From 352d65dd7747efa427bb9f32c51a90742889f026 Mon Sep 17 00:00:00 2001
From: Guwan <Guwan@Guwan.com>
Date: Fri, 29 Aug 2025 01:23:33 +0800
Subject: [PATCH] fix: first

---
 dex_config.yaml               | 44 ++++++++++++++++++++++
 docker-compose-mattermost.yml | 69 ++++++++++++++++++++++++++++++++++-
 2 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100644 dex_config.yaml

diff --git a/dex_config.yaml b/dex_config.yaml
new file mode 100644
index 0000000..567cd7c
--- /dev/null
+++ b/dex_config.yaml
@@ -0,0 +1,44 @@
+issuer: http://localhost:5556/dex
+
+storage:
+  type: memory
+
+web:
+  http: 0.0.0.0:5556
+
+connectors:
+- type: ldap
+  id: ldap
+  name: LDAP
+  config:
+    host: ldap:389
+    insecureNoSSL: true
+    bindDN: cn=admin,dc=example,dc=com
+    bindPW: admin
+    userSearch:
+      baseDN: ou=people,dc=example,dc=com
+      filter: "(objectClass=inetOrgPerson)"
+      username: uid
+      idAttr: uid
+      emailAttr: mail
+      nameAttr: cn
+    groupSearch:
+      baseDN: ou=groups,dc=example,dc=com
+      filter: "(objectClass=groupOfNames)"
+      userMatchers:
+      - userAttr: DN
+        groupAttr: member
+      nameAttr: cn
+
+oauth2:
+  skipApprovalScreen: true
+
+staticClients:
+- id: mattermost
+  redirectURIs:
+  - 'http://localhost:8065/signup/openid/complete'
+  - 'http://localhost:8065/login/openid/complete'
+  name: 'Mattermost'
+  secret: mattermost-secret-key-12345
+
+enablePasswordDB: false
diff --git a/docker-compose-mattermost.yml b/docker-compose-mattermost.yml
index 7be53b7..ce8310b 100644
--- a/docker-compose-mattermost.yml
+++ b/docker-compose-mattermost.yml
@@ -1,6 +1,44 @@
 version: "3.8"
 
 services:
+  # LDAP服务
+  ldap:
+    image: osixia/openldap:1.5.0
+    container_name: ldap
+    environment:
+      LDAP_ORGANISATION: "Example Inc."
+      LDAP_DOMAIN: "example.com"
+      LDAP_ADMIN_PASSWORD: "admin"
+      LDAP_CONFIG_PASSWORD: "config"
+      LDAP_READONLY_USER: "false"
+      LDAP_RFC2307BIS_SCHEMA: "false"
+      LDAP_BACKEND: "mdb"
+      LDAP_TLS: "true"
+      LDAP_TLS_CRT_FILENAME: "ldap.crt"
+      LDAP_TLS_KEY_FILENAME: "ldap.key"
+      LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
+      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
+      LDAP_TLS_ENFORCE: "false"
+      LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
+      LDAP_TLS_VERIFY_CLIENT: "demand"
+      LDAP_REPLICATION: "false"
+      KEEP_EXISTING_CONFIG: "false"
+      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+      LDAP_SSL_HELPER_PREFIX: "ldap"
+    tty: true
+    stdin_open: true
+    volumes:
+      - ldap_data:/var/lib/ldap
+      - ldap_config:/etc/ldap/slapd.d
+    ports:
+      - "389:389"
+      - "636:636"
+    hostname: ldap.example.com
+    networks:
+      - mattermost_network
+
+
+
   # Mattermost Team Edition
   mattermost:
     image: mattermost/mattermost-team-edition:latest
@@ -28,6 +66,14 @@ services:
       
       # 用户配置
       MM_TEAMSETTINGS_ENABLEUSERCREATION: "true"
+
+      # OpenID Connect (Other) 配置（用于连接Dex）
+      MM_OPENIDSETTINGS_ENABLE: "true"
+      MM_OPENIDSETTINGS_ID: "mattermost"
+      MM_OPENIDSETTINGS_SECRET: "mattermost-secret-key-12345"
+      MM_OPENIDSETTINGS_DISCOVERYENDPOINT: "http://localhost:5556/dex/.well-known/openid_configuration"
+      MM_OPENIDSETTINGS_BUTTONTEXT: "使用LDAP登录"
+      MM_OPENIDSETTINGS_BUTTONCOLOR: "#145DBF"
       MM_TEAMSETTINGS_ENABLEOPENSERVER: "true"
       MM_SERVICESETTINGS_ENABLEEMAILINVITATIONS: "false"
       
@@ -44,7 +90,6 @@ services:
       - mattermost_network
     volumes:
       - ./mattermost_data:/mattermost/data
-      - ./mattermost_config:/mattermost/config
       - ./mattermost_logs:/mattermost/logs
       - ./mattermost_plugins:/mattermost/plugins
     restart: unless-stopped
@@ -76,9 +121,31 @@ services:
       retries: 3
       start_period: 30s
 
+  # Dex OAuth2 Provider (连接LDAP)
+  dex:
+    image: dexidp/dex:v2.37.0
+    container_name: dex
+    ports:
+      - "5556:5556"
+    volumes:
+      - ./dex_config.yaml:/etc/dex/config.yaml:ro
+    command: ["dex", "serve", "/etc/dex/config.yaml"]
+    networks:
+      - mattermost_network
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5556/dex/healthz"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
 networks:
   mattermost_network:
     driver: bridge
 
+volumes:
+  ldap_data:
+  ldap_config:
+
 # 使用绑定挂载，数据存储在当前目录下
 # volumes 部分已删除，因为使用 ./目录 的绑定挂载