09-OpenLDAP加密传输配置
OpenLDAP加密传输配置(CA服务器与openldap服务器异机)
阅读视图
- 环境准备
- CA证书服务器搭建
- OpenLDAP服务端与CA集成
- OpenLDAP客户端配置
- 客户端测试验证
- 故障处理
1. 环境准备
- 服务器规划
主机 | 系统版本 | IP地址 | 主机名 | 时间同步 | 防火墙 | SElinux |
---|---|---|---|---|---|---|
ldap服务端 | Centos 6.9最小化安装 | 192.168.244.17 | mldap01.gdy.com | 必须同步 | 关闭 | 关闭 |
ldap客户端 | Centos 6.9最小化安装 | 192.168.244.18 | test01.gdy.com | 必须同步 | 关闭 | 关闭 |
CA证书服务器 | Centos 6.9最小化安装 | 192.168.244.23 | mldap01.gdy.com | 必须同步 | 关闭 | 关闭 |
- 本文环境按照02-openldap服务端安装配置搭建出最基本的环境,用户数据来自02-openldap服务端安装配置中的第十步
2. CA证书服务器搭建
安装OpenSSL软件
[root@ca ~]# rpm -qa | grep openssl openssl-1.0.1e-57.el6.x86_64
CA中心生成自身私钥,命令如下。
[root@ca ~]# cd /etc/pki/CA/ [root@ca CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) Generating RSA private key, 2048 bit long modulus .................................................+++ ......................+++ e is 65537 (0x10001)
CA签发自身公钥,命令如下。
[root@ca CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 36500 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]:GDY Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname) []:ca.gdy.com Email Address []:ca@gdy.com
其中,各个字段含义如下。
- Country Name(2 letter code):两个字母的国家代号
- State or Province Name(full name)[]:省份
- Locality Name(eg, city)[Default City]:市或地区
- Organization Name(eg, company)[Default Company Ltd]: 公司名称
- Organizational Unit Name(eg, section)[]:部门名称,例如Tech
- Common Name(eg, your name or your server's hostname)[]:通用名称,例如OL服务器的域名或IP地址。
- Email Address []:邮件地址
创建数据库文件及证书序列文件,命令如下
[root@ca CA]# ls -lh total 20K -rw-r--r-- 1 root root 1.4K Jun 1 17:04 cacert.pem drwxr-xr-x. 2 root root 4.0K Mar 23 2017 certs drwxr-xr-x. 2 root root 4.0K Mar 23 2017 crl drwxr-xr-x. 2 root root 4.0K Mar 23 2017 newcerts drwx------. 2 root root 4.0K Jun 1 17:01 private [root@ca CA]# touch serial index.txt [root@ca CA]# echo "01" > serial
目录文件用途如下
- cacert.pem:CA自身证书文件(可根据自己需求进行修改)
- certs:客户端证书存放目录
- crl:CA吊销的客户端证书存放目录
- newcerts:生成新证书存放目录
- index.txt:存放客户端证书信息
- serial:客户端证书编号(编号可自定义),用于识别客户端证书。
- private:存放CA自身私钥的目录
通过OpenSSL命令获取根证书信息,命令如下
[root@ca CA]# openssl x509 -noout -text -in /etc/pki/CA/cacert.pem Certificate:Data:Version: 3 (0x2)Serial Number: 14795263444614255073 (0xcd5355b6d68e11e1)Signature Algorithm: sha1WithRSAEncryptionIssuer: C=CN, ST=Shanghai, L=Shanghai, O=GDY, OU=Tech, CN=ca.gdy.com/emailAddress=ca@gdy.comValidityNot Before: Jun 5 07:06:49 2018 GMTNot After : May 12 07:06:49 2118 GMTSubject: C=CN, ST=Shanghai, L=Shanghai, O=GDY, OU=Tech, CN=ca.gdy.com/emailAddress=ca@gdy.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (2048 bit)Modulus:00:ba:0a:fa:87:16:4b:75:94:d6:98:a5:75:f5:93:44:60:0c:c4:bc:d6:5e:3e:be:4c:29:41:36:5c:2d:b8:c8:1e:97:10:38:0a:2d:60:0e:d9:38:5f:f5:7b:ab:af:b6:35:d5:48:c0:50:c3:1e:17:5b:a8:c6:f8:75:55:c7:0b:fb:7e:68:fc:a6:77:f9:7a:9a:d0:8f:5a:c6:ca:c7:a7:b5:34:d4:ca:13:d6:3c:b6:aa:86:7e:8f:17:24:f7:ce:b0:5f:11:3b:8a:6a:40:50:cc:5c:b5:cc:b3:e2:17:be:f6:ab:f6:ae:6a:2f:58:88:5f:12:65:58:cb:17:5e:00:51:ec:31:64:a7:d6:02:63:b3:63:cc:00:87:49:67:a2:60:a0:82:ed:a8:08:c5:77:c1:0a:04:42:9d:f2:c5:31:e7:b4:ee:67:f7:28:05:27:a0:b3:06:b0:89:b5:8d:3c:14:79:6c:30:ca:d3:90:8f:e5:72:61:13:c3:4d:bc:5a:80:9f:85:3a:20:4c:9b:0d:bb:c0:bd:d5:98:65:0b:0e:29:e2:45:ed:c2:e8:1c:74:e7:94:9b:07:49:28:06:13:44:98:b5:a9:e3:46:59:99:77:e8:12:a8:91:38:bc:9f:ef:48:b2:8f:58:8d:7c:a3:ba:fb:4f:e3:7b:8c:65:20:6bExponent: 65537 (0x10001)X509v3 extensions:X509v3 Subject Key Identifier: FA:19:3B:1E:FA:2A:FE:CD:F7:CA:A3:D4:31:08:52:AF:72:08:ED:1DX509v3 Authority Key Identifier: keyid:FA:19:3B:1E:FA:2A:FE:CD:F7:CA:A3:D4:31:08:52:AF:72:08:ED:1DX509v3 Basic Constraints: CA:TRUESignature Algorithm: sha1WithRSAEncryption38:9c:52:b7:a2:d8:03:60:ec:78:2a:4b:9b:b8:02:10:44:09:39:d3:e9:d0:b2:9a:bc:d5:2d:1d:a1:92:12:d7:06:c7:2c:c7:27:95:a5:8d:f1:db:e5:7b:09:d4:0e:a1:70:d9:d9:59:7b:54:5a:a0:19:b8:d4:ec:36:23:cf:8f:c1:a3:c3:a6:99:a6:3e:dc:1c:cc:8a:53:20:07:a6:f7:5d:c2:9d:7f:e2:ef:07:eb:f3:ca:c2:9b:6d:47:f1:34:70:e7:56:44:db:2d:8a:46:26:21:ce:99:62:21:b2:05:51:86:8c:ba:25:9e:3b:81:e8:0f:68:73:21:75:d7:64:c2:ed:4a:3b:4a:9d:74:da:ca:3a:4f:df:1f:c1:a5:88:6e:08:a8:2f:9b:f8:75:00:0d:53:6b:be:24:97:f8:03:6a:69:87:56:ec:57:ae:85:a4:9c:71:fa:dd:f8:e6:d9:8c:69:d8:ab:66:6e:da:c8:5d:2f:a7:34:b5:17:65:79:3e:02:d9:81:64:6e:37:9d:e6:26:59:18:73:83:f6:06:c4:a0:ff:7e:90:e2:a3:5f:a7:01:41:c0:e6:bc:c8:ce:b6:19:0a:78:19:f6:16:9d:45:9b:e3:46:9c:6f:ca:d5:29:61:4b:38:95:e9:65:b5:62:8d:78:c4:83:8b:f8:10
自建CA完成
3. OpenLDAP服务端与CA集成
在openldap服务器上生成密钥
[root@mldap01 ~]# mkdir -pv /etc/openldap/ssl mkdir: created directory `/etc/openldap/ssl' [root@mldap01 ~]# cd /etc/openldap/ssl [root@mldap01 ssl]# (umask 077; openssl genrsa -out ldapkey.pem 1024) Generating RSA private key, 1024 bit long modulus ............................++++++ ...++++++ e is 65537 (0x10001) [root@mldap01 ssl]# ls -lh total 4.0K -rw------- 1 root root 887 Jun 5 15:26 ldapkey.pem
OpenLDAP服务端向CA申请证书签署请求,命令如下
[root@mldap01 ssl]# openssl req -new -key ldapkey.pem -out ldap.csr -days 36500 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]:GDY Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname) []:mldap01.gdy.com Email Address []:mldap@gdy.comPlease enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
CA服务器核实并签发证书
如果CA服务器与openldap服务器不在同一台,需要将上述步骤生成的ldap.csr文件上传到CA服务器签署
先在openldap服务器上将ldap.csr文件上传到CA服务器签署 [root@mldap01 ssl]# scp ldap.csr root@ca:/root/ The authenticity of host 'ca (192.168.244.23)' can't be established. RSA key fingerprint is 1a:8a:57:12:ee:68:91:a4:bd:c5:48:f1:03:a9:5f:9c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ca,192.168.244.23' (RSA) to the list of known hosts. root@ca's password: ldap.csr 100% 696 0.7KB/s 00:00 [root@ca ~]# openssl ca -in ldap.csr -out ldapcert.pem -days 36500 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Jun 5 10:00:26 2018 GMTNot After : May 12 10:00:26 2118 GMTSubject:countryName = CNstateOrProvinceName = ShanghaiorganizationName = GDYorganizationalUnitName = TechcommonName = mldap01.gdy.comemailAddress = mldap@gdy.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: 26:1C:25:DA:AD:A0:E3:72:43:CD:AC:7F:77:9E:37:BD:1B:EF:1A:FEX509v3 Authority Key Identifier: keyid:CB:DE:C2:81:45:FE:B3:10:02:95:DA:49:16:F6:FA:03:13:F6:3E:2ECertificate is to be certified until May 12 10:00:26 2118 GMT (36500 days) Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated然后将生成的ldapcert.pem文件和ca公钥文件发送至Openldap服务器/etc/openldap/ssl目录下 [root@ca ~]# scp ldapcert.pem /etc/pki/CA/cacert.pem root@192.168.244.17:/etc/openldap/ssl/ The authenticity of host '192.168.244.17 (192.168.244.17)' can't be established. RSA key fingerprint is 1a:8a:57:12:ee:68:91:a4:bd:c5:48:f1:03:a9:5f:9c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.244.17' (RSA) to the list of known hosts. root@192.168.244.17's password: ldapcert.pem 100% 3828 3.7KB/s 00:00 cacert.pem 100% 1391 1.4KB/s 00:00
OpenLDAP TLS/SASL部署
修改证书权限 [root@mldap01 ssl]# chown ldap.ldap -R /etc/openldap [root@mldap01 ssl]# chmod -R 0400 /etc/openldap/ssl/*修改OpenLDAP配置文件,添加证书文件 [root@mldap01 ~]# vim /etc/openldap/slapd.conf #TLSCACertificatePath /etc/openldap/certs #TLSCertificateFile "\"OpenLDAP Server\"" #TLSCertificateKeyFile /etc/openldap/certs/password TLSCACertificateFile /etc/openldap/ssl/cacert.pem TLSCertificateFile /etc/openldap/ssl/ldapcert.pem TLSCertificateKeyFile /etc/openldap/ssl/ldapkey.pem TlsVerifyClient never
TLSVerifyClient 设置是否验证客户端身份。Value可以取下面几个值
- never: 服务器响应用户请求时,不需要验证客户端的身份,只需要提供CA公有证书即可。
- allow:服务器响应用户请求时,服务要求验证客户端的身份,如果客户端没有证书或者证书无效,会话依然进行。
- try:客户端提供证书,如果证书有误,则终止连接。若无证书,会话继续进行。
- demand:服务器端需要对客户端证书进行验证,客户端需要向CA申请证书。
开启OpenSSL功能,命令如下
```shell
[root@mldap01 ~]# vim /etc/sysconfig/ldap
# Options of slapd (see man slapd)
#SLAPD_OPTIONS=# At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to 'yes'!
#
# Run slapd with -h "... ldap:/// ..."
# yes/no, default: yes
SLAPD_LDAP=yes# Run slapd with -h "... ldapi:/// ..."
# yes/no, default: yes
SLAPD_LDAPI=yes# Run slapd with -h "... ldaps:/// ..."
# yes/no, default: no
SLAPD_LDAPS=yes
```删除并重新生成默认数据配置库
shell [root@mldap01 ~]# rm -rf /etc/openldap/slapd.d/* [root@mldap01 ~]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ config file testing succeeded [root@mldap01 ~]# chown ldap.ldap -R /etc/openldap/ [root@mldap01 ~]# /etc/init.d/slapd restart Stopping slapd: [ OK ] Starting slapd: [ OK ]
通过CA证书公钥验证OpenLDAP服务端证书的合法性,命令如下
[root@mldap01 ~]# openssl verify -CAfile /etc/pki/CA/cacert.pem /etc/openldap/ssl/ldapcert.pem /etc/openldap/ssl/ldapcert.pem: OK
确认当前套接字是否通过CA的验证,命令如下
[root@mldap01 ssl]# openssl s_client -connect mldap01.gdy.com:636 -showcerts -state -CAfile /etc/openldap/ssl/cacert.pem CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 C = CN, ST = Shanghai, L = Shanghai, O = GDY, OU = Tech, CN = ca.gdy.com, emailAddress = ca@gdy.com verify return:1 depth=0 C = CN, ST = Shanghai, O = GDY, OU = Tech, CN = mldap01.gdy.com, emailAddress = mldap@gdy.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=CN/ST=Shanghai/O=GDY/OU=Tech/CN=mldap01.gdy.com/emailAddress=mldap@gdy.com i:/C=CN/ST=Shanghai/L=Shanghai/O=GDY/OU=Tech/CN=ca.gdy.com/emailAddress=ca@gdy.com -----BEGIN CERTIFICATE----- MIIDajCCAlKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCQ04x
4. OpenLDAP客户端配置
将CA公钥证书发送至客户端
[root@mldap01 ssl]# scp cacert.pem root@192.168.244.18:/etc/openldap/ssl/
配置
/etc/openldap/ldap.conf
[root@test01 ~]# grep -Ev "^$|^#" /etc/openldap/ldap.conf TLS_CACERTDIR /etc/openldap/ssl TLS_CACERT /etc/openldap/ssl/cacert.pem TLS_REQCERT never BASE dc=gdy,dc=com URI ldaps://mldap01.gdy.com
TLS_REQCERT [never allow try demand | hard] # 设置是否在TLS会话中检查server证书。
- Never:不检查任何证书。
- Allow:检查server证书,没有证书或证书错误,都允许连接。
- Try:检查server证书,没有证书(允许连接),证书错误(终止连接)。
- demand | hard:检查server证书,没有证书或证书错误都将立即终止连接。
配置
/etc/nslcd.conf
[root@test01 ~]# grep -Ev "^$|^#" /etc/nslcd.conf uid nslcd gid ldap uri ldaps://mldap01.gdy.com base dc=gdy,dc=com ssl on tls_cacertdir /etc/openldap/ssl tls_cacertfile /etc/openldap/ssl/cacert.pem tls_reqcert never
配置
/etc/pam_ldap.conf
[root@test01 ~]# grep -Ev "^$|^#" /etc/pam_ldap.conf host 127.0.0.1 base dc=gdy,dc=com uri ldaps://mldap01.gdy.com ssl on tls_cacertdir /etc/openldap/ssl tls_cacertfile /etc/openldap/ssl/cacert.pem tls_reqcert never bind_policy soft
5. 客户端测试验证
通过客户端匿名测试SSL连接是否正常,命令如下
[root@test01 ~]# ldapwhoami -v -x -Z ldap_initialize( <DEFAULT> ) ldap_start_tls: Operations error (1)additional info: TLS already started anonymous Result: Success (0)
LDAP用户验证密码, 命令如下
[root@test01 ~]# ldapwhoami -D "uid=user1,ou=people,dc=gdy,dc=com" -W -H ldaps://mldap01.gdy.com -v ldap_initialize( ldaps://mldap01.gdy.com:636/??base ) Enter LDAP Password: dn:uid=user1,ou=people,dc=gdy,dc=com Result: Success (0)
在客户端搜索OpenLDAP域信息, 命令如下
[root@test01 ~]# ldapsearch -x -b 'dc=gdy,dc=com' -H ldaps://mldap01.gdy.com # extended LDIF # # LDAPv3 # base <dc=gdy,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL ## gdy.com dn: dc=gdy,dc=com dc: gdy objectClass: top objectClass: domain# people, gdy.com ... 省略
故障处理
openssl s_client连接时报错如下
[root@mldap01 ~]# openssl s_client -connect mldap01.gdy.com:636 -showcerts -state -CAfile /etc/openldap/ssl/cacert.pem CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A 139640374728520:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 247 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
没有解决:openldap和ca服务器不在同一台时没有这个问题, 下次我ca和ldap服务器使用同一个名字试试
转载于:https://www.cnblogs.com/cishi/p/9160562.html
09-OpenLDAP加密传输配置相关推荐
- Openldap配置TLS加密传输(完整版——shell脚本实现[分别在客户端与服务器端执行脚本,实现TLS加密])
此脚本中只是负责实现了TLS加密配置部分,openLDAP的编译安装以及设置是前期已经配置好的! 具体的配置看上上篇文章openLDAP的编译安装以及配置. 注意slapd.conf中的配置,脚本中为 ...
- Openldap配置TLS加密传输(完整版——shell脚本实现[即在客户端执行代码,即可实现TLS加密])
此脚本中只是负责实现了TLS加密配置部分,openLDAP的编译安装以及设置是前期已经配置好的! 具体的配置看上上篇文章openLDAP的编译安装以及配置. 注意slapd.conf中的配置,脚本中为 ...
- Openldap配置TLS加密传输(完整版——手动配置)
首先要实现openLDAP的编译安装以及配置 openLDAP的编译安装以及配置 注意:上篇中的 3. 主配置文件slapd.conf 中 信息如下所示: ...
- 烂泥:OpenLDAP安装与配置
一.OpenLDAP简介 二.初始化环境 三.安装OpenLDAP 四.配置OpenLDAP 4.1 配置OpenLDAP管理员密码 4.2 修改olcDatabase={2}hdb.ldif文件 4 ...
- DM8的TLS加密认证配置相关
1.为什么要使用SSL/TLS数字证书? 安装了SSL/TLS证书之后,可以保证客户端到服务器端之间的安全通信,数字证书采用非对称加密方式.虽然经过对称加密方式后的数据也无法被破译,但在使用了数字 ...
- 《Linux/UNIX OpenLDAP实战指南》——2.5 OpenLDAP单节点配置案例
本节书摘来自异步社区<Linux/UNIX OpenLDAP实战指南>一书中的第2章,第2.5节,作者:郭大勇著,更多章节内容可以访问云栖社区"异步社区"公众号查看 2 ...
- LinuxProbe 0x16 安装Bind服务程序、正向/反向解析、从署服务器、加密传输dns、缓存服务器、分离解析
几天没写, csdn的编辑器都换了, 找不到之前的入口了, 新的编辑器不是很好用,不知道排版出来怎么样,将就看吧... 安装Bind服务程序 BIND(Berkeley Internet Name D ...
- 使用JavaMail发送邮件,465端口开启ssl加密传输
自己的项目在本地发邮件没任何问题.但部署到服务器,发送邮件显示连接异常.原来是云服务器出于安全考虑,关闭了服务器的25端口,而25端口是smtp的默认端口.所以使用465端口开启ssl加密传输 代码: ...
- 用spring搭建微信公众号开发者模式下服务器处理用户消息的加密传输构架(java)
要搭建加密传输的微信公众号消息传输,首先要在开发这平台下载一下微信加密的相关jar包,并做一些准备.准备的步骤如下: 1.打开开发者文档,找到消息加减密--->接入指引,如下图所示: 2.在页面 ...
最新文章
- VS2013引入boost库编译时出现'QueueUserAPC' : is not a member of '`global namespace'
- 第二次作业+105032014101
- binary masks_Python中的Masks概念
- 十六个字 一辈子学不完
- 局域网内数据采集总结(三)
- oracle gather trace,Oracle 12C R2-新特性-新增两个视图:方便查看trace文件和内容
- KaimingInit论文的译读笔记
- 从数据库导出到EXCEL文件的sql语句
- 报错AttributeError: Can‘t pickle local object ‘Worker.__init__.<locals>.<lambda>‘解决办法
- DFA敏感词过滤算法详解
- WordPress 最新RiPro9.0修正升级版+WP两款美化包+稀有插件
- 解决sqliteman创建失败的一种方法
- python中match函数的用法_python repython re.match函数怎么来使用
- 神经网络学习小记录63——Keras 图像处理中注意力机制的代码详解与应用
- C++中的函数原型和函数定义
- 2020 年博客总结
- 黄天不负有心人,拥有属于自己的LOGO
- (转)x264代码详细阅读之x264.c,common.c,encoder.c
- 计算机组成 vhdl cpu 实验 西安交大,基于FPGA的VHDL计算机组成实验平台的设计与实现...
- (操作系统开发)从实模式---->保护模式---->IA-32e模式( 64位模式)
热门文章
- Java流程控制03 循环结构 While循环 DoWhile循环 For循环 增强型For循环
- java面板中添加面板_java – 在面板中添加一个复杂的图像,在一个定制的用户界面中使用按钮...
- 2_python基础—格式化符号(输入、输出、转义、结束)
- mysql的游标处理_mysql 存储过程、游标及逐行处理的配合使用
- cmake字符串转数组_JS 数组中你或许不知道的操作
- matlab音频信号的采样与重构,信号与系统实验(MATLAB 西电版)实验21 综合实验2-音频信号的采样与重构.ppt...
- yolov3为什么对大目标检测不好_从YOLOv1到YOLOv3,目标检测的进化之路
- 函数不可访问_Java中的不可变总结
- spring cloud全家桶_吃透这份Github点赞120k的Spring全家桶笔记Offer拿到手软
- php串行化场景,PHP中串行化的使用