0
docker openldap 서버 및 클라이언트 컨테이너에서 작업 할 때 이상한 문제가 있습니다. tls로 LDAP 인증을 사용하려면 먼저 authconfig를 통해 LDAP를 비활성화 한 다음 다시 활성화해야합니다. 또한 캐시 된 로그인을 비활성화했습니다. 내가 처음 TLS를 사용하지 만 다음 로그인 두 번째 명령을 실행 해달라고하면 아래 클라이언트의 openldap tls 인증은 authconfig를 통해 다시 활성화하지 않도록 설정 한 후에 작동합니다.
$ docker exec -t datanode1 bash -c 'authconfig --enableldap --enableldapauth --ldapserver="kerbldap.dkdocker.com" \
--ldapbasedn="dc=dkdocker,dc=com" --enablesssd --enablesssdauth --enableldaptls --enablemkhomedir --update'
$ ssh [email protected] -p 2224
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
$ docker exec -t datanode1 bash -c 'authconfig --disableldaptls --update'
$ docker exec -t datanode1 bash -c 'authconfig --enableldap --enableldapauth --ldapserver="kerbldap.dkdocker.com" \
--ldapbasedn="dc=dkdocker,dc=com" --enablesssd --enablesssdauth --enableldaptls --enablemkhomedir --update'
$ ssh [email protected] -p 2224
[email protected]'s password:
Creating home directory for dhiren.
Last failed login: Thu Sep 21 19:31:42 IST 2017 from gateway on ssh:notty
There were 4 failed login attempts since the last successful login.
[[email protected] ~]$
docker exec -t clientcontainer1 bash -c 'authconfig --disableldaptls --update'
[[email protected] ~]# authconfig --test
caching is disabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
hesiod LHS = ""
hesiod RHS = ""
nss_ldap is enabled
LDAP+TLS is enabled
LDAP server = "ldap://kerbldap.dkdocker.com/"
LDAP base DN = "dc=dkdocker,dc=com"
nss_nis is disabled
NIS server = ""
NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
SMB workgroup = "SAMBA"
SMB servers = ""
SMB security = "user"
SMB realm = ""
Winbind template shell = "/bin/false"
SMB idmap range = "16777216-33554431"
nss_sss is enabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
myhostname is enabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
shadow passwords are enabled
password hashing algorithm is sha512
pam_krb5 is disabled
krb5 realm = "DKDOCKER.COM"
krb5 realm via dns is disabled
krb5 kdc = "kerbldap.dkdocker.com"
krb5 kdc via dns is disabled
krb5 admin server = "kerbldap.dkdocker.com"
pam_ldap is enabled
LDAP+TLS is enabled
LDAP server = "ldap://kerbldap.dkdocker.com/"
LDAP base DN = "dc=dkdocker,dc=com"
LDAP schema = "rfc2307"
pam_pkcs11 is disabled
SSSD smartcard support is disabled
use only smartcard for login is disabled
smartcard module = ""
smartcard removal action = ""
pam_fprintd is disabled
pam_ecryptfs is disabled
pam_winbind is disabled
SMB workgroup = "SAMBA"
SMB servers = ""
SMB security = "user"
SMB realm = ""
pam_sss is enabled by default
credential caching in SSSD is enabled
SSSD use instead of legacy services if possible is enabled
IPAv2 is disabled
IPAv2 domain was not joined
IPAv2 server = ""
IPAv2 realm = ""
IPAv2 domain = ""
pam_pwquality is enabled (try_first_pass local_users_only retry=3 authtok_type=)
pam_passwdqc is disabled()
pam_access is disabled()
pam_faillock is disabled (deny=4 unlock_time=1200)
pam_mkhomedir or pam_oddjob_mkhomedir is enabled (umask=0077)
Always authorize local users is enabled()
--ldapbasedn="dc=dkdocker,dc=com" --enablesssd --enablesssdauth --enableldaptls --enablemkhomedir --update'