OpenGrok 本身不直接支持 LDAP 认证。你可以通过以下步骤来实现 OpenGrok 对 LDAP
1、修改 Tomcat 配置,ldap认证需要使用 JNDIRealm
Tomcat 配置文件:/home/admin/infra/opengrok/apache-tomcat-10.1.30/conf/server.xml
a、删除 UserDatabase
image.png
b、删除<Engine name="Catalina" defaultHost="localhost">里面的UserDatabaseRealm,并添加<Realm className="org.apache.catalina.realm.JNDIReal>
image.png
2、opengrok 配置
/home/admin/infra/opengrok/etc/readonly_configuration.xml
a、在<void property="pluginStack"> 中增加
<void property="pluginStack">
<void property="setup">
<void method="put">
<string>configuration</string>
<string>/home/admin/infra/opengrok/auth/config/ldap-plugin-config-corp.yml</string>
</void>
</void>
</void>
在<void property="stack">中增加
<void property="stack">
<void method="add">
<object class="org.opengrok.indexer.authorization.AuthorizationPlugin">
<void property="name">
<string>opengrok.auth.plugin.LdapUserPlugin</string>
</void>
<void property="flag">
<string>REQUISITE</string>
</void>
<void property="setup">
<void method="put">
<string>filter</string>
<string>(&(objectclass=person)(mail=%guid%)(uid=%username%))</string>
</void>
<void method="put">
<string>attributes</string>
<string>mail,uid</string>
</void>
</void>
</object>
</void>
</void>
<void property="stack">
<void method="add">
<object class="org.opengrok.indexer.authorization.AuthorizationPlugin">
<void property="name">
<string>opengrok.auth.plugin.LdapAttrPlugin</string>
</void>
<void property="flag">
<string>SUFFICIENT</string>
</void>
<void property="setup">
<void method="put">
<string>attribute</string>
<string>mail</string>
</void>
<void method="put">
<string>file</string>
<string>/home/admin/infra/opengrok/auth/config/whitelists/foo-whitelist-mail.txt</string>
</void>
</void>
</object>
</void>
</void>
<void property="stack">
<void method="add">
<object class="org.opengrok.indexer.authorization.AuthorizationPlugin">
<void property="name">
<string>opengrok.auth.plugin.LdapFilterPlugin</string>
</void>
<void property="flag">
<string>REQUIRED</string>
</void>
<void property="setup">
<void method="put">
<string>configuration</string>
<string>/home/admin/infra/opengrok/auth/config/ldap-plugin-config-corp.yml</string>
</void>
<void method="put">
<string>filter</string>
<string>(sAMAccountName={0})</string>
</void>
<void method="put">
<string>transforms</string>
<string>uid:toLowerCase</string>
</void>
</void>
</object>
</void>
</void>
b、ldap-plugin-config-corp.yml
servers:
- url: "ldaps://ldap-foo.example.com"
username: cn=admin,ou=admins,dc=example,dc=com
password: changeme
- url: "ldaps://ldap-bar.example.com"
username: cn=admin,ou=admins,dc=example,dc=com
password: changeme
interval: 900000
countLimit: 3
connectTimeout: 3000
readTimeout: 3000
searchTimeout: 1000
searchBase: dc=example,dc=com
3、重新执行索引,重启Tomcat
export OPENGROK_INSTANCE_BASE=/home/admin/infra/opengrok
java \
-Djava.util.logging.config.file=${OPENGROK_INSTANCE_BASE}/etc/logging.properties \
-jar ${OPENGROK_INSTANCE_BASE}/dist/lib/opengrok.jar \
-c ${OPENGROK_INSTANCE_BASE}/uctags/usr/local/bin/ctags \
-s ${OPENGROK_INSTANCE_BASE}/src -d ${OPENGROK_INSTANCE_BASE}/data -H -P -S -G \
-R ${OPENGROK_INSTANCE_BASE}/etc/readonly_configuration.xml \
-W ${OPENGROK_INSTANCE_BASE}/etc/configuration.xml \
-U http://localhost:8080/source
# 重启Tomcat
cd /home/admin/infra/opengrok/apache-tomcat-10.1.30/bin
sh shutdown.sh && sh startup.sh
4、问题定位
tomcat 日志:/home/admin/infra/opengrok/apache-tomcat-10.1.30/logs/
opengrok 日志: /home/admin/infra/opengrok/log/
遇到的问题:
1、配置了LDAP后,看不到项目了
image.png
image.png
参考链接:https://blog.csdn.net/lxmega/article/details/120523858
https://github.com/oracle/opengrok/wiki/Authorization-plugins
网友评论