ldap

https://www.zhangqiongjie.com/5658.html

1.Reference

https://www.golinuxcloud.com/configure-ldap-client-auth-ldap-server/

https://computingforgeeks.com/run-openldap-server-in-docker-containers/

https://github.com/osixia/docker-phpLDAPadmin

https://github.com/osixia/docker-openldap

SSSD · wbwangk/wbwangk.github.io Wiki · GitHub

https://aws.amazon.com/cn/blogs/china/amazon-emr-authentication-scheme-based-on-openldap-and-kerberos-ii-synchronize-ldap-accounts-based-on-sssd/

LDAP in Containers - The Rubyist Blog

sssd.conf参考：

[sssd]
services = nss, pam, autofs
domains = computingforgeeks.com
debug_level = 9

[domain/computingforgeeks.com]
autofs_provider = ldap
ldap_schema = rfc2307
ldap_search_base = dc=computingforgeeks,dc=com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://127.0.0.1
ldap_id_use_start_tls = false
cache_credentials = True
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_default_bind_dn = cn=admin,dc=computingforgeeks,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = StrongAdminPassw0rd
override_homedir = /home/%u
default_shell = /bin/bash

[nss]
homedir_substring = /home
debug_level = 9

[pam]
debug_level = 9

[autofs]
debug_level = 9


docker-compose.yaml分别启动ldap-client, ldap-server, phpldapadmin

version: '3'
services:
  openldap-server:
    image: osixia/openldap:latest
    container_name: openldap-server
    environment:
      LDAP_LOG_LEVEL: "256"
      LDAP_ORGANISATION: "My Company"
      LDAP_DOMAIN: "computingforgeeks.com"
      LDAP_ADMIN_PASSWORD: "StrongAdminPassw0rd"
      LDAP_BASE_DN: "dc=computingforgeeks,dc=com"
    ports:
      - "389:389"
      - "636:636"
    volumes:
      - /home/ec2-user/environment/kevin/config/ldap-test/data:/var/lib/ldap
      - /home/ec2-user/environment/kevin/config/ldap-test/data:/etc/ldap/slapd.d
      - /home/ec2-user/environment/kevin/config/ldap-test/data:/container/service/slapd/assets/certs/
    # For replication to work correctly, domainname and hostname must be
    # set correctly so that "hostname"."domainname" equates to the
    # fully-qualified domain name for the host.
    hostname: "ldap.computingforgeeks.com"
  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    environment:
      PHPLDAPADMIN_HTTPS: "false"
      PHPLDAPADMIN_LDAP_HOSTS: "ldap.computingforgeeks.com"
    hostname: phpldapadmin-service
    ports:
      - "8080:80"
      - "6443:443"
    depends_on:
      - openldap-server
    links:
      - openldap-server:ldap-host
  ldapclient:
    image: zhangqiongjie/ldap-client:0.0.5
    container_name: ldap-client
    hostname: ldap-client
    depends_on:
      - openldap-server
    links:
    - openldap-server:openldap