SQL稽核平臺 Archery v1.8.0 LDAP功能配置步驟

一、安裝相關包

1、安裝LDAP相關的擴充套件包

[root@localhost ~]# docker ps

# docker ps

CONTAINER ID   IMAGE                       COMMAND                  CREATED       STATUS         PORTS                                                            NAMES

1bb1c633de94   mysql:5.7                   "docker-entrypoint.s…"   3 weeks ago   Up 3 weeks     3306/tcp, 33060/tcp, 0.0.0.0:3307->3307/tcp, :::3307->3307/tcp   mysql

10a1a24b437a   redis:5                     "docker-entrypoint.s…"   3 weeks ago   Up 3 weeks     6379/tcp                                                         redis

75054a146810   hhyo/inception              "/bin/sh -c 'nohup /…"   3 weeks ago   Up 3 weeks     6669/tcp                                                         inception

87cfaee82763   hhyo/archery:1.8.0          "dockerize -wait tcp…"   3 weeks ago   Up 7 minutes   0.0.0.0:9123->9123/tcp, :::9123->9123/tcp                        archery

02b26516ccea   hanchuanchuan/goinception   "/usr/local/bin/dumb…"   3 weeks ago   Up 3 weeks     4000-4001/tcp                                                    goinception

[root@localhost ~]# docker exec -it 87 bash

[root@c3fe74f742ac archery]# yum -y install openldap-devel

2、安裝PYTHON依賴庫

# 缺少的話在瀏覽器登陸時會報錯："500 Internal Server Error"

[root@c3fe74f742ac archery]# source /opt/venv4archery/bin/activate

[root@c3fe74f742ac archery]# pip install django-auth-ldap==1.3.0  -i  --trusted-host pypi.douban.com --upgrade pip

[root@c3fe74f742ac archery]# pip install six

[root@c3fe74f742ac archery]# cd /opt/venv4archery/lib/python3.8/site-packages/

[root@c3fe74f742ac archery]# cp six.py /opt/venv4archery/lib/python3.8/site-packages/django/utils/

3、重啟下相關容器

[root@localhost ~]# docker restart 87

[root@localhost ~]# docker ps  | grep archery

87cfaee82763   hhyo/archery:1.8.0          "dockerize -wait tcp…"   3 weeks ago   Up 9 minutes   0.0.0.0:9123->9123/tcp, :::9123->9123/tcp                        archery

二、編輯配置檔案

1、進入相關容器修改配置檔案

[root@localhost ~]# docker exec -it 87 bash

[root@87cfaee82763 archery]# yum -y install vim

[root@87cfaee82763 archery]# cd /opt/archery/archery

[root@87cfaee82763 archery]# ls

asgi.py  __init__.py  __pycache__  settings.py  settings.py.bak  urls.py  wsgi.py

[root@c3fe74f742ac archery]# cp settings.py settings.py.bak

[root@c3fe74f742ac archery]# vim settings.py  ( 修改 LDAP 相關的部分如下內容 )

# LDAP

#ENABLE_LDAP = False

ENABLE_LDAP = True

if ENABLE_LDAP:

    import ldap

    from django_auth_ldap.config import LDAPSearch

    AUTHENTICATION_BACKENDS = (

        'django_auth_ldap.backend.LDAPBackend',  # 配置為先使用LDAP認證，如透過認證則不再使用後面的認證方式

        'django.contrib.auth.backends.ModelBackend',  # django系統中手動建立的使用者也可使用，優先順序靠後。注意這2行的順序

    )

    AUTH_LDAP_SERVER_URI = "ldap://192.168.1.1"

    AUTH_LDAP_BIND_DN = "cn=admin,dc=xxxxx,dc=cn"

    AUTH_LDAP_BIND_PASSWORD = "xxxxxxx"

    AUTH_LDAP_USER_SEARCH = LDAPSearch('ou=user,dc=xxxxxx,dc=cn',ldap.SCOPE_SUBTREE,'(uid=%(user)s)',)

    AUTH_LDAP_ALWAYS_UPDATE_USER = True  # 每次登入從ldap同步使用者資訊

    AUTH_LDAP_USER_ATTR_MAP = {  # key為archery.sql_users欄位名，value為ldap中欄位名，使用者同步資訊

        "username": "cn",

        "display": "displayname",

        "email": "mail"

    }

2、重啟下相關容器

[root@localhost ~]# docker restart 87

[root@localhost ~]# docker ps  | grep archery

87cfaee82763   hhyo/archery:1.8.0          "dockerize -wait tcp…"   3 weeks ago   Up 13 minutes   0.0.0.0:9123->9123/tcp, :::9123->9123/tcp                        archery

3.檢視docker logs日誌：

# docker logs archery -f --tail=50

[2022-05-12 16:39:20 +0800] [39] [INFO] Started server process [39]

[2022-05-12 16:39:20 +0800] [39] [INFO] Waiting for application startup.

[2022-05-12 16:39:20 +0800] [39] [INFO] ASGI 'lifespan' protocol appears unsupported.

[2022-05-12 16:39:20 +0800] [39] [INFO] Application startup complete.

[2022-05-12 16:39:20 +0800] [40] [INFO] Started server process [40]

[2022-05-12 16:39:20 +0800] [40] [INFO] Waiting for application startup.

[2022-05-12 16:39:20 +0800] [40] [INFO] ASGI 'lifespan' protocol appears unsupported.

[2022-05-12 16:39:20 +0800] [40] [INFO] Application startup complete.

[2022-05-12 16:39:20 +0800] [41] [INFO] Started server process [41]

[2022-05-12 16:39:20 +0800] [41] [INFO] Waiting for application startup.

[2022-05-12 16:39:20 +0800] [41] [INFO] ASGI 'lifespan' protocol appears unsupported.

[2022-05-12 16:39:20 +0800] [41] [INFO] Application startup complete.

[2022-05-12 16:39:47,540][ThreadPoolExecutor-0_0:140568935855872][task_id:django_auth_ldap][backend.py:657][WARNING]- cn=zhangyu,ou=user,dc=ienglish,dc=cn does not have a value for the attribute displayname

[2022-05-12 16:40:36,595][ThreadPoolExecutor-0_0:140568935855872][task_id:django_auth_ldap][backend.py:657][WARNING]- cn=zhaoyanchang,ou=user,dc=ienglish,dc=cn does not have a value for the attribute displayname

[2022-05-12 16:40:56,469][ThreadPoolExecutor-0_0:140568935855872][task_id:django_auth_ldap][backend.py:657][WARNING]- cn=zhangyu,ou=user,dc=ienglish,dc=cn does not have a value for the attribute displayname

2022/05/12 16:55:32 Received signal: terminated

2022/05/12 16:55:32 Command exited with error: signal: terminated

2022/05/12 16:55:33 Waiting for: tcp://mysql:3306

2022/05/12 16:55:33 Waiting for: tcp://redis:6379

2022/05/12 16:55:33 Connected to tcp://redis:6379

2022/05/12 16:55:33 Connected to tcp://mysql:3306

切換python執行環境

修改重定向埠

啟動nginx

收集所有的靜態檔案到STATIC_ROOT

啟動Django Q cluster

啟動服務

[2022-05-12 16:55:35 +0800] [38] [INFO] Starting gunicorn 20.0.4

[2022-05-12 16:55:35 +0800] [38] [INFO] Listening at:  (38)

[2022-05-12 16:55:35 +0800] [38] [INFO] Using worker: uvicorn.workers.UvicornWorker

[2022-05-12 16:55:35 +0800] [40] [INFO] Booting worker with pid: 40

[2022-05-12 16:55:35 +0800] [41] [INFO] Booting worker with pid: 41

[2022-05-12 16:55:35 +0800] [42] [INFO] Booting worker with pid: 42

[2022-05-12 16:55:35 +0800] [43] [INFO] Booting worker with pid: 43

[2022-05-12 16:55:35 +0800] [40] [INFO] Started server process [40]

[2022-05-12 16:55:35 +0800] [40] [INFO] Waiting for application startup.

[2022-05-12 16:55:35 +0800] [40] [INFO] ASGI 'lifespan' protocol appears unsupported.

[2022-05-12 16:55:35 +0800] [40] [INFO] Application startup complete.

[2022-05-12 16:55:35 +0800] [41] [INFO] Started server process [41]

[2022-05-12 16:55:35 +0800] [41] [INFO] Waiting for application startup.

[2022-05-12 16:55:35 +0800] [41] [INFO] ASGI 'lifespan' protocol appears unsupported.

[2022-05-12 16:55:35 +0800] [41] [INFO] Application startup complete.

[2022-05-12 16:55:35 +0800] [42] [INFO] Started server process [42]

[2022-05-12 16:55:35 +0800] [42] [INFO] Waiting for application startup.

[2022-05-12 16:55:35 +0800] [42] [INFO] ASGI 'lifespan' protocol appears unsupported.

[2022-05-12 16:55:35 +0800] [42] [INFO] Application startup complete.

[2022-05-12 16:55:35 +0800] [43] [INFO] Started server process [43]

[2022-05-12 16:55:35 +0800] [43] [INFO] Waiting for application startup.

[2022-05-12 16:55:35 +0800] [43] [INFO] ASGI 'lifespan' protocol appears unsupported.

[2022-05-12 16:55:35 +0800] [43] [INFO] Application startup complete.

4.用ldap賬號登入頁面進行測試。