沃梦达 / 编程技术 / 编程语言 / php开发 / 正文

Centos6.8OpenLDAP+PhpLdapAdmin部署

php开发
2023-09-01

一、OpenLDAP安装及配置1、安装openldap及配置yum install -y openldap openldap-* rpm -qa|grep openldapopenldap-clients-2.4.40-16.el6.x86_64openldap-servers-2.4.40-16.el6.x86_64openldap-servers-sql-2...

一、OpenLDAP安装及配置

1、安装openldap及配置

yum install -y openldap openldap-* 

rpm -qa|grep openldap
openldap-clients-2.4.40-16.el6.x86_64
openldap-servers-2.4.40-16.el6.x86_64
openldap-servers-sql-2.4.40-16.el6.x86_64
openldap-2.4.40-16.el6.x86_64
openldap-devel-2.4.40-16.el6.x86_64

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

2、生成openldap密码

[root@qas-openldap-nodes01 ~]# slappasswd -s qas@2018
{SSHA}R5Pyt+KNMgxf71fLF8/y89gJgs/Uxfqp

3、修改slapd.conf

grep -n ^[a-Z] /etc/openldap/slapd.conf

6:include       /etc/openldap/schema/corba.schema
7:include       /etc/openldap/schema/core.schema
8:include       /etc/openldap/schema/cosine.schema
9:include       /etc/openldap/schema/duaconf.schema
10:include      /etc/openldap/schema/dyngroup.schema
11:include      /etc/openldap/schema/inetorgperson.schema
12:include      /etc/openldap/schema/java.schema
13:include      /etc/openldap/schema/misc.schema
14:include      /etc/openldap/schema/nis.schema
15:include      /etc/openldap/schema/openldap.schema
16:include      /etc/openldap/schema/ppolicy.schema
17:include      /etc/openldap/schema/collective.schema
20:allow bind_v2
26:pidfile      /var/run/openldap/slapd.pid
27:argsfile /var/run/openldap/slapd.args
66:TLSCACertificatePath /etc/openldap/certs
67:TLSCertificateFile "\"OpenLDAP Server\""
68:TLSCertificateKeyFile /etc/openldap/certs/password
98:database config
99:access to *
104:database monitor
105:access to *
114:database    bdb
115:suffix      "dc=qas-domain,dc=com"
116:checkpoint  1024 15
117:rootdn      "cn=Manager,dc=qas-domain,dc=com"
122:rootpw      {SSHA}R5Pyt+KNMgxf71fLF8/y89gJgs/Uxfqp
127:directory   /var/lib/ldap
130:index objectClass                       eq,pres
131:index ou,cn,mail,surname,givenname      eq,pres,sub
132:index uidNumber,gidNumber,loginShell    eq,pres
133:index uid,memberUid                     eq,pres,sub
134:index nisMapName,nisMapEntry            eq,pres,sub

4、检测并重新生成ldap数据库

[root@qas-openldap-nodes01 ~]# rm -rf /etc/openldap/slapd.d/*

[root@qas-openldap-nodes01 ~]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
5bcac4b6 bdb_db_open: database "dc=qas-domain,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
5bcac4b6 backend_startup_one (type=bdb, suffix="dc=qas-domain,dc=com"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

[root@qas-openldap-nodes01 ~]# slaptest -u
config file testing succeeded

[root@qas-openldap-nodes01 ~]# ll /etc/openldap/slapd.d/*
-rw-------. 1 root root 1259 10月 20 14:01 /etc/openldap/slapd.d/cn=config.ldif

/etc/openldap/slapd.d/cn=config:
总用量 80
drwxr-x---. 2 root root  4096 10月 20 14:01 cn=schema
-rw-------. 1 root root 59398 10月 20 14:01 cn=schema.ldif
-rw-------. 1 root root   663 10月 20 14:01 olcDatabase={0}config.ldif
-rw-------. 1 root root   596 10月 20 14:01 olcDatabase={-1}frontend.ldif
-rw-------. 1 root root   695 10月 20 14:01 olcDatabase={1}monitor.ldif
-rw-------. 1 root root  2724 10月 20 14:01 olcDatabase={2}bdb.ldif

5、修改相关ldap文件权限

chown -R ldap:ldap /var/lib/ldap/
chown -R ldap:ldap /etc/openldap/

6、启动slapd服务

/etc/init.d/slapd start
/etc/init.d/slapd status
lsof -i:389

二、migrationtools安装及配置

yum install migrationtools -y

vim /usr/share/migrationtools/migrate_common.ph
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "qas-domain.com";

# Default base 
$DEFAULT_BASE = "dc=qas-domain,dc=com";

cd /etc/openldap/
/usr/share/migrationtools/migrate_base.pl >base.ldif
grep -n ^[a-Z] base.ldif
1:dn: dc=qas-domain,dc=com
2:dc: qas-domain
3:objectClass: top
4:objectClass: domain
6:dn: ou=Hosts,dc=qas-domain,dc=com
7:ou: Hosts
8:objectClass: top
9:objectClass: organizationalUnit
11:dn: ou=Rpc,dc=qas-domain,dc=com
12:ou: Rpc
13:objectClass: top
14:objectClass: organizationalUnit
16:dn: ou=Services,dc=qas-domain,dc=com
17:ou: Services
18:objectClass: top
19:objectClass: organizationalUnit
21:dn: nisMapName=netgroup.byuser,dc=qas-domain,dc=com
22:nismapname: netgroup.byuser
23:objectClass: top
24:objectClass: nisMap
26:dn: ou=Mounts,dc=qas-domain,dc=com
27:ou: Mounts
28:objectClass: top
29:objectClass: organizationalUnit
31:dn: ou=Networks,dc=qas-domain,dc=com
32:ou: Networks
33:objectClass: top
34:objectClass: organizationalUnit
36:dn: ou=People,dc=qas-domain,dc=com
37:ou: People
38:objectClass: top
39:objectClass: organizationalUnit
41:dn: ou=Group,dc=qas-domain,dc=com
42:ou: Group
43:objectClass: top
44:objectClass: organizationalUnit
46:dn: ou=Netgroup,dc=qas-domain,dc=com
47:ou: Netgroup
48:objectClass: top
49:objectClass: organizationalUnit
51:dn: ou=Protocols,dc=qas-domain,dc=com
52:ou: Protocols
53:objectClass: top
54:objectClass: organizationalUnit
56:dn: ou=Aliases,dc=qas-domain,dc=com
57:ou: Aliases
58:objectClass: top
59:objectClass: organizationalUnit
61:dn: nisMapName=netgroup.byhost,dc=qas-domain,dc=com
62:nismapname: netgroup.byhost
63:objectClass: top
64:objectClass: nisMap

ldapadd -x -D "cn=Manager,dc=qas-domain,dc=com" -W -f /etc/openldap/base.ldif
Enter LDAP Password: #输入密码qas@2018
adding new entry "dc=qas-domain,dc=com"

adding new entry "ou=Hosts,dc=qas-domain,dc=com"

adding new entry "ou=Rpc,dc=qas-domain,dc=com"

adding new entry "ou=Services,dc=qas-domain,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=qas-domain,dc=com"

adding new entry "ou=Mounts,dc=qas-domain,dc=com"

adding new entry "ou=Networks,dc=qas-domain,dc=com"

adding new entry "ou=People,dc=qas-domain,dc=com"

adding new entry "ou=Group,dc=qas-domain,dc=com"

adding new entry "ou=Netgroup,dc=qas-domain,dc=com"

adding new entry "ou=Protocols,dc=qas-domain,dc=com"

adding new entry "ou=Aliases,dc=qas-domain,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=qas-domain,dc=com"

ldapsearch -x -D "cn=Manager,dc=qas-domain,dc=com" -b "ou=Aliases,dc=qas-domain,dc=com" -W 
Enter LDAP Password: #输入密码qas@2018
# extended LDIF
#
# LDAPv3
# base <ou=Aliases,dc=qas-domain,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Aliases, qas-domain.com
dn: ou=Aliases,dc=qas-domain,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

三、phpldapadmin 安装及配置

yum install -y httpd phpldapadmin 
vim /etc/httpd/conf.d/phpldapadmin.conf
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    Require local
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
    Allow from all 
  </IfModule>
</Directory>
vim /etc/phpldapadmin/config.php
$servers->setValue('login','attr','dn');
修改为:
$servers->setValue('login','attr','dn');

/etc/init.d/httpd start

http://172.16.8.251/phpldapadmin/

本文标题为:Centos6.8OpenLDAP+PhpLdapAdmin部署

上一篇: mac nginx 安装及PHP配置
下一篇: linux下设置php执行命令

基础教程推荐

学习HTML
学习jQuery
学习Laravel
学习CSS3
学习Vue.js
学习Bootstrap5
学习ThinkPHP
学习AJAX
猜你喜欢
最新文章
热门文章
编程基础
热门标签
网站首页 HTML/CSS 菜单 Layui Yii2