yml创建ldap-mysql
1.编写yml
创建 compose.ymlvim one_dir/compose.yml
填入以下内容version: '2'
services:
db:
image: mysql:latest
volumes:
- "./.data/db:/var/lib/mysql"
- "./conf/mysql:/etc/mysql/conf.d"
restart: always
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: ldap
MYSQL_DATABASE: ldap
MYSQL_USER: vives
MYSQL_PASSWORD: ldap
ldap-client:
image: osixia/phpldapadmin:latest
hostname: vivesdata
domainname: ldap.vives.be
depends_on:
- db
- ldap
links:
- db
- ldap:ldap.vives.be
ports:
- 6443:443
restart: always
environment:
LDAP_DB_HOST: db:3306
LDAP_DB_PASSWORD: ldap
LDAP_DB_USER: vives
LDAP_DB_NAME: ldap
PHPLDAPADMIN_LDAP_HOSTS: ldap.vives.be
PHPLDAPADMIN_LDAP_CLIENT_TLS: "false"
ldap:
depends_on:
- db
image: osixia/openldap:latest
hostname: vivesdata
domainname: ldap.vives.be
ports:
- "389:389"
volumes:
- "./.data/var/lib/ldap:/var/lib/ldap"
- "./.data/etc/ldap/slapd.d:/etc/ldap/slapd.d"
links:
- db
restart: always
environment:
LDAP_DB_HOST: db:3306
LDAP_DB_PASSWORD: ldap
LDAP_DB_USER: vives
LDAP_DB_NAME: ldap
LDAP_ORGANISATION: Vives
LDAP_DOMAIN: ldap.vives.be
LDAP_ADMIN_PASSWORD: ldap
LDAP_TLS: "false"
ldapbackup:
depends_on:
- db
- ldap
image: osixia/openldap-backup:latest
hostname: vivesdata
domainname: ldap.vives.be
#volumes:
# - "./.data/openldap/backup:/data/backup"
# - "./.data/etc/ldap/slapd.d:/etc/ldap/slapd.d"
links:
- db
- ldap:ldap.vives.be
restart: always
environment:
LDAP_DB_HOST: db:3306
LDAP_DB_PASSWORD: ldap
LDAP_DB_USER: vives
LDAP_DB_NAME: ldap
LDAP_ORGANISATION: Vives
LDAP_DOMAIN: ldap.vives.be
LDAP_ADMIN_PASSWORD: ldap
LDAP_BACKUP_CONFIG_CRON_EXP: "0 5 * * *"
LDAP_BACKUP_DATA_CRON_EXP: "0 5 * * *"
2.运行
进入刚刚创建的文件的路径下
cd one_dir/ |
运行一下命令创建环境docker-compose up
如果报错,可以看看是不是没有权限的错误,如果是则加sudo运行
进入 ldap container:docker-compose exec ldap /bin/bash
运行示例ldapsearch -x -h localhost -b dc=ldap,dc=vives,dc=be -D "cn=admin,dc=ldap,dc=vives,dc=be" -w ldap
以下为输出示例# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
[...]
# numResponses: 3
# numEntries: 2
PhpLdapAdmin in webbrowser openen op host:https://localhost:6443
login: cn=admin,dc=ldap,dc=vives,dc=be psw: ldap
允许远程mysql连接
2.进入mysql容器
两种方式,普通进入方式,my_db为创建的Mysql的容器名字,可通过 docker ps 查看docker exec -it my_db /bin/bash
docker-compose方式进入docker-compose exec db /bin/bash
2.进入mysql
mysql -uroot -p |
2.修改权限
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456'; ### 123456 mysql的登录密码 |
dokerfile 创建ldap-mysql
1.拉取镜像
sudo docker pull ubuntu:18.04 |
2.下载ODBC驱动
https://dev.mysql.com/downloads/connector/odbc/ |
需要下载ubuntu18.04对应的版本,比如8.0.19.tar.gz x86_64
3.写ODBC配置文件
vim odbcinst.ini |
内容为[MySQL]
Description = MySQL driver
Driver = /usr/local/lib/libmyodbc8a.so
Setup = /usr/local/lib/libmyodbc8S.so
vim odbc.ini |
内容为[my_db]
Driver = MySQL
Description = MySQL
Server = my_db
Port = 3306
User = root
Password = secret
Database = testdb
4.写openldap配置文件
vim slapd_my.conf |
内容为# $OpenLDAP$
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
#######################################################################
# sql database definitions
#######################################################################
database sql
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
rootpw secret
dbname my_db
dbuser admin
dbpasswd secret
#insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
has_ldapinfo_dn_ru no
5.编写dockerfile
vim Dockerfile |
内容为FROM ubuntu:18.04
EXPOSE 389
ADD ["mysql-connector-odbc-8.0.19-linux-ubuntu18.04-x86-64bit.tar.gz", "/"]
RUN apt-get update && \
apt-get install -y unixodbc && \
cp -r /mysql-connector-odbc-8.0.19-linux-ubuntu18.04-x86-64bit/lib/* /usr/local/lib/ && \
apt-get install -y unixodbc-dev curl make groff-base unzip && \
curl -L ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.44.tgz | \
tar xzf - && \
cd openldap-2.4.44 && \
export CFLAGS='-O2 -mtune=sandybridge -pipe -s' && \
./configure --enable-modules --enable-sql --enable-bdb=no --enable-hdb=no --enable-memberof --enable-dyngroup --enable-ppolicy && \
make depend && \
make -j && \
make install && \
cd contrib/slapd-modules/passwd && \
curl -LO https://github.com/wclarie/openldap-bcrypt/archive/master.zip && \
unzip master.zip && \
cd openldap-bcrypt-master && \
make && \
make install && \
cd / && \
rm -r /openldap-2.4.44 && \
apt-get remove -y --purge unixodbc-dev curl make groff-base unzip && \
apt-get autoremove -y --purge && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
ADD ["odbc.ini", "/etc/"]
ADD ["odbcinst.ini", "/etc/"]
ADD ["slapd_my.conf", "/usr/local/etc/openldap/"]
CMD ["/usr/local/libexec/slapd", "-f", "/usr/local/etc/openldap/slapd_my.conf", "-d", "257"]
6.测试ODBC驱动是否正常(可选)
isql -v my_db //my_db 为database |
5.自动化脚本
#!/bin/sh |