1.jira,wiki連接LDAP是一樣的。
網上有很多帖子我就細說了,當在web上配置LDAP時 報錯 ssl的問題時解決方法如下:
連接測試的要點有兩點:
1).使用ssl(636端口)需要把證書導入java證書庫中,首先確認使用的Java環境,可以重啓一下服務就會知道調用java環境了,看安裝的類型不是獨立安裝的bin包默認的java環境變量是/opt/atlassian/confluence/jre/。
2).添加證書時卻證書是與什麼關聯的,我們這裏是和域名關聯的
2.導入證書
#/opt/atlassian/confluence/jre/bin/keytool -import -alias serverCert -file /opt/atlassian/confluence/server.crt -keystore /opt/atlassian/confluence/jre/lib/security/cacerts
#/opt/atlassian/confluence/jre/bin/keytool -import -alias ldapCert -file /opt/atlassian/confluence/server.crt -keystore /opt/atlassian/confluence/jre/lib/security/cacerts
/opt/atlassian/confluence/jre/bin/keytool -list -keystore /opt/atlassian/confluence/jre/lib/security/cacerts //查看證書是否導入成功
3.可以在wiki本地安裝openldap-clients查看是否能連接上LDAP
yum install openldap-clients -y
vim /etc/openldap/ldap.conf
base dc=zixxxxxxx-aly,dc=com
uri ldaps://ldap.zixxxxxxx-aly.com
ldap_version 3
timelimit 120
bind_timelimit 120
idle_timelimit 3600
pam_password md5
tls_cacertfile /opt/atlassian/confluence/server.crt
tls_cacert /opt/atlassian/confluence/server.crt
tls_certdir /opt/atlassian/confluence/server.crt
nss_initgroups_ignoreusers lightdm,nslcd,dnsmasq,dbus,avahi,avahi-autoipd,backup,beagleindex,bin,daemon,games,gdm,gnats,haldaemon,hplip,irc,ivman,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,ntp,openldap,polkituser,proxy,pulse,puppet,root,saned,sshd,sync,sys,syslog,uucp,vde2-net,www-data
ldapsearch -v -H ldaps://ldap.zixxxxxxx-aly.com -x -b "ou=staff,dc=zixxxxxxx-aly,dc=com" //測試連接
4.gitlab連接LDAP
vim /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
ldap:
enabled: true
servers:
main:
label: ldap
host: ldap.zixxxxxx-aly.com
port: 636
uid: 'uid'
method: 'ssl' # "tls" or "ssl" or "plain"
base: 'ou=staff,dc=zixxxxxxxx-aly,dc=com'
bind_dn: 'cn=Manager,dc=zixxxxxxx-aly,dc=com'
password: '*/zixxxxxxx@p/*'
user_filter: ''
(一定要看好配置文件ldap模塊的位置,配置文件格式有要求的)
gitlab-ctl restart (重啓服務,千萬不要重寫配置文件)
5,Apache配置ldap很簡單,但是centos7以後ldap模塊做了變動安裝mod_ldap模塊
<Location />
#SetHandler phpMyAdmin
AuthType Basic
AuthName "ldap.zixxxxxy.com"
AuthBasicProvider ldap
#AuthzLDAPAuthoritative off
#AuthLDAPEnabled on
AuthLDAPURL "ldaps://ldap.zixxxxxy.com:636/ou=staff,dc=zixxxxxy,dc=com?uid"
#Require valid-user
Require ldap-group cn=phpadmin,ou=staff,dc=zixxxxxxy,dc=com
</Location>