introduce
lldap is a lightweight authentication server that provides a simplified LDAP interface for authentication. For more information, please refer to: openLdap
install lldap
version: "3.7"
services:
lldap:
image: nitnelave/lldap:latest
container_name: lldap
ports:
# For LDAP
- "3890:3890"
# For the web front-end
- "17170:17170"
volumes:
- "./lldap_data:/data"
# Alternatively, you can mount a local folder
# - "./lldap_data:/data"
environment:
- UID=1001
- GID=1001
- TZ=Asia/Shanghai
# jwt
- LLDAP_JWT_SECRET=dDVuWtnaSeWt974j
- LLDAP_LDAP_USER_PASS=admin123 # 登录密码
# 以域名test.com为例: dc=test,db=com
- LLDAP_LDAP_BASE_DN=dc=test,db=com
networks:
application:
aliases:
- lldap
networks:
application:
name: commons
driver: bridge
lldap web
Access address http://192.168.0.1:17170
lldap user list
lldap create user
lldap personal information, you can change the password
Docking with Jenkins
1. Install the ldap plugin (Jenkins LDAP Plugin)
1. Use of Jenkins ldap
Docking with gitlab
version: '3.7'
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
hostname: 'gitlab.test.com'
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.test.com'
gitlab_rails['time_zone'] = 'Asia/Shanghai'
nginx['listen_port'] = 443
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/ssl/certs/gitlab/9295742__test.com.pem"
nginx['ssl_certificate_key'] = "/etc/ssl/certs/gitlab/9295742__test.com.key"
nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2 TLSv1.3"
# Add any other gitlab.rb configuration options if desired
# start ldap
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = {
'main' => {
'label' => 'GitLab LDAP',
'host' => '192.168.0.1',
'port' => 3890,
'uid' => 'uid',
'bind_dn' => 'uid=admin,ou=people,dc=test,dc=com',
'password' => 'admin123',
'timeout' => 10,
'active_directory' => false,
'allow_username_or_email_login' => false,
'block_auto_created_users' => false,
'encryption' => 'plain',
'base' => 'dc=test,dc=com',
'user_filter' => ''
}
}
ports:
- '443:443'
- '222:22'
volumes:
- './data/gitlab/config:/etc/gitlab'
- './data/gitlab/logs:/var/log/gitlab'
- './data/gitlab/data:/var/opt/gitlab'
- './data/ssl:/etc/ssl/certs/gitlab:rw'
shm_size: '256m'
privileged: true
user: root
restart: always
networks:
application:
aliases:
- jenkins
gitlab-runner:
image: gitlab/gitlab-runner:latest
container_name: gitlab-runner
privileged: true
user: root
restart: always
volumes:
- './data/runner/config:/etc/gitlab-runner'
- /var/run/docker.sock:/var/run/docker.sock
- /bin/docker:/bin/docker
depends_on:
- gitlab
extra_hosts:
- "gitlab.test.com:192.168.0.1"
networks:
application:
aliases:
- gitlab-runner
networks:
application:
name: commons
driver: bridge
Specifically as shown below
java code test
package com.xxx.ldap;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.Context;
import javax.naming.directory.Attributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.util.Hashtable;
public class LdapContextTest {
public void test(){
try {
LdapContext ldapConnection = getLDAPConnection();
Attributes people = ldapConnection.getAttributes("uid=hankeqi,ou=people,dc=bjingling,dc=com");
System.out.println(people);
}catch (Exception e){
String message = e.getMessage();
//[LDAP: error code 49 - Invalid Credentials]
e.printStackTrace();
}
}
/**
* 获取默认LDAP连接 * Exception 则登录失败,ctx不为空则登录成功
*
* @return void
*/
public static LdapContext getLDAPConnection() throws AuthenticationException, CommunicationException, Exception {
//LDAP 连接地址 ldap://IP:PORT (default port 389)
String LDAP_URL = "ldap://192.168.0.1:3890";
//LDAP SSL连接地址 ldaps://IP:PORT (default port 636)
//(这个用起来比较麻烦,目前知道管理员改密码必须使用SSL)
String LDAP_SSL_URL = "";
//用户名
String userAccount = "admin";
//用户密码
String userPassword = "admin123";
// 方式1
// 基于姓名(cn),此cn为Display Name,部门有同名就麻烦了
//userAccount = "cn=xxx,OU=xxx,DC=xxx,DC=com";
// 方式2
// 基于Account User Logon name:
// userAccount = "[email protected]";
// 方式3
// 基于Account User Logon name(pre-windows 2000):
// userAccount = "domain\\xxx"
// 基于登录名(uid (User ID)与 unix 的 uid 完全不同)(请注意objectSID,此处尝试失败)
//uid=zhangsan,ou=users,
userAccount = "uid=admin,ou=people,dc=test,dc=com";
userPassword = "admin123";
Hashtable<String, String> HashEnv = new Hashtable<String, String>();
HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); // LDAP访问安全级别(none,simple,strong)
HashEnv.put(Context.SECURITY_PRINCIPAL, userAccount); //AD的用户名
HashEnv.put(Context.SECURITY_CREDENTIALS, userPassword); //AD的密码
HashEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // LDAP工厂类
HashEnv.put("com.sun.jndi.ldap.connect.timeout", "3000");//连接超时设置为3秒
HashEnv.put("com.sun.jndi.ldap.read.timeout", "30000");//连接超时设置为30秒
HashEnv.put(Context.PROVIDER_URL, LDAP_URL);
return new InitialLdapContext(HashEnv, null);
}
}