LDAP自助密码服务平台
2022-12-08 本文已影响0人
Habit_1027
一、编写docker-compose.yml文件
[root@localhost ldap]# more docker-compose.yml
version: "3"
services:
self-service-password:
container_name: self-service-password
image: tiredofit/self-service-password:latest
restart: always
ports:
- 8389:80
environment:
- LDAP_SERVER=ldap://192.168.245.230:389
- LDAP_BINDDN=cn=admin,dc=tjyyldap,dc=cn
- LDAP_BINDPASS=Tjyy@1011
- LDAP_BASE_SEARCH=ou=People,dc=tjyyldap,dc=cn
- MAIL_FROM=ldap@tjh.zhangsan.edu.cn
- MAIL_FROM_NAME=账号自助服务平台
- SMTP_DEBUG=0
- SMTP_HOST=smtp.tjh.zhangsan.edu.cn
- SMTP_USER=ldap@tjh.zhangsan.edu.cn
- SMTP_PASS=Tj12345#
- SMTP_PORT=465
- SMTP_SECURE_TYPE=ssl
- SMTP_AUTH_ON=true
- NOTIFY_ON_CHANGE=true
volumes:
- /etc/localtime:/etc/localtime
- /data/openldap/self-service-password/htdocs/:/www/ssp/
- /data/openldap/self-service-password/logs:/www/logs
deploy:
resources:
limits:
memory: 2G
reservations:
memory: 512M
[root@localhost ldap]#
将php及配置都映射到持久化卷上,这里是/data/openldap/self-service-password/htdocs
- /data/openldap/self-service-password/htdocs/:/www/ssp/ - /data/openldap/self-service-password/logs:/www/logs
[root@localhost htdocs]# pwd
/data/openldap/self-service-password/htdocs
[root@localhost htdocs]# ls
conf fonts images js lib menu.php pages scripts
css github-issues-to-changelog.pl index.php lang LICENCE packaging README.md tests
[root@localhost htdocs]#
#配置文件在conf目录下
[root@localhost conf]# pwd
/data/openldap/self-service-password/htdocs/conf
[root@localhost conf]# ls
config.inc.php
[root@localhost conf]#
二、在LDAP服务器上修改ldap的条目
文件添加ACL 信息
[root@ldap ldap]# more updatepass.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to attrs=userPassword
by self =xw
by anonymous auth
by * none
olcAccess: to *
by self write
by users read
by * none
[root@ldap ldap]# ldapmodify -Y EXTERNAL -H ldapi:/// -f updatepass.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
三、启动与停止self-service-password服务
[root@localhost ldap]# docker-compose up -d
[root@localhost ldap]# docker-compose down
四、效果展示
image.png
479397fe9563b790b2ffc9a06794214.png
