lldap (ldap) installation and docking with Jenkins and gitlab

introduce

lldap is a lightweight authentication server that provides a simplified LDAP interface for authentication. For more information, please refer to: openLdap

install lldap

version: "3.7"
services:
  lldap:
    image: nitnelave/lldap:latest
    container_name: lldap
    ports:
      # For LDAP
      - "3890:3890"
      # For the web front-end
      - "17170:17170"
    volumes:
      - "./lldap_data:/data"
      # Alternatively, you can mount a local folder
      # - "./lldap_data:/data"
    environment:
      - UID=1001
      - GID=1001
      - TZ=Asia/Shanghai
      # jwt
      - LLDAP_JWT_SECRET=dDVuWtnaSeWt974j
      - LLDAP_LDAP_USER_PASS=admin123  # 登录密码
      # 以域名test.com为例：  dc=test,db=com
      - LLDAP_LDAP_BASE_DN=dc=test,db=com
    networks:
      application:
        aliases:
          - lldap
      
networks:
  application:
    name: commons
    driver: bridge

lldap web

Access address http://192.168.0.1:17170

lldap user list

lldap create user

lldap personal information, you can change the password

Docking with Jenkins

1. Install the ldap plugin (Jenkins LDAP Plugin)

1. Use of Jenkins ldap

Docking with gitlab

	version: '3.7'
services:
  gitlab:
    image: 'gitlab/gitlab-ce:latest'

    hostname: 'gitlab.test.com'
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.test.com'
        gitlab_rails['time_zone'] = 'Asia/Shanghai'
        nginx['listen_port'] = 443
        nginx['redirect_http_to_https'] = true
        nginx['ssl_certificate'] = "/etc/ssl/certs/gitlab/9295742__test.com.pem"
        nginx['ssl_certificate_key'] = "/etc/ssl/certs/gitlab/9295742__test.com.key"
        nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2 TLSv1.3"
        # Add any other gitlab.rb configuration options if desired
        # start ldap
        gitlab_rails['ldap_enabled'] = true
        gitlab_rails['ldap_servers'] = {
          'main' => {
            'label' => 'GitLab LDAP',
            'host' =>  '192.168.0.1',
            'port' => 3890,
            'uid' => 'uid',
            'bind_dn' => 'uid=admin,ou=people,dc=test,dc=com',
            'password' => 'admin123',
            'timeout' => 10,
            'active_directory' => false,
            'allow_username_or_email_login' => false,
            'block_auto_created_users' => false,
            'encryption' => 'plain',
            'base' => 'dc=test,dc=com',
            'user_filter' => ''
          }
        }
    ports:
      - '443:443'
      - '222:22'
    volumes:
      - './data/gitlab/config:/etc/gitlab'
      - './data/gitlab/logs:/var/log/gitlab'
      - './data/gitlab/data:/var/opt/gitlab'
      - './data/ssl:/etc/ssl/certs/gitlab:rw'
    shm_size: '256m'
    privileged: true
    user: root
    restart: always
    networks:
      application:
        aliases:
          - jenkins
  gitlab-runner:
    image: gitlab/gitlab-runner:latest
    container_name: gitlab-runner
    privileged: true
    user: root
    restart: always
    volumes:
      - './data/runner/config:/etc/gitlab-runner'
      - /var/run/docker.sock:/var/run/docker.sock
      - /bin/docker:/bin/docker

    depends_on:
      - gitlab
    extra_hosts:
      - "gitlab.test.com:192.168.0.1"
    networks:
      application:
        aliases:
          - gitlab-runner


networks:
  application:
    name: commons
    driver: bridge

Specifically as shown below

java code test

package com.xxx.ldap;

import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.Context;
import javax.naming.directory.Attributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.util.Hashtable;

public class LdapContextTest {
    
    


    public void test(){
    
    
        try {
    
    
            LdapContext ldapConnection = getLDAPConnection();
            Attributes people = ldapConnection.getAttributes("uid=hankeqi,ou=people,dc=bjingling,dc=com");
            System.out.println(people);
        }catch (Exception e){
    
    
            String message = e.getMessage();
            //[LDAP: error code 49 - Invalid Credentials]
            e.printStackTrace();

        }
    }


    /**
     * 获取默认LDAP连接     * Exception 则登录失败，ctx不为空则登录成功
     *
     * @return void
     */
    public static LdapContext getLDAPConnection() throws AuthenticationException, CommunicationException, Exception {
    
    

        //LDAP 连接地址 ldap://IP:PORT (default port 389)
        String LDAP_URL = "ldap://192.168.0.1:3890";

        //LDAP SSL连接地址 ldaps://IP:PORT (default port 636)
        //(这个用起来比较麻烦，目前知道管理员改密码必须使用SSL)
        String LDAP_SSL_URL = "";

        //用户名
        String userAccount = "admin";
        //用户密码
        String userPassword = "admin123";


        // 方式1
        //  基于姓名（cn）,此cn为Display Name,部门有同名就麻烦了
        //userAccount = "cn=xxx,OU=xxx,DC=xxx,DC=com";

        // 方式2
        // 基于Account User Logon name:
        //  userAccount = "[email protected]";

        // 方式3
        // 基于Account User Logon name(pre-windows 2000):
        // userAccount = "domain\\xxx"

        // 基于登录名（uid （User ID）与 unix 的 uid 完全不同）（请注意objectSID,此处尝试失败）
        //uid=zhangsan,ou=users,
        userAccount = "uid=admin,ou=people,dc=test,dc=com";

        userPassword = "admin123";
        Hashtable<String, String> HashEnv = new Hashtable<String, String>();
        HashEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); // LDAP访问安全级别(none,simple,strong)
        HashEnv.put(Context.SECURITY_PRINCIPAL, userAccount); //AD的用户名
        HashEnv.put(Context.SECURITY_CREDENTIALS, userPassword); //AD的密码
        HashEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // LDAP工厂类
        HashEnv.put("com.sun.jndi.ldap.connect.timeout", "3000");//连接超时设置为3秒
        HashEnv.put("com.sun.jndi.ldap.read.timeout", "30000");//连接超时设置为30秒
        HashEnv.put(Context.PROVIDER_URL, LDAP_URL);
        return new InitialLdapContext(HashEnv, null);
    }
}