nisiyong
commented
5 years ago 我们刚好也是用了Jumpserver+OpenLDAP,然后apollo接LDAP,都没啥问题。 不通的是Apollo用都1.4.0-release,检查下ldap配置吧
Closed PostgreSQL1989 closed 4 years ago
nisiyong
commented
5 years ago 我们刚好也是用了Jumpserver+OpenLDAP,然后apollo接LDAP,都没啥问题。 不通的是Apollo用都1.4.0-release,检查下ldap配置吧
PostgreSQL1989
commented
5 years ago 我们刚好也是用了Jumpserver+OpenLDAP,然后apollo接LDAP,都没啥问题。 不通的是Apollo用都1.4.0-release,检查下ldap配置吧
感谢回复。 请问一下,你们用的是uid吗? 方便的话,能不能把关键信息打码,截图上传一下? 我实在对比出来哪里配置错误了。
nobodyiam
commented
5 years ago 到 com.ctrip.framework.apollo.portal.spi.ldap.ApolloLdapAuthenticationProvider#authenticate 和 com.ctrip.framework.apollo.portal.spi.ldap.FilterLdapByGroupUserSearch#searchForUser debug看看
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in 14 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.
stale[bot]
commented
4 years ago This issue has been automatically closed because it has not had activity in the last 14 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.
suwenmin
commented
2 years ago DN加个cn=user试试,我的就是加了后能连上,不加就连不上。cn=openldap,cn=users,dc=patozon,dc=net
PostgreSQL1989
commented
2 years ago 感谢大家的热心回复,我已经搞定了,看到之前问题关闭,忘了来更新进度。 OpenLDAP配置,大家可以参考一下。
# LDAP export JAVA_OPTS="$JAVA_OPTS -Dserver.port=$SERVER_PORT -Dspring.profiles.active=github,ldap -Dlogging.file=$LOG_DIR/$SERVICE_NAME.log -XX:HeapDumpPath=$LOG_DIR/HeapDumpOnOutOfMemoryError/"
spring: ldap: base: "dc=XXXX,dc=org" username: "cn=readonly,ou=Group,dc=XXXX,dc=org" # 配置管理员账号,用于搜索、匹配用户 password: "ghhyfAylrflMc8cm" searchFilter: "(cn={0})" # 用户过滤器,登录的时候用这个过滤器来搜索用户 urls:
ldap: mapping: # 配置 ldap 属性 objectClass: "inetOrgPerson" # ldap 用户 objectClass 配置 loginId: "cn" # ldap 用户惟一 id,用来作为登录的 id rdnKey: "cn" # ldap rdn key userDisplayName: "displayName" # ldap 用户名,用来作为显示名 email: "mail" # ldap 邮箱属性 group: # 启用group search,启用后只有特定group的用户可以登录apollo objectClass: "groupOfUniqueNames" # 配置groupClassName groupBase: "ou=Group" # group search base groupSearch: "(&(cn=apollo-users))" # group filter groupMembership: "uniqueMember" # group memberShip eg. member or memberUid
Hello all,我遇到一个棘手的问题。 portal接入LDAP认证一直失败,用户使用的是cn,并且在jumpserver和yapi都能认证成功。 请问如何排查?谢谢!
apoolo-portal: v1.5.0 (git源码打包) openldap: v2.4.44 (yum安装) OS: CentOS 7.6
startup.sh已经加入了ldap认证配置
cat config/application-ldap.yml `spring: ldap: base: "ou=Group,dc=mochong,dc=org" username: "cn=openldap,dc=mochong,dc=org" # 配置管理员账号,用于搜索、匹配用户 password: "LDAP密码" searchFilter: "(cn=%(user)s)" # 用户过滤器,登录的时候用这个过滤器来搜索用户 urls:
ldap: mapping: # 配置 ldap 属性 objectClass: "inetOrgPerson" # ldap 用户 objectClass 配置 loginId: "cn" # ldap 用户惟一 id,用来作为登录的 id userDisplayName: "displayName" # ldap 用户名,用来作为显示名 email: "mail" # ldap 邮箱属性`
portal的debug日志 ` LdapDataAutoConfiguration: Did not match:
@ConditionalOnClass did not find required class 'org.springframework.data.ldap.repository.LdapRepository' (OnClassCondition)
LdapHealthIndicatorAutoConfiguration: Did not match:
@ConditionalOnEnabledHealthIndicator management.health.defaults.enabled is considered true (OnEnabledHealthIndicatorCondition)
LdapRepositoriesAutoConfiguration: Did not match:
jumpserver的LDAP配置:
YApi的LDAP配置: