1.jira,wiki连接LDAP是一样的。


网上有很多帖子我就细说了,当在web上配置LDAP时 报错  ssl的问题时解决方法如下:


连接测试的要点有两点:

1).使用ssl(636端口)需要把证书导入java证书库中,首先确认使用的Java环境,可以重启一下服务就会知道调用java环境了,看安装的类型不是独立安装的bin包默认的java环境变量是/opt/atlassian/confluence/jre/。

        2).添加证书时却证书是与什么关联的,我们这里是和域名关联的



2.导入证书


 #/opt/atlassian/confluence/jre/bin/keytool -import -alias serverCert -file /opt/atlassian/confluence/server.crt -keystore /opt/atlassian/confluence/jre/lib/security/cacerts


#/opt/atlassian/confluence/jre/bin/keytool -import -alias ldapCert -file /opt/atlassian/confluence/server.crt -keystore /opt/atlassian/confluence/jre/lib/security/cacerts



/opt/atlassian/confluence/jre/bin/keytool -list -keystore /opt/atlassian/confluence/jre/lib/security/cacerts   //查看证书是否导入成功




3.可以在wiki本地安装openldap-clients查看是否能连接上LDAP


yum install openldap-clients -y


vim /etc/openldap/ldap.conf

base dc=zixxxxxxx-aly,dc=com

uri ldaps://ldap.zixxxxxxx-aly.com

ldap_version 3

timelimit 120

bind_timelimit 120

idle_timelimit 3600

pam_password md5

tls_cacertfile /opt/atlassian/confluence/server.crt

tls_cacert /opt/atlassian/confluence/server.crt

tls_certdir /opt/atlassian/confluence/server.crt

nss_initgroups_ignoreusers lightdm,nslcd,dnsmasq,dbus,avahi,avahi-autoipd,backup,beagleindex,bin,daemon,games,gdm,gnats,haldaemon,hplip,irc,ivman,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,ntp,openldap,polkituser,proxy,pulse,puppet,root,saned,sshd,sync,sys,syslog,uucp,vde2-net,www-data



ldapsearch -v -H ldaps://ldap.zixxxxxxx-aly.com -x -b "ou=staff,dc=zixxxxxxx-aly,dc=com"       //测试连接




4.gitlab连接LDAP


vim /var/opt/gitlab/gitlab-rails/etc/gitlab.yml

  ldap:

    enabled: true

    servers:

      main:

        label: ldap

        host: ldap.zixxxxxx-aly.com

        port: 636

        uid: 'uid'

        method: 'ssl' # "tls" or "ssl" or "plain"

        base: 'ou=staff,dc=zixxxxxxxx-aly,dc=com'

        bind_dn: 'cn=Manager,dc=zixxxxxxx-aly,dc=com'

        password: '*/zixxxxxxx@p/*'

        user_filter: ''


(一定要看好配置文件ldap模块的位置,配置文件格式有要求的)

gitlab-ctl restart    (重启服务,千万不要重写配置文件)


5,Apache配置ldap很简单,但是centos7以后ldap模块做了变动安装mod_ldap模块



<Location />

#SetHandler phpMyAdmin

AuthType Basic

AuthName "ldap.zixxxxxy.com"

AuthBasicProvider ldap

#AuthzLDAPAuthoritative off

#AuthLDAPEnabled on

AuthLDAPURL "ldaps://ldap.zixxxxxy.com:636/ou=staff,dc=zixxxxxy,dc=com?uid"

#Require valid-user

Require ldap-group cn=phpadmin,ou=staff,dc=zixxxxxxy,dc=com

</Location>