Konga面板接入LDAP踩坑实战
程序员文章站
2022-03-04 13:01:03
...
Konga面板接入LDAP踩坑实战
基于
docker-compose构建
konga面板,脚本内容如下:
docker-compose.yml
version: '3.7'
services:
konga:
image: pantsel/konga
container_name: konga
restart: always
environment:
- KONGA_AUTH_PROVIDER=${KONGA_AUTH_PROVIDER}
- KONGA_LDAP_HOST=${KONGA_LDAP_HOST}
- KONGA_LDAP_BIND_DN=${KONGA_LDAP_BIND_DN}
- KONGA_LDAP_BIND_PASSWORD=${KONGA_LDAP_BIND_PASSWORD}
- KONGA_LDAP_USER_SEARCH_BASE=${KONGA_LDAP_USER_SEARCH_BASE}
- KONGA_LDAP_USER_SEARCH_FILTER=${KONGA_LDAP_USER_SEARCH_FILTER}
- KONGA_LDAP_USER_ATTRS=${KONGA_LDAP_USER_ATTRS}
- KONGA_LDAP_GROUP_SEARCH_BASE=${KONGA_LDAP_GROUP_SEARCH_BASE}
- KONGA_LDAP_GROUP_SEARCH_FILTER=${KONGA_LDAP_GROUP_SEARCH_FILTER}
- KONGA_LDAP_GROUP_ATTRS=${KONGA_LDAP_GROUP_ATTRS}
- KONGA_ADMIN_GROUP_REG=${KONGA_ADMIN_GROUP_REG}
- KONGA_LDAP_ATTR_USERNAME=${KONGA_LDAP_ATTR_USERNAME}
- KONGA_LDAP_ATTR_FIRSTNAME=${KONGA_LDAP_ATTR_FIRSTNAME}
- KONGA_LDAP_ATTR_LASTNAME=${KONGA_LDAP_ATTR_LASTNAME}
- KONGA_LDAP_ATTR_EMAIL=${KONGA_LDAP_ATTR_EMAIL}
ports:
- 1337:1337
volumes:
- ${KONGA_DATA:-kong}:/app/kongadata
环境变量 .env内容如下:
# Dashboard 目录映射
KONGA_DATA=./konga_data
# LDAP 配置文件
KONGA_AUTH_PROVIDER=ldap
KONGA_LDAP_HOST=ldap://localhost:5031
KONGA_LDAP_BIND_DN=cn=admin,dc=test,dc=com
KONGA_LDAP_BIND_PASSWORD=password
KONGA_LDAP_USER_SEARCH_BASE=dc=test,dc=com
KONGA_LDAP_USER_SEARCH_FILTER=(|(uid={{username}})(sAMAccountName={{username}}))
KONGA_LDAP_USER_ATTRS=uid,uidNumber,givenName,sn,mail
KONGA_LDAP_GROUP_SEARCH_BASE=dc=test,dc=com
KONGA_LDAP_GROUP_SEARCH_FILTER=(|(memberUid={{uid}})(memberUid={{uidNumber}})(sAMAccountName={{uid}}))
KONGA_LDAP_GROUP_ATTRS=member,cn,dn,ou
KONGA_ADMIN_GROUP_REG=^(konga|admin)$
KONGA_LDAP_ATTR_USERNAME=uid
KONGA_LDAP_ATTR_FIRSTNAME=givenName
KONGA_LDAP_ATTR_LASTNAME=sn
KONGA_LDAP_ATTR_EMAIL=mail
值得注意的地方是通过上述文件就可以搭建起konga面板,同时也可以用ldap的用户进行登录,但是此时是无法用konga的管理员账号进行登录,此外还需要特别的设置。
需要通过ldap管理工具创建posixGroup类型的组,并将需要登录的管理员账号加入到该组中即可。
上一篇: gitlab的runner实践
下一篇: 百度地图混淆代码
推荐阅读