LDAPとDocker-compose
docker-compose.yml
ldap:
image: osixia/openldap:1.2.4
container_name: ldap
environment:
LDAP_DOMAIN: ${REVERSE_PROXY_DOMAIN_NAME}
LDAP_BASE_DN: ${BASE_DN}
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD}
LDAP_CONFIG_PASSWORD: ${LDAP_ADMIN_PASSWORD}
ports:
- "10389:389"
networks:
net:
ipv4_address: 172.22.0.7
volumes:
- ldap-data:/var/lib/ldap
- ldap-config:/etc/ldap/slapd.d
restart: always
# LDAP Management Tool
ldapadmin:
image: osixia/phpldapadmin:0.8.0
container_name: ldapadmin
environment:
PHPLDAPADMIN_HTTPS: 0
PHPLDAPADMIN_LDAP_HOSTS: ldap
volumes:
- ldapadmin-data:/var/www/phpldapadmin
networks:
net:
ipv4_address: 172.22.0.8
restart: always
depends_on:
- ldap
#################################
env.file
REVERSE_PROXY_DOMAIN_NAME=[YOUR DOMAIN]
BASE_DN=dc=[YOUR DOMAIN],dc=com
LDAP_ADMIN_PASSWORD=[YOUR PASSWORD]
Login
他システムとの連携はGiven nameではなく、この"cn" common nameがログインユーザ名となります。
GitLabとLDAP(OpenLDAP)連携設定
docker-compose.yml
version: "3.2"
services:
nginx:
build:
context: ./nginx
ports:
- "80:80"
- "443:443"
depends_on:
- sonarqube
- db
networks:
net:
ipv4_address: 172.22.0.6
container_name: nginx
##################################
ldap:
image: osixia/openldap:1.2.4
container_name: ldap
environment:
LDAP_DOMAIN: ${REVERSE_PROXY_DOMAIN_NAME}
LDAP_BASE_DN: ${BASE_DN}
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD}
LDAP_CONFIG_PASSWORD: ${LDAP_ADMIN_PASSWORD}
ports:
- "10389:389"
networks:
net:
ipv4_address: 172.22.0.7
volumes:
- ldap-data:/var/lib/ldap
- ldap-config:/etc/ldap/slapd.d
restart: always
# LDAP Management Tool
ldapadmin:
image: osixia/phpldapadmin:0.8.0
container_name: ldapadmin
environment:
PHPLDAPADMIN_HTTPS: 0
PHPLDAPADMIN_LDAP_HOSTS: ldap
volumes:
- ldapadmin-data:/var/www/phpldapadmin
networks:
net:
ipv4_address: 172.22.0.8
restart: always
depends_on:
- ldap
#################################
sonarqube:
image: sonarqube
depends_on:
- db
user: root
networks:
net:
ipv4_address: 172.22.0.5
environment:
- SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonar
- SONAR_JDBC_USERNAME=sonar
- SONAR_JDBC_PASSWORD=sonar
- LDAP_HOST=ldap://ldap:389/
- LDAP_BIND_DN=cn=admin,${BASE_DN}
- LDAP_BIND_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_USER_BASE_DN=${BASE_DN}
- LDAP_USER_REQUEST=(&(objectClass=inetOrgPerson)(cn={login}))
- LDAP_GROUP_BASE_DN=${BASE_DN}
- LDAP_GROUP_REQUEST=(&(objectClass=posixGroup)(memberUid={uid}))
command: bash -c "./bin/run.sh -Dsonar.security.realm=LDAP -Dldap.url=$$LDAP_HOST -Dldap.bindDn=$$LDAP_BIND_DN -Dldap.bindPassword=$$LDAP_BIND_PASSWORD -Dldap.user.baseDn=$$LDAP_USER_BASE_DN -Dldap.user.request=$$LDAP_USER_REQUEST -Dldap.user.realNameAttribute=cn -Dldap.user.emailAttribute=mail -Dldap.group.baseDn=$$LDAP_GROUP_BASE_DN -Dldap.group.request=$$LDAP_GROUP_REQUEST"
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
- sonarqube_temp:/opt/sonarqube/temp
container_name: sonarqube
db:
image: postgres
networks:
net:
ipv4_address: 172.22.0.3
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
volumes:
- postgresql:/var/lib/postgresql
- postgresql_data:/var/lib/postgresql/data
container_name: postgres
networks:
net:
driver: bridge
ipam:
config:
- subnet: 172.22.0.0/16
volumes:
・・・