CentOS7安装配置OpenLDAP与phpLDAPadmin
安装配置OpenLDAP服务
- yum方式安装OpenLDAP服务
```
yum -y install openldap-servers openldap-clients
```
-
拷贝数据库配置配置文件,并启动服务
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap. /var/lib/ldap/DB_CONFIG systemctl start slapd systemctl enable slapd
-
slappasswd生成OpenLDAP管理员密码并导入
-
使用slappasswd命令设置OpenLDAP管理员密码(!QAZ2wsx),并记录下
[root@mcp-ldap ~]# slappasswd New password: Re-enter new password: {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT [root@mcp-ldap ~]#
-
vi chrootpw.ldif 使用记录下的密码
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT
-
修改密码
ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
-
-
导入基本的模式
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
-
在OpenLDAP DB上配置域信息
-
slappasswd 生成管理员的密码并记录
[root@mcp-ldap ~]# slappasswd New password: Re-enter new password: {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT [root@mcp-ldap ~]#
-
vi chdomain.ldif 替换上一步生成的密码
dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=cloud,dc=cn" read by * none dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=cloud,dc=cn dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=Manager,dc=cloud,dc=cn dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=cloud,dc=cn" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=Manager,dc=cloud,dc=cn" write by * read
-
导入信息
ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
-
vi basedomain.ldif
dn: dc=cloud,dc=cn objectClass: top objectClass: dcObject objectclass: organization o: cloud dc: cloud dn: cn=Manager,dc=cloud,dc=cn objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=cloud,dc=cn objectClass: organizationalUnit ou: People dn: ou=Group,dc=cloud,dc=cn objectClass: organizationalUnit ou: Group
-
导入信息
ldapadd -x -D cn=Manager,dc=cloud,dc=cn -W -f basedomain.ldif
-
-
添加一个用户
-
lappasswd 生成新用户密码(@WSX3edc)
[root@mcp-ldap ~]# slappasswd New password: Re-enter new password: {SSHA}X0H336Kv0o9c76T+MGand0AImIh2F0VE [root@mcp-ldap ~]#
-
vi ldapuser.ldif 使用上面生成的密码
dn: uid=xuanll,ou=People,dc=cloud,dc=cn objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: xuanll sn: Linux userPassword: {SSHA}X0H336Kv0o9c76T+MGand0AImIh2F0VE loginShell: /bin/bash uidNumber: 1000 gidNumber: 1000 homeDirectory: /home/test dn: cn=test,ou=Group,dc=cloud,dc=cn objectClass: posixGroup cn: test gidNumber: 1000 memberUid: test
-
导入信息
ldapadd -x -D cn=Manager,dc=cloud,dc=cn -W -f ldapuser.ldif
-
安装phpLDAPadmin实现通过Web管理LDAP服务
-
安装epel
yum install epel-release -y
-
安装httpd服务
yum install -y httpd
-
配置
mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf_bak vi /etc/httpd/conf/httpd.conf 95行下面加一行 95 #ServerName www.example.com:80 96 ServerName 192.168.104.35:80 在151行处改为 AllowOverride All 164行处改为 DirectoryIndex index.html index.php index.cgi 在最下面添加如下两行 ServerTokens Prod KeepAlive On
-
重启服务
systemctl start httpd systemctl enable httpd.service
-
安装php
yum -y install php php-mbstring php-pear systemctl restart httpd
-
安装phpldapadmin
yum -y install phpldapadmin
-
配置
-
vi /etc/phpldapadmin/config.php
397行取消注释,398行注释掉 $servers->setValue('login','attr','dn'); //$servers->setValue('login','attr','uid')
-
vi /etc/httpd/conf.d/phpldapadmin.conf
[root@mcp-ldap ~]# cat /etc/httpd/conf.d/phpldapadmin.conf # # Web-based tool for managing LDAP servers # Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs> <IfModule mod_authz_core.c> # Apache 2.4 Require all granted #修改访问限制 </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory> [root@mcp-ldap ~]#
-
然后重启httpd服务 ssystemctl restart httpd
-
-
验证phpldapadmin是否可以打开
浏览器打开
http://192.168.104.35/ldapadmin/
使用
cn=Manager,dc=cloud,dc=cn
登录