fix: first

2025-08-29 01:23:33 +08:00 · 2025-08-29 01:23:33 +08:00 · 352d65dd77
parent e7f3f387ce
commit 352d65dd77
2 changed files with 112 additions and 1 deletions
--- a/dex_config.yaml
+++ b/dex_config.yaml
@ -0,0 +1,44 @@
+issuer: http://localhost:5556/dex
+
+storage:
+  type: memory
+
+web:
+  http: 0.0.0.0:5556
+
+connectors:
+- type: ldap
+  id: ldap
+  name: LDAP
+  config:
+    host: ldap:389
+    insecureNoSSL: true
+    bindDN: cn=admin,dc=example,dc=com
+    bindPW: admin
+    userSearch:
+      baseDN: ou=people,dc=example,dc=com
+      filter: "(objectClass=inetOrgPerson)"
+      username: uid
+      idAttr: uid
+      emailAttr: mail
+      nameAttr: cn
+    groupSearch:
+      baseDN: ou=groups,dc=example,dc=com
+      filter: "(objectClass=groupOfNames)"
+      userMatchers:
+      - userAttr: DN
+        groupAttr: member
+      nameAttr: cn
+
+oauth2:
+  skipApprovalScreen: true
+
+staticClients:
+- id: mattermost
+  redirectURIs:
+  - 'http://localhost:8065/signup/openid/complete'
+  - 'http://localhost:8065/login/openid/complete'
+  name: 'Mattermost'
+  secret: mattermost-secret-key-12345
+
+enablePasswordDB: false
--- a/docker-compose-mattermost.yml
+++ b/docker-compose-mattermost.yml
@ -1,6 +1,44 @@
 version: "3.8"

 services:
+  # LDAP服务
+  ldap:
+    image: osixia/openldap:1.5.0
+    container_name: ldap
+    environment:
+      LDAP_ORGANISATION: "Example Inc."
+      LDAP_DOMAIN: "example.com"
+      LDAP_ADMIN_PASSWORD: "admin"
+      LDAP_CONFIG_PASSWORD: "config"
+      LDAP_READONLY_USER: "false"
+      LDAP_RFC2307BIS_SCHEMA: "false"
+      LDAP_BACKEND: "mdb"
+      LDAP_TLS: "true"
+      LDAP_TLS_CRT_FILENAME: "ldap.crt"
+      LDAP_TLS_KEY_FILENAME: "ldap.key"
+      LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
+      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
+      LDAP_TLS_ENFORCE: "false"
+      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
+      LDAP_TLS_VERIFY_CLIENT: "demand"
+      LDAP_REPLICATION: "false"
+      KEEP_EXISTING_CONFIG: "false"
+      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+      LDAP_SSL_HELPER_PREFIX: "ldap"
+    tty: true
+    stdin_open: true
+    volumes:
+      - ldap_data:/var/lib/ldap
+      - ldap_config:/etc/ldap/slapd.d
+    ports:
+      - "389:389"
+      - "636:636"
+    hostname: ldap.example.com
+    networks:
+      - mattermost_network
+
+
+
  # Mattermost Team Edition
  mattermost:
    image: mattermost/mattermost-team-edition:latest
@ -28,6 +66,14 @@ services:
      
      # 用户配置
      MM_TEAMSETTINGS_ENABLEUSERCREATION: "true"
+
+      # OpenID Connect (Other) 配置（用于连接Dex）
+      MM_OPENIDSETTINGS_ENABLE: "true"
+      MM_OPENIDSETTINGS_ID: "mattermost"
+      MM_OPENIDSETTINGS_SECRET: "mattermost-secret-key-12345"
+      MM_OPENIDSETTINGS_DISCOVERYENDPOINT: "http://localhost:5556/dex/.well-known/openid_configuration"
+      MM_OPENIDSETTINGS_BUTTONTEXT: "使用LDAP登录"
+      MM_OPENIDSETTINGS_BUTTONCOLOR: "#145DBF"
      MM_TEAMSETTINGS_ENABLEOPENSERVER: "true"
      MM_SERVICESETTINGS_ENABLEEMAILINVITATIONS: "false"
      
@ -44,7 +90,6 @@ services:
      - mattermost_network
    volumes:
      - ./mattermost_data:/mattermost/data
-      - ./mattermost_config:/mattermost/config
      - ./mattermost_logs:/mattermost/logs
      - ./mattermost_plugins:/mattermost/plugins
    restart: unless-stopped
@ -76,9 +121,31 @@ services:
      retries: 3
      start_period: 30s

+  # Dex OAuth2 Provider (连接LDAP)
+  dex:
+    image: dexidp/dex:v2.37.0
+    container_name: dex
+    ports:
+      - "5556:5556"
+    volumes:
+      - ./dex_config.yaml:/etc/dex/config.yaml:ro
+    command: ["dex", "serve", "/etc/dex/config.yaml"]
+    networks:
+      - mattermost_network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5556/dex/healthz"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
 networks:
  mattermost_network:
    driver: bridge

+volumes:
+  ldap_data:
+  ldap_config:
+
 # 使用绑定挂载，数据存储在当前目录下
 # volumes 部分已删除，因为使用 ./目录 的绑定挂载