OpenLDAP加密传输配置(CA服务器与openldap服务器异机)

阅读视图

  1. 环境准备
  2. CA证书服务器搭建
  3. OpenLDAP服务端与CA集成
  4. OpenLDAP客户端配置
  5. 客户端测试验证
  6. 故障处理

1. 环境准备

  1. 服务器规划
主机 系统版本 IP地址 主机名 时间同步 防火墙 SElinux
ldap服务端 Centos 6.9最小化安装 192.168.244.17 mldap01.gdy.com 必须同步 关闭 关闭
ldap客户端 Centos 6.9最小化安装 192.168.244.18 test01.gdy.com 必须同步 关闭 关闭
CA证书服务器 Centos 6.9最小化安装 192.168.244.23 mldap01.gdy.com 必须同步 关闭 关闭
  1. 本文环境按照02-openldap服务端安装配置搭建出最基本的环境,用户数据来自02-openldap服务端安装配置中的第十步

2. CA证书服务器搭建

  1. 安装OpenSSL软件

    [root@ca ~]# rpm -qa | grep openssl
    
openssl-1.0.1e-57.el6.x86_64

  2. CA中心生成自身私钥,命令如下。

    [root@ca ~]# cd /etc/pki/CA/
    
[root@ca CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
    
Generating RSA private key, 2048 bit long modulus
    
.................................................+++
    
......................+++
    
e is 65537 (0x10001)

  3. CA签发自身公钥,命令如下。

    [root@ca CA]# openssl  req -new -x509 -key private/cakey.pem -out cacert.pem -days 36500
    
You are about to be asked to enter information that will be incorporated
    
into your certificate request.
    
What you are about to enter is what is called a Distinguished Name or a DN.
    
There are quite a few fields but you can leave some blank
    
For some fields there will be a default value,
    
If you enter '.', the field will be left blank.
    
-----
    
Country Name (2 letter code) [XX]:CN
    
State or Province Name (full name) []:Shanghai
    
Locality Name (eg, city) [Default City]:Shanghai
    
Organization Name (eg, company) [Default Company Ltd]:GDY
    
Organizational Unit Name (eg, section) []:Tech
    
Common Name (eg, your name or your server's hostname) []:ca.gdy.com
    
Email Address []:ca@gdy.com

    其中,各个字段含义如下。

    • Country Name(2 letter code):两个字母的国家代号
    • State or Province Name(full name)[]:省份
    • Locality Name(eg, city)[Default City]:市或地区
    • Organization Name(eg, company)[Default Company Ltd]: 公司名称
    • Organizational Unit Name(eg, section)[]:部门名称,例如Tech
    • Common Name(eg, your name or your server's hostname)[]:通用名称,例如OL服务器的域名或IP地址。
    • Email Address []:邮件地址

  4. 创建数据库文件及证书序列文件,命令如下

    [root@ca CA]# ls -lh
    
total 20K
    
-rw-r--r--  1 root root 1.4K Jun  1 17:04 cacert.pem
    
drwxr-xr-x. 2 root root 4.0K Mar 23  2017 certs
    
drwxr-xr-x. 2 root root 4.0K Mar 23  2017 crl
    
drwxr-xr-x. 2 root root 4.0K Mar 23  2017 newcerts
    
drwx------. 2 root root 4.0K Jun  1 17:01 private
    
[root@ca CA]# touch serial index.txt
    
[root@ca CA]# echo "01" > serial

    目录文件用途如下

    • cacert.pem:CA自身证书文件(可根据自己需求进行修改)
    • certs:客户端证书存放目录
    • crl:CA吊销的客户端证书存放目录
    • newcerts:生成新证书存放目录
    • index.txt:存放客户端证书信息
    • serial:客户端证书编号(编号可自定义),用于识别客户端证书。
    • private:存放CA自身私钥的目录

  5. 通过OpenSSL命令获取根证书信息,命令如下

    [root@ca CA]# openssl x509 -noout -text -in /etc/pki/CA/cacert.pem
    
Certificate:
    
    Data:
    
        Version: 3 (0x2)
    
        Serial Number: 14795263444614255073 (0xcd5355b6d68e11e1)
    
    Signature Algorithm: sha1WithRSAEncryption
    
        Issuer: C=CN, ST=Shanghai, L=Shanghai, O=GDY, OU=Tech, CN=ca.gdy.com/emailAddress=ca@gdy.com
    
        Validity
    
            Not Before: Jun  5 07:06:49 2018 GMT
    
            Not After : May 12 07:06:49 2118 GMT
    
        Subject: C=CN, ST=Shanghai, L=Shanghai, O=GDY, OU=Tech, CN=ca.gdy.com/emailAddress=ca@gdy.com
    
        Subject Public Key Info:
    
            Public Key Algorithm: rsaEncryption
    
                Public-Key: (2048 bit)
    
                Modulus:
    
                    00:ba:0a:fa:87:16:4b:75:94:d6:98:a5:75:f5:93:
    
                    44:60:0c:c4:bc:d6:5e:3e:be:4c:29:41:36:5c:2d:
    
                    b8:c8:1e:97:10:38:0a:2d:60:0e:d9:38:5f:f5:7b:
    
                    ab:af:b6:35:d5:48:c0:50:c3:1e:17:5b:a8:c6:f8:
    
                    75:55:c7:0b:fb:7e:68:fc:a6:77:f9:7a:9a:d0:8f:
    
                    5a:c6:ca:c7:a7:b5:34:d4:ca:13:d6:3c:b6:aa:86:
    
                    7e:8f:17:24:f7:ce:b0:5f:11:3b:8a:6a:40:50:cc:
    
                    5c:b5:cc:b3:e2:17:be:f6:ab:f6:ae:6a:2f:58:88:
    
                    5f:12:65:58:cb:17:5e:00:51:ec:31:64:a7:d6:02:
    
                    63:b3:63:cc:00:87:49:67:a2:60:a0:82:ed:a8:08:
    
                    c5:77:c1:0a:04:42:9d:f2:c5:31:e7:b4:ee:67:f7:
    
                    28:05:27:a0:b3:06:b0:89:b5:8d:3c:14:79:6c:30:
    
                    ca:d3:90:8f:e5:72:61:13:c3:4d:bc:5a:80:9f:85:
    
                    3a:20:4c:9b:0d:bb:c0:bd:d5:98:65:0b:0e:29:e2:
    
                    45:ed:c2:e8:1c:74:e7:94:9b:07:49:28:06:13:44:
    
                    98:b5:a9:e3:46:59:99:77:e8:12:a8:91:38:bc:9f:
    
                    ef:48:b2:8f:58:8d:7c:a3:ba:fb:4f:e3:7b:8c:65:
    
                    20:6b
    
                Exponent: 65537 (0x10001)
    
        X509v3 extensions:
    
            X509v3 Subject Key Identifier:
    
                FA:19:3B:1E:FA:2A:FE:CD:F7:CA:A3:D4:31:08:52:AF:72:08:ED:1D
    
            X509v3 Authority Key Identifier:
    
                keyid:FA:19:3B:1E:FA:2A:FE:CD:F7:CA:A3:D4:31:08:52:AF:72:08:ED:1D

            X509v3 Basic Constraints:
    
                CA:TRUE
    
    Signature Algorithm: sha1WithRSAEncryption
    
        38:9c:52:b7:a2:d8:03:60:ec:78:2a:4b:9b:b8:02:10:44:09:
    
        39:d3:e9:d0:b2:9a:bc:d5:2d:1d:a1:92:12:d7:06:c7:2c:c7:
    
        27:95:a5:8d:f1:db:e5:7b:09:d4:0e:a1:70:d9:d9:59:7b:54:
    
        5a:a0:19:b8:d4:ec:36:23:cf:8f:c1:a3:c3:a6:99:a6:3e:dc:
    
        1c:cc:8a:53:20:07:a6:f7:5d:c2:9d:7f:e2:ef:07:eb:f3:ca:
    
        c2:9b:6d:47:f1:34:70:e7:56:44:db:2d:8a:46:26:21:ce:99:
    
        62:21:b2:05:51:86:8c:ba:25:9e:3b:81:e8:0f:68:73:21:75:
    
        d7:64:c2:ed:4a:3b:4a:9d:74:da:ca:3a:4f:df:1f:c1:a5:88:
    
        6e:08:a8:2f:9b:f8:75:00:0d:53:6b:be:24:97:f8:03:6a:69:
    
        87:56:ec:57:ae:85:a4:9c:71:fa:dd:f8:e6:d9:8c:69:d8:ab:
    
        66:6e:da:c8:5d:2f:a7:34:b5:17:65:79:3e:02:d9:81:64:6e:
    
        37:9d:e6:26:59:18:73:83:f6:06:c4:a0:ff:7e:90:e2:a3:5f:
    
        a7:01:41:c0:e6:bc:c8:ce:b6:19:0a:78:19:f6:16:9d:45:9b:
    
        e3:46:9c:6f:ca:d5:29:61:4b:38:95:e9:65:b5:62:8d:78:c4:
    
        83:8b:f8:10

  6. 自建CA完成

3. OpenLDAP服务端与CA集成

  1. 在openldap服务器上生成密钥

    [root@mldap01 ~]# mkdir -pv /etc/openldap/ssl
    
mkdir: created directory `/etc/openldap/ssl'
    
[root@mldap01 ~]# cd /etc/openldap/ssl
    
[root@mldap01 ssl]# (umask 077; openssl genrsa -out ldapkey.pem 1024)
    
Generating RSA private key, 1024 bit long modulus
    
............................++++++
    
...++++++
    
e is 65537 (0x10001)
    
[root@mldap01 ssl]# ls -lh
    
total 4.0K
    
-rw------- 1 root root 887 Jun  5 15:26 ldapkey.pem

  2. OpenLDAP服务端向CA申请证书签署请求,命令如下

    [root@mldap01 ssl]# openssl req -new -key ldapkey.pem -out ldap.csr -days 36500
    
You are about to be asked to enter information that will be incorporated
    
into your certificate request.
    
What you are about to enter is what is called a Distinguished Name or a DN.
    
There are quite a few fields but you can leave some blank
    
For some fields there will be a default value,
    
If you enter '.', the field will be left blank.
    
-----
    
Country Name (2 letter code) [XX]:CN
    
State or Province Name (full name) []:Shanghai
    
Locality Name (eg, city) [Default City]:Shanghai
    
Organization Name (eg, company) [Default Company Ltd]:GDY
    
Organizational Unit Name (eg, section) []:Tech
    
Common Name (eg, your name or your server's hostname) []:mldap01.gdy.com
    
Email Address []:mldap@gdy.com

Please enter the following 'extra' attributes
    
to be sent with your certificate request
    
A challenge password []:
    
An optional company name []:

  3. CA服务器核实并签发证书

    如果CA服务器与openldap服务器不在同一台,需要将上述步骤生成的ldap.csr文件上传到CA服务器签署

    先在openldap服务器上将ldap.csr文件上传到CA服务器签署
    
[root@mldap01 ssl]# scp ldap.csr root@ca:/root/
    
The authenticity of host 'ca (192.168.244.23)' can't be established.
    
RSA key fingerprint is 1a:8a:57:12:ee:68:91:a4:bd:c5:48:f1:03:a9:5f:9c.
    
Are you sure you want to continue connecting (yes/no)? yes
    
Warning: Permanently added 'ca,192.168.244.23' (RSA) to the list of known hosts.
    
root@ca's password:
    
ldap.csr                                                                                                                      100%  696     0.7KB/s   00:00  

[root@ca ~]# openssl ca -in ldap.csr -out ldapcert.pem -days 36500
    
Using configuration from /etc/pki/tls/openssl.cnf
    
Check that the request matches the signature
    
Signature ok
    
Certificate Details:
    
        Serial Number: 1 (0x1)
    
        Validity
    
            Not Before: Jun  5 10:00:26 2018 GMT
    
            Not After : May 12 10:00:26 2118 GMT
    
        Subject:
    
            countryName               = CN
    
            stateOrProvinceName       = Shanghai
    
            organizationName          = GDY
    
            organizationalUnitName    = Tech
    
            commonName                = mldap01.gdy.com
    
            emailAddress              = mldap@gdy.com
    
        X509v3 extensions:
    
            X509v3 Basic Constraints:
    
                CA:FALSE
    
            Netscape Comment:
    
                OpenSSL Generated Certificate
    
            X509v3 Subject Key Identifier:
    
                26:1C:25:DA:AD:A0:E3:72:43:CD:AC:7F:77:9E:37:BD:1B:EF:1A:FE
    
            X509v3 Authority Key Identifier:
    
                keyid:CB:DE:C2:81:45:FE:B3:10:02:95:DA:49:16:F6:FA:03:13:F6:3E:2E

Certificate is to be certified until May 12 10:00:26 2118 GMT (36500 days)
    
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
    
Write out database with 1 new entries
    
Data Base Updated

然后将生成的ldapcert.pem文件和ca公钥文件发送至Openldap服务器/etc/openldap/ssl目录下
    
[root@ca ~]# scp ldapcert.pem /etc/pki/CA/cacert.pem root@192.168.244.17:/etc/openldap/ssl/
    
The authenticity of host '192.168.244.17 (192.168.244.17)' can't be established.
    
RSA key fingerprint is 1a:8a:57:12:ee:68:91:a4:bd:c5:48:f1:03:a9:5f:9c.
    
Are you sure you want to continue connecting (yes/no)? yes
    
Warning: Permanently added '192.168.244.17' (RSA) to the list of known hosts.
    
root@192.168.244.17's password:
    
ldapcert.pem                                                                                                                  100% 3828     3.7KB/s   00:00
    
cacert.pem                                                                                                                    100% 1391     1.4KB/s   00:00

  4. OpenLDAP TLS/SASL部署

    修改证书权限
    
[root@mldap01 ssl]# chown ldap.ldap -R /etc/openldap
    
[root@mldap01 ssl]# chmod -R 0400 /etc/openldap/ssl/*

修改OpenLDAP配置文件,添加证书文件
    
[root@mldap01 ~]# vim /etc/openldap/slapd.conf
    
#TLSCACertificatePath /etc/openldap/certs
    
#TLSCertificateFile "\"OpenLDAP Server\""
    
#TLSCertificateKeyFile /etc/openldap/certs/password
    
TLSCACertificateFile /etc/openldap/ssl/cacert.pem
    
TLSCertificateFile /etc/openldap/ssl/ldapcert.pem
    
TLSCertificateKeyFile  /etc/openldap/ssl/ldapkey.pem
    
TlsVerifyClient never

    TLSVerifyClient 设置是否验证客户端身份。Value可以取下面几个值

    • never: 服务器响应用户请求时,不需要验证客户端的身份,只需要提供CA公有证书即可。
    • allow:服务器响应用户请求时,服务要求验证客户端的身份,如果客户端没有证书或者证书无效,会话依然进行。
    • try:客户端提供证书,如果证书有误,则终止连接。若无证书,会话继续进行。
    • demand:服务器端需要对客户端证书进行验证,客户端需要向CA申请证书。

    开启OpenSSL功能,命令如下

    [root@mldap01 ~]# vim /etc/sysconfig/ldap
    
# Options of slapd (see man slapd)
    
#SLAPD_OPTIONS=

# At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to 'yes'!
    
#
    
# Run slapd with -h "... ldap:/// ..."
    
#   yes/no, default: yes
    
SLAPD_LDAP=yes

# Run slapd with -h "... ldapi:/// ..."
    
#   yes/no, default: yes
    
SLAPD_LDAPI=yes

# Run slapd with -h "... ldaps:/// ..."
    
#   yes/no, default: no
    
SLAPD_LDAPS=yes

    删除并重新生成默认数据配置库

    [root@mldap01 ~]# rm -rf /etc/openldap/slapd.d/*
    
[root@mldap01 ~]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
    
config file testing succeeded
    
[root@mldap01 ~]# chown ldap.ldap -R /etc/openldap/
    
[root@mldap01 ~]# /etc/init.d/slapd restart
    
Stopping slapd:                                            [  OK  ]
    
Starting slapd:                                            [  OK  ]

  5. 通过CA证书公钥验证OpenLDAP服务端证书的合法性,命令如下

    [root@mldap01 ~]# openssl verify -CAfile /etc/pki/CA/cacert.pem /etc/openldap/ssl/ldapcert.pem
    
/etc/openldap/ssl/ldapcert.pem: OK

  6. 确认当前套接字是否通过CA的验证,命令如下

    [root@mldap01 ssl]# openssl s_client -connect mldap01.gdy.com:636 -showcerts -state -CAfile /etc/openldap/ssl/cacert.pem
    
CONNECTED(00000003)
    
SSL_connect:before/connect initialization
    
SSL_connect:SSLv2/v3 write client hello A
    
SSL_connect:SSLv3 read server hello A
    
depth=1 C = CN, ST = Shanghai, L = Shanghai, O = GDY, OU = Tech, CN = ca.gdy.com, emailAddress = ca@gdy.com
    
verify return:1
    
depth=0 C = CN, ST = Shanghai, O = GDY, OU = Tech, CN = mldap01.gdy.com, emailAddress = mldap@gdy.com
    
verify return:1
    
SSL_connect:SSLv3 read server certificate A
    
SSL_connect:SSLv3 read server key exchange A
    
SSL_connect:SSLv3 read server done A
    
SSL_connect:SSLv3 write client key exchange A
    
SSL_connect:SSLv3 write change cipher spec A
    
SSL_connect:SSLv3 write finished A
    
SSL_connect:SSLv3 flush data
    
SSL_connect:SSLv3 read finished A
    
---
    
Certificate chain
    
0 s:/C=CN/ST=Shanghai/O=GDY/OU=Tech/CN=mldap01.gdy.com/emailAddress=mldap@gdy.com
    
i:/C=CN/ST=Shanghai/L=Shanghai/O=GDY/OU=Tech/CN=ca.gdy.com/emailAddress=ca@gdy.com
    
-----BEGIN CERTIFICATE-----
    
MIIDajCCAlKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCQ04x

4. OpenLDAP客户端配置

  1. 将CA公钥证书发送至客户端

    [root@mldap01 ssl]# scp cacert.pem root@192.168.244.18:/etc/openldap/ssl/

  2. 配置/etc/openldap/ldap.conf

    [root@test01 ~]# grep -Ev "^$|^#" /etc/openldap/ldap.conf
    
TLS_CACERTDIR /etc/openldap/ssl
    
TLS_CACERT /etc/openldap/ssl/cacert.pem
    
TLS_REQCERT never
    
BASE dc=gdy,dc=com
    
URI ldaps://mldap01.gdy.com

    TLS_REQCERT [never allow try demand | hard] # 设置是否在TLS会话中检查server证书。

    • Never:不检查任何证书。
    • Allow:检查server证书,没有证书或证书错误,都允许连接。
    • Try:检查server证书,没有证书(允许连接),证书错误(终止连接)。
    • demand | hard:检查server证书,没有证书或证书错误都将立即终止连接。

  3. 配置/etc/nslcd.conf

    [root@test01 ~]# grep -Ev "^$|^#" /etc/nslcd.conf
    
uid nslcd
    
gid ldap
    
uri ldaps://mldap01.gdy.com
    
base dc=gdy,dc=com
    
ssl on
    
tls_cacertdir /etc/openldap/ssl
    
tls_cacertfile /etc/openldap/ssl/cacert.pem
    
tls_reqcert never

  4. 配置/etc/pam_ldap.conf

    [root@test01 ~]# grep -Ev "^$|^#" /etc/pam_ldap.conf
    
host 127.0.0.1
    
base dc=gdy,dc=com
    
uri ldaps://mldap01.gdy.com
    
ssl on
    
tls_cacertdir /etc/openldap/ssl
    
tls_cacertfile /etc/openldap/ssl/cacert.pem
    
tls_reqcert never
    
bind_policy soft

5. 客户端测试验证

  1. 通过客户端匿名测试SSL连接是否正常,命令如下

    [root@test01 ~]# ldapwhoami -v -x -Z
    
ldap_initialize( <DEFAULT> )
    
ldap_start_tls: Operations error (1)
    
        additional info: TLS already started
    
anonymous
    
Result: Success (0)

  2. LDAP用户验证密码, 命令如下

    [root@test01 ~]# ldapwhoami -D "uid=user1,ou=people,dc=gdy,dc=com" -W -H ldaps://mldap01.gdy.com -v
    
ldap_initialize( ldaps://mldap01.gdy.com:636/??base )
    
Enter LDAP Password:
    
dn:uid=user1,ou=people,dc=gdy,dc=com
    
Result: Success (0)

  3. 在客户端搜索OpenLDAP域信息, 命令如下

    [root@test01 ~]# ldapsearch -x -b 'dc=gdy,dc=com' -H ldaps://mldap01.gdy.com
    
# extended LDIF
    
#
    
# LDAPv3
    
# base <dc=gdy,dc=com> with scope subtree
    
# filter: (objectclass=*)
    
# requesting: ALL
    
#

# gdy.com
    
dn: dc=gdy,dc=com
    
dc: gdy
    
objectClass: top
    
objectClass: domain

# people, gdy.com
    
... 省略

故障处理

  1. openssl s_client连接时报错如下

    [root@mldap01 ~]# openssl s_client -connect mldap01.gdy.com:636 -showcerts -state -CAfile /etc/openldap/ssl/cacert.pem
    
CONNECTED(00000003)
    
SSL_connect:before/connect initialization
    
SSL_connect:SSLv2/v3 write client hello A
    
139640374728520:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
    
---
    
no peer certificate available
    
---
    
No client certificate CA names sent
    
---
    
SSL handshake has read 0 bytes and written 247 bytes
    
---
    
New, (NONE), Cipher is (NONE)
    
Secure Renegotiation IS NOT supported
    
Compression: NONE
    
Expansion: NONE
    
---

    没有解决:openldap和ca服务器不在同一台时没有这个问题, 下次我ca和ldap服务器使用同一个名字试试

09-OpenLDAP加密传输配置的更多相关文章

  1. openldap加密传输sssd

    http://blog.father.gedow.net/2015/09/29/sssd-ldap-sudo/ yum -y install openldap-clients sssd authcon ...

  2. openldap加密传输 nslcd

    http://www.openldap.org/faq/data/cache/185.html https://www.ibm.com/developerworks/cn/linux/1312_zha ...

  3. MQTT TLS 加密传输

    MQTT TLS 加密传输 Mosquitto原生支持了TLS加密,TLS(传输层安全)是SSL(安全套接层)的新名称,生成证书后再配置一下MQTT代理,本文主要介绍Mqtt如何实现双向认证和单向认证 ...

  4. 工作中拓展的加密解密传输方式. DES对称加密传输.

    系统间通过xml传输, 不能采用明文, 就加密传输. 秘钥(真正有效的是前8位)存储于配置中. public static string EncryptStr(this string content, ...

  5. 一步步改造wcf,数据加密传输-匿名客户端加密传输

    一步步改造wcf,数据加密传输-匿名客户端加密传输 百度搜索wcf加密传输,资料挺多,真真正正能用的确不多. 一是本来就很复杂,而是各位大神给的资料不足.本人今天来提供一个简易方法. 匿名客户端加密传 ...

  6. webservice 采用SSL实现加密传输

    本文转自:http://book.51cto.com/art/200906/129770.htm http://yeweiyun868.blog.163.com/blog/static/5637844 ...

  7. .net mvc 站点自带简易SSL加密传输 Word报告自动生成(例如 导出数据库结构) 微信小程序:动画(Animation) SignalR 设计理念(一) ASP.NET -- WebForm -- ViewState ASP.NET -- 一般处理程序ashx 常用到的一些js方法,记录一下 CryptoJS与C#AES加解密互转

    .net mvc 站点自带简易SSL加密传输   因项目需要,传输数据需要加密,因此有了一些经验,现简易抽出来分享! 请求:前端cryptojs用rsa/aes 或 rsa/des加密,后端.net ...

  8. [转]webservice 采用SSL实现加密传输

    本文转自:http://book.51cto.com/art/200906/129770.htm http://yeweiyun868.blog.163.com/blog/static/5637844 ...

  9. iOS应用将强制使用HTTPS安全加密-afn配置https(190926更新)

    WWDC 2016苹果开发者大会上,苹果在讲解全新的iOS10中提到了数据安全这一方面,并且苹果宣布iOS应用将从2017年1月起启用名为App Transport Security的安全传输功能. ...

随机推荐

  1. RabbitMQ常见错误1

    java.lang.IllegalStateException: Invalid configuration: 'exchange' must be non-null. at com.rabbitmq ...

  2. 课程四(Convolutional Neural Networks),第四 周(Special applications: Face recognition & Neural style transfer) —— 2.Programming assignments:Art generation with Neural Style Transfer

    Deep Learning & Art: Neural Style Transfer Welcome to the second assignment of this week. In thi ...

  3. Studying

    美团spark实践:http://tech.meituan.com/spark-in-meituan.html CDH5.6.0-HBase1.0.0:http://archive.cloudera. ...

  4. Jenkins系列之一——初识

    Jenkins Jenkins是一个开源软件项目,是基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能. 功能 Jenkins功能包括 ...

  5. Angular学习第一步

    前端开发越来越流行了,作为后端开发人员,也开始需要学习前端了.随着前端技术的发展,前端技术也越来越复杂,复杂程度不亚于后端,各种框架各种设计模式前端都用上了,什么AngularJS,Angular, ...

  6. 内核知识第六讲,内核编写规范,以及获取GDT表

    内核知识第六讲,内核编写规范,以及获取GDT表 一丶内核驱动编写规范 我们都知道,在ring3下,如果我们的程序出错了.那么就崩溃了.但是在ring0下,只要我们的程序崩溃了.那么直接就蓝屏了. 那么 ...

  7. spring boot 2.0 源码分析(一)

    在学习spring boot 2.0源码之前,我们先利用spring initializr快速地创建一个基本的简单的示例: 1.先从创建示例中的main函数开始读起: package com.exam ...

  8. C# ListView解读

    一.ListView类 1.常用的基本属性: (1)FullRowSelect:设置是否行选择模式.(默认为false) 提示:只有在Details视图该属性才有意义. (2) GridLines:设 ...

  9. OpenCV设置保存图像压缩率

    OpenCV写入静态图片时,imwrite函数第三个参数可以设置压缩率,默认值为95. cv::Mat inImage= cv::imread("lena.jpg"); vecto ...

  10. IOS中input键盘事件支持的解决方法

    欢迎大家去我的网站详细查看http://genghongshuo.com.cn/ IOS中input键盘事件keyup.keydown.等支持不是很好, 用input监听键盘keyup事件,在安卓手机 ...