1.jira,wiki连接LDAP是一样的。
网上有很多帖子我就细说了,当在web上配置LDAP时 报错 ssl的问题时解决方法如下:
连接测试的要点有两点:
1).使用ssl(636端口)需要把证书导入java证书库中,首先确认使用的Java环境,可以重启一下服务就会知道调用java环境了,看安装的类型不是独立安装的bin包默认的java环境变量是/opt/atlassian/confluence/jre/。
2).添加证书时却证书是与什么关联的,我们这里是和域名关联的
2.导入证书
#/opt/atlassian/confluence/jre/bin/keytool -import -alias serverCert -file /opt/atlassian/confluence/server.crt -keystore /opt/atlassian/confluence/jre/lib/security/cacerts
#/opt/atlassian/confluence/jre/bin/keytool -import -alias ldapCert -file /opt/atlassian/confluence/server.crt -keystore /opt/atlassian/confluence/jre/lib/security/cacerts
/opt/atlassian/confluence/jre/bin/keytool -list -keystore /opt/atlassian/confluence/jre/lib/security/cacerts //查看证书是否导入成功
3.可以在wiki本地安装openldap-clients查看是否能连接上LDAP
yum install openldap-clients -y
vim /etc/openldap/ldap.conf
base dc=zixxxxxxx-aly,dc=com
uri ldaps://ldap.zixxxxxxx-aly.com
ldap_version 3
timelimit 120
bind_timelimit 120
idle_timelimit 3600
pam_password md5
tls_cacertfile /opt/atlassian/confluence/server.crt
tls_cacert /opt/atlassian/confluence/server.crt
tls_certdir /opt/atlassian/confluence/server.crt
nss_initgroups_ignoreusers lightdm,nslcd,dnsmasq,dbus,avahi,avahi-autoipd,backup,beagleindex,bin,daemon,games,gdm,gnats,haldaemon,hplip,irc,ivman,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,ntp,openldap,polkituser,proxy,pulse,puppet,root,saned,sshd,sync,sys,syslog,uucp,vde2-net,www-data
ldapsearch -v -H ldaps://ldap.zixxxxxxx-aly.com -x -b "ou=staff,dc=zixxxxxxx-aly,dc=com" //测试连接
4.gitlab连接LDAP
vim /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
ldap:
enabled: true
servers:
main:
label: ldap
host: ldap.zixxxxxx-aly.com
port: 636
uid: 'uid'
method: 'ssl' # "tls" or "ssl" or "plain"
base: 'ou=staff,dc=zixxxxxxxx-aly,dc=com'
bind_dn: 'cn=Manager,dc=zixxxxxxx-aly,dc=com'
password: '*/zixxxxxxx@p/*'
user_filter: ''
(一定要看好配置文件ldap模块的位置,配置文件格式有要求的)
gitlab-ctl restart (重启服务,千万不要重写配置文件)
5,Apache配置ldap很简单,但是centos7以后ldap模块做了变动安装mod_ldap模块
<Location />
#SetHandler phpMyAdmin
AuthType Basic
AuthName "ldap.zixxxxxy.com"
AuthBasicProvider ldap
#AuthzLDAPAuthoritative off
#AuthLDAPEnabled on
AuthLDAPURL "ldaps://ldap.zixxxxxy.com:636/ou=staff,dc=zixxxxxy,dc=com?uid"
#Require valid-user
Require ldap-group cn=phpadmin,ou=staff,dc=zixxxxxxy,dc=com
</Location>