass=olcGlobal))\"\n - REPLICATION_DB_SYNCPROV=binddn=\"cn=admin,dc=example,dc=org\" bindmethod=simple credentials=\"admin\" searchbase=\"dc=example,dc=org\" type=refreshAndPersist interval=00:00:00:10 retry=\"5 5 60 +\" timeout=1\n - REPLICATION_HOSTS=ldap:\/\/ldap1.example.com ldap:\/\/ldap2.example.com ldap:\/\/ldap3.example.com\n - REMOVE_CONFIG_AFTER_SETUP=false\n\n - ENABLE_BACKUP=TRUE\n - BACKUP_INTERVAL=0400\n - BACKUP_RETENTION=10080\n networks:\n - ldapnetworks\n restart: always\n\n# ldap \u7ba1\u7406\u7aef\n phpldapadmin:\n image: osixia\/phpldapadmin:0.9.0\n container_name: phpldapadmin-service\n ports:\n - 6680:80\n environment:\n - TZ=Asia\/Shanghai\n - PHPLDAPADMIN_HTTPS=\"false\"\n - PHPLDAPADMIN_LDAP_HOSTS=ldap-service\n networks:\n - ldapnetworks\n restart: always\n\n#ldap \u81ea\u52a8\u5bc6\u7801\u670d\u52a1\n self-service-password:\n image: 'tiredofit\/self-service-password:latest'\n container_name: 'self-service-password'\n ports:\n - '80:80'\n environment:\n - LDAP_SERVER=ldap:\/\/ldap-service:389\n - LDAP_BINDDN=cn=admin,dc=example,dc=com\n - LDAP_BINDPASS=wangfeng123\n - LDAP_BASE_SEARCH=ou=\u6280\u672f\u90e8,dc=example,dc=com\n - LDAP_LOGIN_ATTRIBUTE=cn \n - MAIL_FROM_NAME= Self Service Password\n - MAIL_FROM=admin@example.com\n - SMTP_DEBUG=0\n - SMTP_HOST=smtp.qiye.aliyun.com\n - SMTP_USER=admin@example.com\n - SMTP_PASS=wangfeng123\n - SMTP_PORT=465\n - SMTP_SECURE_TYPE=ssl\n - SMTP_AUTH_ON=true\n volumes:\n - .\/self-service-password\/data:\/www\/ssp\n - .\/self-service-password\/logs:\/www\/logs\n networks:\n - ldapnetworks\n restart: always\n\nnetworks:\n ldapnetworks:\n external: true\n\n<\/code><\/pre>\n- \n
- \n
\u767b\u5f55phpldapadmin \u7ba1\u7406\u7aef<\/p>\n<\/p>\n<\/li>\n
- \n<\/p>\n<\/li>\n
- \n
\u521b\u5efa\u4e00\u4e2auser \u5b50\u6761\u76ee\uff08\u7528\u6237\u7ec4\uff09<\/p>\n<\/li>\n<\/ul>\n
<\/p>\n<\/p>\n- \n
- \u521b\u5efa\u7528\u6237 \u65f6\u9009\u62e9 Generic: User Account<\/li>\n
- <\/li>\n<\/ul>\n
\n\u81ea\u52a9\u5bc6\u7801\u670d\u52a1
\n<\/h2>\n - <\/li>\n
Ldap \u96c6\u6210GItlab<\/h2>\n
\n
ldap\u96c6\u6210gitlab\u6ce8\u610f\u4e8b\u9879\uff1a<\/p>\n
- \n
- \n
\u5728ldap \u521b\u5efa\u7528\u6237\u65f6\u5fc5\u987b\u6dfb\u52a0Email \u7528\u6237\u9644\u52a0\u5c5e\u6027\uff0c\u4e0d\u7136\u65e0\u6cd5\u767b\u9646gitlab<\/p>\n<\/li>\n
- \n
\u901a\u8fc7ldap \u767b\u5f55gitlab\u7684\u7528\u6237\u662f\u9ed8\u8ba4\u6743\u9650\uff0c\u9700\u8981\u7ba1\u7406\u5458\u624b\u52a8\u5206\u914d\u6743\u9650<\/p>\n<\/li>\n
- \n
LDAP\u7528\u6237\u540c\u6b65\u8fc7\u7a0b\uff1a<\/p>\n
- \n
- \u66f4\u65b0\u73b0\u6709\u7528\u6237\u3002<\/li>\n
- \u9996\u6b21\u767b\u5f55\u65f6\u521b\u5efa\u65b0\u7528\u6237\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/blockquote>\n
- \n
- \u4fee\u6539gitlab\u914d\u7f6e\u6587\u4ef6<\/li>\n<\/ul>\n
### LDAP Settings\n###! Docs: https:\/\/docs.gitlab.com\/omnibus\/settings\/ldap.html\n###! **Be careful not to break the indentation in the ldap_servers block. It is\n###! in yaml format and the spaces must be retained. Using tabs will not work.**\n\ngitlab_rails['ldap_enabled'] = true #\u542f\u7528ldap\ngitlab_rails['ldap_sync_worker_cron'] = "0 *\/12 * * *" #gitlab \u540c\u6b65ldap\u7528\u6237\u6570\u636e\n\n###! **remember to close this block with 'EOS' below**\ngitlab_rails['ldap_servers'] = YAML.load <<-'EOS'\n main: # 'main' is the GitLab 'provider ID' of this LDAP server\n label: 'LDAP' #\u767b\u5f55\u65f6\u663e\u793a\u7684\u9009\u9879\n host: '64.115.5.33' #ldap \u4e3b\u673a\n port: 389 #ldap\u7aef\u53e3\n uid: 'cn' #\u7528\u6237\u540d\u7684LDAP\u5c5e\u6027 'sAMAccountName' or 'uid' or 'userPrincipalName'\n bind_dn: 'cn=admin,dc=wangfeng,dc=com' #\u7ed1\u5b9a\u7684\u7528\u6237\u7684\u5b8c\u6574DN\u3002 \n password: 'wangfeng' #\u5bc6\u7801\n encryption: 'plain' #\u52a0\u5bc6\u65b9\u6cd5\u3002 "start_tls" or "simple_tls" or "plain"\n verify_certificates: false #\u5982\u679c\u52a0\u5bc6\u65b9\u6cd5\u662fstart_tls\u6216simple_tls\uff0c\u5219\u542f\u7528SSL\u8bc1\u4e66\u9a8c\u8bc1\u3002\u9ed8\u8ba4\u4e3atrue\u3002\n active_directory: false #\u6b64\u8bbe\u7f6e\u6307\u5b9aLDAP\u670d\u52a1\u5668\u662f\u5426\u4e3aActive Directory LDAP\u670d\u52a1\u5668\u3002\u5bf9\u4e8e\u975eAD\u670d\u52a1\u5668\uff0c\u5b83\u5c06\u8df3\u8fc7AD\u7279\u5b9a\u67e5\u8be2\u3002\u5982\u679c\u60a8\u7684LDAP\u670d\u52a1\u5668\u4e0d\u662fAD\uff0c\u8bf7\u5c06\u5176\u8bbe\u7f6e\u4e3afalse\u3002\n allow_username_or_email_login: true #\u90ae\u7bb1\u767b\u5f55\n lowercase_usernames: true #\u5982\u679c\u542f\u7528\u4e86lowercase_usernames\uff0c\u5219GitLab\u4f1a\u5c06\u540d\u79f0\u8f6c\u6362\u4e3a\u5c0f\u5199\u3002\n block_auto_created_users: false\n base: 'dc=wangfeng,dc=com' #\u6211\u4eec\u53ef\u4ee5\u5728\u5176\u4e2d\u641c\u7d22\u7528\u6237\u7684\u57fa\u7840\u3002\n user_filter: '' #\u7528\u6237\u8fc7\u6ee4\n ## EE only\n group_base: ''\n admin_group: ''\n sync_ssh_keys: false\n attributes: #gitlab \u540c\u6b65\u5c5e\u6027\n username: ['cn', 'uid', 'userid', 'sAMAccountName']\n email: ['mail', 'email', 'userPrincipalName']\n name: 'cn'\n first_name: 'givenName'\n last_name: 'sn'\n\n# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server\n# label: 'LDAP'\n# host: '_your_ldap_server'\n# port: 389\n# uid: 'sAMAccountName'\n# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'\n# password: '_the_password_of_the_bind_user'\n# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"\n# verify_certificates: true\n# smartcard_auth: false\n# active_directory: true\n# allow_username_or_email_login: false\n# lowercase_usernames: false\n# block_auto_created_users: false\n# base: ''\n# user_filter: ''\n# ## EE only\n# group_base: ''\n# admin_group: ''\n# sync_ssh_keys: false\n###\u6ce8\u610f\u6700\u4e0b\u9762\u8fd9\u4e2aEOS \u6ce8\u89e3\u53bb\u6389\u3002\nEOS\n<\/code><\/pre>\n- \n
- \u91cd\u542fgitlab \u767b\u5f55\u6d4b\u8bd5<\/li>\n
- <\/li>\n<\/ul>\n
Ldap \u96c6\u6210 Jenkins<\/h2>\n
\u5b89\u88c5LDAP\u63d2\u4ef6<\/strong><\/h3>\n
\u4f7f\u7528LDAP\u8ba4\u8bc1\u9700\u8981\u5b89\u88c5LDAP\u63d2\u4ef6\uff0c<\/p>\n
<\/p>\n\u914d\u7f6eLDAP\u8ba4\u8bc1<\/strong><\/h3>\n
\u767b\u5f55Jenkins --> \u7cfb\u7edf\u7ba1\u7406 --> \u5168\u5c40\u5b89\u5168\u914d\u7f6e<\/p>\n
<\/p>\n\u8bbf\u95ee\u63a7\u5236\u9009\u62e9\u201cLDAP\u201d\uff0cServer\u8f93\u5165LDAP\u670d\u52a1\u5668\u5730\u5740\uff0c\u6709\u5176\u4ed6\u914d\u7f6e\u53ef\u4ee5\u70b9\u51fb\u201cAdvanced Server Configuration\u2026\u201d<\/p>\n
Server<\/strong>\uff1a\u670d\u52a1\u5668\u5730\u5740\uff0c\u53ef\u4ee5\u76f4\u63a5\u586b\u5199LDAP\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\u6216IP\uff0c\u4f8b\u5982
ldap.domain.com<\/code>\uff08\u9ed8\u8ba4\u7aef\u53e3389\uff09\uff0c\u6216\u8005ldap.domain.com:1389<\/code>\uff0c\u5982\u679c\u7528\u4e86SSL\uff0c\u53ef\u4ee5\u586b\u5199ldaps:\/\/ldap.domain.com<\/code>\uff08\u9ed8\u8ba4\u7aef\u53e3636\uff09\uff0c\u6216\u8005ldaps:\/\/ldap.domain.com:1636<\/code><\/p>\n<\/p>\nroot DN<\/strong>\uff1a\u8fd9\u91cc\u7684root DN\u53ea\u662f\u6307\u641c\u7d22\u7684\u6839\uff0c\u5e76\u975eLDAP\u670d\u52a1\u5668\u7684root dn\u3002\u7531\u4e8eLDAP\u6570\u636e\u5e93\u7684\u6570\u636e\u7ec4\u7ec7\u7ed3\u6784\u7c7b\u4f3c\u4e00\u9897\u5927\u6811\uff0c\u800c\u641c\u7d22\u662f\u9012\u5f52\u6267\u884c\u7684\uff0c\u7406\u8bba\u4e0a\uff0c\u6211\u4eec\u5982\u679c\u4ece\u5b50\u8282\u70b9\uff08\u800c\u4e0d\u662f\u6839\u8282\u70b9\uff09\u5f00\u59cb\u641c\u7d22\uff0c\u56e0\u4e3a\u7f29\u5c0f\u4e86\u641c\u7d22\u8303\u56f4\u90a3\u4e48\u5c31\u53ef\u4ee5\u83b7\u5f97\u66f4\u9ad8\u7684\u6027\u80fd\u3002\u8fd9\u91cc\u7684root DN\u6307\u7684\u5c31\u662f\u8fd9\u4e2a\u5b50\u8282\u70b9\u7684DN\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u4e0d\u586b\uff0c\u8868\u793a\u4eceLDAP\u7684\u6839\u8282\u70b9\u5f00\u59cb\u641c\u7d22<\/p>\n
User search base<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u4e5f\u662f\u4e3a\u4e86\u7f29\u5c0fLDAP\u641c\u7d22\u7684\u8303\u56f4\uff0c\u4f8b\u5982Jenkins\u7cfb\u7edf\u53ea\u5141\u8bb8ou\u4e3aAdmin\u4e0b\u7684\u7528\u6237\u624d\u80fd\u767b\u9646\uff0c\u90a3\u4e48\u4f60\u8fd9\u91cc\u53ef\u4ee5\u586b\u5199
ou=Admin<\/code>\uff0c\u8fd9\u662f\u4e00\u4e2a\u76f8\u5bf9\u7684\u503c\uff0c\u76f8\u5bf9\u4e8e\u4e0a\u8fb9\u7684root DN\uff0c\u4f8b\u5982\u4f60\u4e0a\u8fb9\u7684root DN\u586b\u5199\u7684\u662fdc=domain,dc=com<\/code>\uff0c\u90a3\u4e48user search base\u8fd9\u91cc\u586b\u5199\u4e86ou=Admin<\/code>\uff0c\u90a3\u4e48\u767b\u9646\u7528\u6237\u53bbLDAP\u641c\u7d22\u65f6\u5c31\u53ea\u4f1a\u641c\u7d22ou=Admin,dc=domain,dc=com<\/code>\u4e0b\u7684\u7528\u6237\u4e86<\/p>\nUser search filter<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5b9a\u4e49\u767b\u9646\u7684\u201c\u7528\u6237\u540d\u201d\u5bf9\u5e94LDAP\u4e2d\u7684\u54ea\u4e2a\u5b57\u6bb5\uff0c\u5982\u679c\u4f60\u60f3\u7528LDAP\u4e2d\u7684uid\u4f5c\u4e3a\u7528\u6237\u540d\u6765\u767b\u5f55\uff0c\u90a3\u4e48\u8fd9\u91cc\u53ef\u4ee5\u914d\u7f6e\u4e3a
uid={0}<\/code>\uff08{0}\u4f1a\u81ea\u52a8\u7684\u66ff\u6362\u4e3a\u7528\u6237\u63d0\u4ea4\u7684\u7528\u6237\u540d\uff09\uff0c\u5982\u679c\u4f60\u60f3\u7528LDAP\u4e2d\u7684mail\u4f5c\u4e3a\u7528\u6237\u540d\u6765\u767b\u5f55\uff0c\u90a3\u4e48\u8fd9\u91cc\u5c31\u9700\u8981\u6539\u4e3amail={0}<\/code>\u3002\u5728\u6d4b\u8bd5\u7684\u65f6\u5019\u5982\u679c\u63d0\u793a\u4f60user xxx does not exist<\/code>\uff0c\u800c\u4f60\u786e\u5b9a\u5bc6\u7801\u8f93\u5165\u6b63\u786e\u65f6\uff0c\u5c31\u8981\u8003\u8651\u4e0b\u8f93\u5165\u7684\u7528\u6237\u540d\u662f\u4e0d\u662f\u8fd9\u91cc\u5b9a\u4e49\u7684\u8fd9\u4e2a\u503c\u4e86<\/p>\nGroup search base<\/strong>\uff1a\u53c2\u8003\u4e0a\u8fb9
User search base<\/code>\u89e3\u91ca<\/p>\nGroup search filter<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5141\u8bb8\u4f60\u5c06\u8fc7\u6ee4\u5668\u9650\u5236\u4e3a\u6240\u9700\u7684objectClass\u6765\u63d0\u9ad8\u641c\u7d22\u6027\u80fd\uff0c\u4e5f\u5c31\u662f\u8bf4\u53ef\u4ee5\u53ea\u641c\u7d22\u7528\u6237\u5c5e\u6027\u4e2d\u5305\u542b\u67d0\u4e2aobjectClass\u7684\u7528\u6237\uff0c\u8fd9\u5c31\u8981\u6c42\u4f60\u5bf9\u4f60\u7684LDAP\u8db3\u591f\u4e86\u89e3\uff0c\u4e00\u822c\u6211\u4eec\u4e5f\u4e0d\u914d\u7f6e<\/p>\n
Group membership<\/strong>\uff1a\u6ca1\u914d\u7f6e\uff0c\u6ca1\u6709\u8be6\u7ec6\u7814\u7a76<\/p>\n
Manager DN<\/strong>\uff1a\u8fd9\u4e2a\u914d\u7f6e\u5728\u4f60\u7684LDAP\u670d\u52a1\u5668\u4e0d\u5141\u8bb8\u533f\u540d\u8bbf\u95ee\u7684\u60c5\u51b5\u4e0b\u7528\u6765\u505a\u8ba4\u8bc1\uff08\u8be6\u7ec6\u7684\u8ba4\u8bc1\u8fc7\u7a0b\u53c2\u8003\u6587\u7ae0LDAP\u843d\u5730\u5b9e\u6218\uff08\u4e8c\uff09\uff1aSVN\u96c6\u6210OpenLDAP\u8ba4\u8bc1\u4e2d\u5173\u4e8eLDAP\u670d\u52a1\u5668\u8ba4\u8bc1\u8fc7\u7a0b\u7684\u8bb2\u89e3\uff09\uff0c\u901a\u5e38DN\u4e3a
cn=admin,dc=domain,dc=com<\/code>\u8fd9\u6837<\/p>\nManager Password<\/strong>\uff1a\u4e0a\u8fb9\u914d\u7f6edn\u7684\u5bc6\u7801<\/p>\n
Display Name LDAP attribute<\/strong>\uff1a\u914d\u7f6e\u7528\u6237\u7684\u663e\u793a\u540d\u79f0\uff0c\u4e00\u822c\u4e3a\u663e\u793a\u540d\u79f0\u5c31\u914d\u7f6e\u4e3auid\uff0c\u5982\u679c\u4f60\u60f3\u663e\u793a\u5176\u4ed6\u5b57\u6bb5\u5c5e\u6027\u4e5f\u53ef\u4ee5\u8fd9\u91cc\u914d\u7f6e\uff0c\u4f8b\u5982mail<\/p>\n
Email Address LDAP attribute<\/strong>\uff1a\u914d\u7f6e\u7528\u6237Email\u5bf9\u5e94\u7684\u5b57\u6bb5\u5c5e\u6027\uff0c\u4e00\u822c\u6ca1\u6709\u4fee\u6539\u8fc7\u7684\u8bdd\u90fd\u662fmail\uff0c\u9664\u975e\u4f60\u7528\u5176\u4ed6\u7684\u5b57\u6bb5\u5c5e\u6027\u6765\u6807\u8bc6\u7528\u6237\u90ae\u7bb1\uff0c\u8fd9\u91cc\u53ef\u4ee5\u914d\u7f6e<\/p>\n
\u4e0b\u8fb9\u8fd8\u6709\u4e00\u4e9b\u914d\u7f6e\u5982\uff1a\u73af\u5883\u53d8\u91cfEnvironment Properties\u3001servlet\u5bb9\u5668\u4ee3\u7406\u7b49\uff0c\u5f88\u5c11\u7528\u5c31\u4e0d\u591a\u89e3\u91ca\u4e86\u3002\u6709\u4e00\u4e2a\u914d\u7f6e
Enable cache<\/code>\u53ef\u80fd\u4f1a\u7528\u5f97\u5230\uff0c\u5f53\u4f60\u7684LDAP\u6570\u636e\u91cf\u5f88\u5927\u6216\u8005LDAP\u670d\u52a1\u5668\u6027\u80fd\u8f83\u5dee\u65f6\uff0c\u53ef\u4ee5\u5f00\u542f\u7f13\u5b58\uff0c\u914d\u7f6e\u7f13\u5b58\u6761\u6570\u548c\u8fc7\u671f\u65f6\u95f4\uff0c\u90a3\u4e48\u5728\u8fc7\u671f\u65f6\u95f4\u5185\u65b0\u8bf7\u6c42\u4f18\u5148\u67e5\u627e\u672c\u5730\u7f13\u5b58\u8ba4\u8bc1\uff0c\u8ba4\u8bc1\u901a\u8fc7\u5219\u4e0d\u4f1a\u53bbLDAP\u670d\u52a1\u5668\u8bf7\u6c42\uff0c\u4ee5\u51cf\u8f7bLDAP\u670d\u52a1\u5668\u7684\u538b\u529b<\/p>\n<\/p>\n\u914d\u7f6e\u5b8c\u6210\u540e\u53ef\u4ee5\u70b9\u51fb\u4e0b\u65b9\u7684\u201cTest LDAP sttings\u201d\u6765\u6d4b\u8bd5\u914d\u7f6e\u7684\u51c6\u786e\u6027<\/p>\n
<\/p>\n
- \u4fee\u6539gitlab\u914d\u7f6e\u6587\u4ef6<\/li>\n<\/ul>\n
- \n
- docker-compose \u8fd0\u884c <\/li>\n<\/ul>\n
- docker \u8fd0\u884c phpldapadmin \u7ba1\u7406\u7aef<\/li>\n<\/ul>\n
- docker \u8fd0\u884copenLDAP<\/li>\n<\/ul>\n
![\"image-20201223114142302\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223114142302.png\")
<\/p>\n![\"image-20201223114307947\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223114307947.png\")
<\/p>\n![\"image-20201223114406789\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223114406789.png\")
<\/h3>\n![\"image-20201223133948011\"](\"https:\/\/image-1301591444.cos.ap-beijing.myqcloud.com\/image-20201223133948011.png\")
<\/p>\n