加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > 安全 > 正文

OpenLDAP服务端+PhpLdapAdmin 基本安装与配置

发布时间:2020-12-15 16:38:28 所属栏目:安全 来源:网络整理
导读:转载:http://blog.csdn.net/post_yuan/article/details/53129735 参考了一些其他人写的一些关于安装配置OpenLDAP的文章,于是乎手痒痒也自己动手尝试了一下安装与配置OpenLDAP,并安装PhpLdapAdmin用来通过WEB界面去管理LDAP。 下面就详细介绍如何一步步安

转载:http://blog.csdn.net/post_yuan/article/details/53129735


参考了一些其他人写的一些关于安装配置OpenLDAP的文章,于是乎手痒痒也自己动手尝试了一下安装与配置OpenLDAP,并安装PhpLdapAdmin用来通过WEB界面去管理LDAP。

下面就详细介绍如何一步步安装配置LDAP服务器,仅供参考~


1 yum安装OpenLDAP

[html] view plain copy
  1. <spanstyle="font-size:14px;">[root@ha-3yum.repos.d]#yuminstallopenldapopenldap-*-y
  2. [root@ha-3yum.repos.d]#rpm-qa|grepopenldap
  3. openldap-servers-2.4.40-12.el6.x86_64
  4. openldap-devel-2.4.40-12.el6.x86_64
  5. openldap-servers-sql-2.4.40-12.el6.x86_64
  6. openldap-clients-2.4.40-12.el6.x86_64
  7. openldap-2.4.40-12.el6.x86_64
  8. </span>

2 配置ldap,包括准备DB_CONFIG和slapd.conf

copy
    >[root@ha-3yum.repos.d]#cp/usr/share/openldap-servers/DB_CONFIG.example/var/lib/ldap/DB_CONFIG
  1. [root@ha-3yum.repos.d]#cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.conf>

3 生成ldap管理员密码

copy
    >[root@ha-3yum.repos.d]#slappasswd-sldap123
  1. {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ>

4 修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码

copy
    >databasebdb
  1. suffix"dc=esgyn,dc=com"
  2. checkpoint102415
  3. rootdn"cn=Manager,dc=esgyn,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> #Cleartextpasswords,especiallyfortherootdn,should
  4. #beavoided.Seeslappasswd(8)andslapd.conf(5)fordetails.
  5. #USEOfstrongauthenticationencouraged.
  6. #rootpwsecret
  7. #rootpw{crypt}ijFYNcSNctBYg
  8. rootpw{SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ>

5 检测并重新生成ldap数据库

copy
    >[root@cent-1slapd.d]#ls
  1. cn=configcn=config.ldif
  2. [root@cent-1slapd.d]#rm-rf*
  3. [root@cent-1slapd.d]#slaptest-f/etc/openldap/slapd.conf-F/etc/openldap/slapd.d/
  4. configfiletestingsucceeded>

6 修改相关ldap文件权限

copy
    >[root@ha-3yum.repos.d]#chown-Rldap:ldap/var/lib/ldap/
  1. [root@ha-3yum.repos.d]#chown-Rldap:ldap/etc/openldap/>

7 启动slapd服务

copy
    >[root@cent-1~]#serviceslapdstatus
  1. slapdisstopped
  2. [root@cent-1~]#serviceslapdstart
  3. Startingslapd:[OK]>
8 yum安装migrationtools

copy
    >[root@cent-1slapd.d]#yuminstallmigrationtools-y>
9 编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置

copy
    >#DefaultDNSdomain
  1. $DEFAULT_MAIL_DOMAIN="esgyn.com";
  3. #Defaultbase
  4. $DEFAULT_BASE="dc=esgyn,dc=com";
  5. >
10 生成base.ldif

copy
    >[root@cent-1slapd.d]#/usr/share/migrationtools/migrate_base.pl>base.ldif>
11 添加base.ldif到ldap

copy
    >[root@cent-1migrationtools]#ldapadd-x-D"cn=Manager,dc=com"-W-f./base.ldif
  1. EnterLDAPPassword:
  2. addingnewentry"dc=esgyn,dc=com"
  4. addingnewentry"ou=Hosts,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Rpc,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Services,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"nisMapName=netgroup.byuser,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Mounts,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Networks,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=People,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Group,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Netgroup,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Protocols,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"ou=Aliases,108); list-style-type:decimal-leading-zero; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important; list-style-position:outside!important"> addingnewentry"nisMapName=netgroup.byhost,dc=com">
12 检查ldapadd是否成功

copy
    >[root@cent-1migrationtools]#ldapsearch-x-D"cn=Manager,dc=com"-b"ou=Aliases,dc=com"-W
  1. #extendedLDIF
  2. #
  3. #LDAPv3
  4. #base<ouou=Aliases,dc=com>withscopesubtree
  5. #filter:(objectclass=*)
  6. #requesting:ALL
  7. #
  8. #Aliases,hadoop.com
  9. dn:ou=Aliases,dc=com
  10. ou:Aliases
  11. objectClass:top
  12. objectClass:organizationalUnit
  13. #searchresult
  14. search:2
  15. result:0Success
  16. #numResponses:2
  17. #numEntries:1>
13 yum安装httpd及PhpLdapAdmin

copy
    >[root@cent-1migrationtools]#yuminstallhttpdphpldapadmin-y>
14 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问

copy
    >Alias/phpldapadmin/usr/share/phpldapadmin/htdocs
  1. Alias/ldapadmin/usr/share/phpldapadmin/htdocs
  2. Directory/usr/share/phpldapadmin/htdocs>
  3. OrderDeny,Allow
  4. Allowfromall
  5. Directory>>

15 修改/etc/phpldapadmin/config.php配置用DN登录

copy
    >$servers->setValue('login','attr','dn');
  1. //$servers->
16 启动httpd服务

copy
    >[root@cent-1migrationtools]#servicehttpdstatus
  1. httpdisstopped
  2. [root@cent-1migrationtools]#servicehttpdstart
  3. Startinghttpd:httpd:Couldnotreliablydeterminetheserver'sfullyqualifieddomainname,using192.168.0.16forServerName
  4. [OK]>

17 打开Web UI并登录LDAP


(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同