LDAP服务搭建(使用Docker)
发布于 2017-03-15 · 本文总共 3993 字 · 阅读大约需要
12 分钟
ldap server
docker run
docker run --name ldap_service \
-p 389:389 -p 636:636 \
--env LDAP_TLS=false \
--env LDAP_ORGANISATION="qwq" \
--env LDAP_DOMAIN="qwq.com" \
--env LDAP_ADMIN_PASSWORD="qwq" \
--detach osixia/openldap:1.3.0
docker run --name ldap_service \
-p 389:389 -p 636:636 \
--env LDAP_ORGANISATION="qwq" \
--env LDAP_DOMAIN="qwq.com" \
--env LDAP_ADMIN_PASSWORD="qwq" \
--detach osixia/openldap:1.3.0
docker run --hostname 192.168.0.1 --name ldap_service \
-p 389:389 -p 636:636 \
--env LDAP_TLS=true \
--volume /home/wenqi/certificates:/container/service/slapd/assets/certs \
--env LDAP_TLS_CRT_FILENAME=ca.csr \
--env LDAP_TLS_KEY_FILENAME=ca.key \
--env LDAP_TLS_CA_CRT_FILENAME=ca.crt \
--env LDAP_ORGANISATION="qwq" \
--env LDAP_DOMAIN="qwq.com" \
--env LDAP_ADMIN_PASSWORD="qwq" \
--detach osixia/openldap:1.3.0
--hostname 192.168.0.1 \
docker exec ldap_service ldapsearch -x -H ldap://localhost -b dc=qwq,dc=com -D “cn=admin,dc=qwq,dc=com” -w qwq
# extended LDIF
#
# LDAPv3
# base <dc=qwq,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# qwq.com
dn: dc=qwq,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: qwq
dc: qwq
# admin, qwq.com
dn: cn=admin,dc=qwq,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9T2JRZFpUL0d6dzNUUVo5SU1jb3JFalRJNG84a1JId2w=
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
php ldap admin
1.
docker run -d \
--privileged \
-p 60080:80 \
--name myphpldapadmin \
--env PHPLDAPADMIN_HTTPS=false \
--env PHPLDAPADMIN_LDAP_HOSTS=192.168.0.1 \
--detach osixia/phpldapadmin
2.
#web管理ldap系统
docker run \
--name phpldapadmin_service \
--hostname ldap.qwq.com \
--link ldap_service \
--env PHPLDAPADMIN_LDAP_HOSTS=ldap.qwq.com \
--env PHPLDAPADMIN_HTTPS=false \
-p 60080:80 \
--detach osixia/phpldapadmin
ldap connect python script
import ldap
def get_user(user_name):
ldapconn = ldap.initialize("ldap://192.168.0.1:389")
ldapconn.simple_bind_s("cn=admin,dc=qwq,dc=com", "qwq")
searchScope = ldap.SCOPE_SUBTREE
searchFilter = 'cn={}'.format(user_name)
base_dn = 'ou=People,dc=qwq,dc=com'
ldap_result = ldapconn.search_s(base_dn, searchScope, searchFilter, None)
if ldap_result:
user_data = ldap_result[0]
data = {
'username' : ldap_result[0],
'password' : user_data[1]["userPassword"][0],
'real_name' : user_data[1]["cn"][0],
'email' : user_data[1]["mail"][0]
}
result = {
'result' : True,
"code" : "00",
'message': "success",
'data' : data
}
return result
return False
class LDAPClient():
def __init__(self, ldap_url, admin, admin_pwd):
self.ldap_url = ldap_url
self.admin = admin
self.admin_pwd = admin_pwd
def search_user(self):
result = {
'result' : False,
'message': None
}
user_name = user_info["username"]
user_pwd = user_info["password"]
try:
ldapconn = ldap.initialize(self.ldap_url)
ldapconn.simple_bind_s(self.admin, self.admin_pwd)
searchScope = ldap.SCOPE_SUBTREE
searchFilter = "cn={}".format(user_name)
base_dn = 'ou=People,dc=qwq,dc=com'
ldap_result = ldapconn.search_s(base_dn, searchScope, searchFilter, None)
if ldap_result:
user_data = ldap_result[0]
data = {
'username' : ldap_result[0],
'password' : user_data[1]["userPassword"][0],
'real_name' : user_data[1]["cn"][0],
'email' : user_data[1]["mail"][0]
}
result = {
'result' : True,
"code" : "00",
'message': "success",
'data' : data
}
return result
except Exception as err:
result["message"] = str(err)
print(err)
return result
def authrization_user(self, user_info):
result = {
'result' : False,
'message': None
}
user_name = user_info["username"]
user_pwd = user_info["password"]
print(user_name, user_pwd)
try:
ldapconn = ldap.initialize(self.ldap_url)
ldapconn.simple_bind_s(self.admin, self.admin_pwd)
searchScope = ldap.SCOPE_SUBTREE
searchFilter = "cn={}".format(user_name)
base_dn = 'ou=People,dc=qwq,dc=com'
ldap_result = ldapconn.search_s(base_dn, searchScope, searchFilter, None)
login_user = "uid={}, ou=People,dc=qwq,dc=com".format(user_name)
ret = ldapconn.simple_bind_s(login_user, user_pwd)
print(ret)
if ldap_result:
user_data = ldap_result[0]
data = {
'username' : ldap_result[0],
'password' : user_data[1]["userPassword"][0],
'real_name' : user_data[1]["cn"][0],
'email' : user_data[1]["mail"][0]
}
result = {
'result' : True,
"code" : "00",
'message': "success",
'data' : data
}
return result
except Exception as err:
result["message"] = str(err)
print(err)
return result