docker部署openldap+phpldapadmin+gitlab

---

OpenLdap+PhpLdapaAmin部署

配置docker国内源

vim /etc/docker/daemon.json:
-----------------------------------------
{
  "registry-mirrors" : [
    "http://ovfftd6p.mirror.aliyuncs.com",
    "http://registry.docker-cn.com",
    "http://docker.mirrors.ustc.edu.cn",
    "http://hub-mirror.c.163.com"
  ],
  "insecure-registries" : [
    "registry.docker-cn.com",
    "docker.mirrors.ustc.edu.cn"
  ],
  "debug" : true,
  "experimental" : true
}

docker-compose.yml

version: '2.3'
services:
  openldap:
    image: osixia/openldap
    container_name: openldap
    environment:
      - TZ=Asia/Shanghai
      - LDAP_ORGANISATION=duanyiwen
      - LDAP_DOMAIN=duanyiwen.com
      - LDAP_ADMIN_PASSWORD=xxxxxx123
    ports:
      - 389:389
      - 636:636
    networks:
      - ldapnet
    command: [--copy-service,  --loglevel, debug]
    # volumes:
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "10"
  php:
    image: osixia/phpldapadmin
    container_name: phpopenldap
    environment:
      - TZ=Asia/Shanghai
      - PHPLDAPADMIN_HTTPS="false"
      - PHPLDAPADMIN_LDAP_HOSTS=openldap
    ports:
      - 10004:80
    networks:
      - ldapnet
    depends_on: 
      - openldap
    links:
      - openldap
    # volumes:
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "10"
networks:
  ldapnet:
    name: ldap_network

• 登录账密
  cn=admin,dc=duanyiwen,dc=com
xxxxxxx123
• 迁移或重启
  注意关闭selinux

ldap概念介绍

• 关键词

关键字	英文全称	含义
dc	Domain Component	域名的部分，其格式是将完整的域名分成几部分，如域名为example.com变成dc=example,dc=com
uid	User Id	用户ID，如“tom”
ou	Organization Unit	组织单位，类似于Linux文件系统中的子目录，它是一个容器对象，组织单位可以包含其他各种对象（包括其他组织单元），如“market”
cn	Common Name	公共名称，如“Thomas Johansson”
sn	Surname	姓，如“Johansson”
dn	Distinguished Name	惟一辨别名，类似于Linux文件系统中的绝对路径，每个对象都有一个惟一的名称，如“uid= tom,ou=market,dc=example,dc=com”，在一个目录树中DN总是惟一的
rdn	Relative dn	相对辨别名，类似于文件系统中的相对路径，它是与目录树结构无关的部分，如“uid=tom”或“cn= Thomas Johansson”
c	Country	国家，如“CN”或“US”等。
o	Organization	组织名，如“Example, Inc.”

• 组织大致结构
  

gitlab部署

• docker-compose.yml

version: '2'
services:
    gitlab:
      image: hub.xinluomed.com/gitlab-ce-zh:11.1.4
      container_name: "gitlab"
      #restart: unless-stopped
      tty: true
      privileged: true
      hostname: ${HOST_IP}
      environment:
        TZ: 'Asia/Shanghai'
        GITLAB_OMNIBUS_CONFIG: |
          external_url ${GIT_HOST}
          gitlab_rails['time_zone'] = 'Asia/Shanghai'
          gitlab_rails['smtp_enable'] = true
          gitlab_rails['smtp_address'] = "smtp.aliyun.com"
          gitlab_rails['smtp_port'] = 465
          gitlab_rails['smtp_user_name'] = "[email protected]"  #用自己的aliyun邮箱
          gitlab_rails['smtp_password'] = "xxxxxxxxx"
          gitlab_rails['smtp_domain'] = "aliyun.com"
          gitlab_rails['smtp_authentication'] = "login"
          gitlab_rails['smtp_enable_starttls_auto'] = true
          gitlab_rails['smtp_tls'] = true
          gitlab_rails['gitlab_email_from'] = '[email protected]'
          user['git_user_email'] = "[email protected]"
          gitlab_rails['gitlab_shell_ssh_port'] = 22000
          nginx['listen_port'] = 80
          gitlab_rails['ldap_enabled'] = true
          gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
            main:
              lable: 'LDAP'
              host: openldap
              port: 389
              uid: 'cn'
              method: 'plain'
              bind_dn: "cn=admin,dc=duanyiwen,dc=com"
              password: 'xxxxxxxx'
              allow_username_or_email_login: false
              base: 'ou=People,dc=duanyiwen,dc=com'
              attributes:
                username: ['uid']
                email: ['mail']
                first_name: 'sn'
          EOS
      ports:
        - '8080:80'
        - '22000:22'
      networks:
        - git-net
      volumes:
        - /data/d-server/public/git/config:/etc/gitlab
        - /data/d-server/public/git/data:/var/opt/gitlab
        - /data/d-server/public/git/logs:/var/log/gitlab
networks:
  git-net:
    external:
      name: ldap_network

• 邮箱正常发送邮件

version: '2'
services:
    gitlab:
      image: hub.xinluomed.com/gitlab-ce-zh:11.1.4
      container_name: "gitlab"
      restart: unless-stopped
      tty: true
      privileged: true
      hostname: ${HOST_IP}
      environment:
        TZ: 'Asia/Shanghai'
        GITLAB_OMNIBUS_CONFIG: |
          external_url ${GIT_HOST}
          gitlab_rails['time_zone'] = 'Asia/Shanghai'
          gitlab_rails['smtp_enable'] = true
          gitlab_rails['smtp_address'] = "smtp.aliyun.com"
          gitlab_rails['smtp_port'] = 465
          gitlab_rails['smtp_user_name'] = "[email protected]"  #用自己的aliyun邮箱
          gitlab_rails['smtp_password'] = "xxxxxxxx"
          gitlab_rails['smtp_domain'] = "aliyun.com"
          gitlab_rails['smtp_authentication'] = "login"
          gitlab_rails['smtp_enable_starttls_auto'] = true
          gitlab_rails['smtp_tls'] = true
          gitlab_rails['gitlab_email_from'] = '[email protected]'
          user['git_user_email'] = "[email protected]"
          gitlab_rails['gitlab_shell_ssh_port'] = 22000
          nginx['listen_port'] = 80
      ports:
        - '8080:80'
        - '22000:22'
      volumes:
        - /data/d-server/public/git/config:/etc/gitlab
        - /data/d-server/public/git/data:/var/opt/gitlab
        - /data/d-server/public/git/logs:/var/log/gitlab