安裝環境
系統:centos7.3
安裝包:
yum install -y openldap-*
如果yum安裝沒有包,則需要修改yum源 ps:如果上面成功,則跳過此步驟
cd /etc/yum.repos.d vim epel.repo [epel] name=aliyun epel baseurl=http://mirrors.aliyun.com/epel/7Server/x86_64/ gpgcheck=0 yum install -y openldap-servers openldap-clients migrationtools
應用配置
配置openldap管理員密碼,記錄最後一行信息,後續要用到
slappasswd new password: 123456 re-enter new password:123456 {SSHA}pGybT1cAqDtSA910VC/E7v1CJgd6dnl6
修改賬號及密碼配置信息
cd /etc/openldap/slapd.d/cn\=config/ vi olcDatabase\=\{2\}hdb.ldif 增加一行 olcRootPW: {SSHA}pGybT1cAqDtSA910VC/E7v1CJgd6dnl6 #上面記錄的信息 修改域信息 olcSuffix: dc=youle,dc=com olcRootDN: cn=root,dc=baidu,dc=com
修改域信息
vi olcDatabase\=\{1\}monitor.ldif #修改第6行即可 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 cc022f33 dn: olcDatabase={1}monitor objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" read by dn.base="cn=root,dc=baidu,dc=com" read by * none structuralObjectClass: olcDatabaseConfig entryUUID: 49640e2e-4aa2-1038-8a24-734b1758055b creatorsName: cn=config createTimestamp: 20180912063904Z entryCSN: 20180912063904.724806Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20180912063904Z
測試配置文件是否正確
[root@kube-node1 cn=config]# slaptest -u 5ba1c858 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif" 5ba1c858 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif" config file testing succeeded
啓動服務
systemctl start slapd systemctl enable slapd
至此服務搭建完畢,但還是不可用,需要對數據進行一些必要的操作
初始化數據庫
導入用戶到ldap數據庫
cd /etc/openldap/schema ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
安裝phpldapadmin
安裝相關軟件
yum install -y httpd yum -y install php php-mbstring php-pear yum --enablerepo=epel -y install phpldapadmin
修改apache配置文件
vim /etc/httpd/conf/httpd.conf 151行 AllowOverride all 164行 DirectoryIndex index.html index.cfi index.php systemctl start httpd systemctl enable httpd
修改php配置文件
vim +878 /etc/php.ini date.timezone = "Asia/Shanghai"
修改phpldapadmin配置文件
vim /etc/phpldapadmin/config.php # line 397: uncomment, line 398: comment out $servers->setValue('login','attr','dn'); // $servers->setValue('login','attr','uid');
修改apache虛擬主機配置文件
vim /etc/httpd/conf.d/phpldapadmin.conf Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs> <IfModule mod_authz_core.c> # Apache 2.4 Require local Require ip 172.16.0.0/16 </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory>
重啓服務,並訪問
systemctl restart httpd x.x.x.x/ldapadmin/
參考鏈接:http://blog.51cto.com/gaowenlong/1887408
參考鏈接:https://www.cnblogs.com/fatt/p/7081635.html