官方不知道为何下架了12.3的ldap插件,唯有去github寻找一途,终不负有心人,亲测可用
https://github.com/anjia0532/zentao-ldap
我这里在k8s中进行了安装,存储基于本地,数据库用的远程的中央库,安装不赘述,贴下yaml文件吧
apiVersion: apps/v1beta2
kind: Deployment
metadata:
annotations:
description: zentao管理平台
labels:
k8s-app: manage-zentao
name: manage-zentao
namespace: kube-ops
spec:
minReadySeconds: 10
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: manage-zentao
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
k8s-app: manage-zentao
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- 10.88.10.90
containers:
name: manage-zentao
image: easysoft/zentao:12.3.3
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "400m"
memory: 8Gi
securityContext:
privileged: false
procMount: Default
volumeMounts:
- mountPath: /www/zentaopms
name: manage-zentao-home
- mountPath: /var/lib/mysql
name: manage-zentao-mysql
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /data/k8s/manage-zentao-home/data/
name: manage-zentao-home
- hostPath:
path: /data/k8s/manage-zentao-home/mysqldata/
name: manage-zentao-mysql
---
apiVersion: v1
kind: Service
metadata:
name: manage-zentao
namespace: kube-ops
spec:
ports:
- name: tcp-80-80
port: 80
protocol: TCP
targetPort: 80
selector:
k8s-app: manage-zentao
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 3600
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: zentao-nginx-ingress
namespace: kube-ops
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/keep-alive: "1800"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-body-size: 5000m
nginx.ingress.kubernetes.io/client-header-timeout: "1800"
nginx.ingress.kubernetes.io/client-body-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
spec:
tls:
- hosts:
- zt.espnlol.com
secretName: espnlol.com
rules:
- host: zt.espnlol.com
http:
paths:
- path: /
backend:
serviceName: manage-zentao
servicePort: 80
剩下的初始化操作看下官方文档就好了,非常简单,写的也很清楚
https://www.zentao.net/book/zentaopmshelp/405.html
将上面的ldap插件下载下来:zentao-ldap-12.3-stable.tar.gz
放在服务器的/tmp下,解压之后为:zentao-ldap-12.3-stable,进入目录执行rsync -av ldap/module/ /data/k8s/manage-zentao-home/data/module/将文件同步进module目录,赋予权限chmod -R 777 /data/k8s/manage-zentao-home/data/module,不赋权可能会提示找不到文件哦,同步完成后进入后台,就可以看到LDAP了
进入ldap将相关配置输入即可
| 选项 | 示例值 |
|---|---|
| LDAP服务器 | ldap://192.168.216.200:389 |
| 协议版本 | 3 |
| BindDN | cn=admin,dc=espnlol,dc=com |
| BindDN 密码 | xxxxxxx |
| BaseDN: | ou=users,dc=espnlol,dc=com |
| Search filter | (objectClass=inetOrgperson) |
| 账号字段 | uid |
| EMail 字段 | |
| 姓名字段 | sn |
输入完成,点击保存,手动同步即可把所有账号同步进来,开启ldap之后默认登录,需要在账号前加$,比如$admin