首页
CentOS7安装配置OpenLDAP与phpLDAPadmin

安装配置OpenLDAP服务

  1. yum方式安装OpenLDAP服务
 ```
 yum -y install openldap-servers openldap-clients 
 ```
  1. 拷贝数据库配置配置文件,并启动服务

    cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 
    chown ldap. /var/lib/ldap/DB_CONFIG 
    systemctl start slapd 
    systemctl enable slapd
    
  2. slappasswd生成OpenLDAP管理员密码并导入

    • 使用slappasswd命令设置OpenLDAP管理员密码(!QAZ2wsx),并记录下

      [root@mcp-ldap ~]# slappasswd
      New password:
      Re-enter new password:
      {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT
      [root@mcp-ldap ~]#
      
    • vi chrootpw.ldif 使用记录下的密码

      dn: olcDatabase={0}config,cn=config
      changetype: modify
      add: olcRootPW
      olcRootPW: {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT
      
    • 修改密码

      ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
      
  3. 导入基本的模式

    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif 
    
  4. 在OpenLDAP DB上配置域信息

    • slappasswd 生成管理员的密码并记录

      [root@mcp-ldap ~]# slappasswd
      New password:
      Re-enter new password:
      {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT
      [root@mcp-ldap ~]#
      
    • vi chdomain.ldif 替换上一步生成的密码

      dn: olcDatabase={1}monitor,cn=config
      changetype: modify
      replace: olcAccess
      olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
        read by dn.base="cn=Manager,dc=cloud,dc=cn" read by * none
      
      dn: olcDatabase={2}hdb,cn=config
      changetype: modify
      replace: olcSuffix
      olcSuffix: dc=cloud,dc=cn
      
      dn: olcDatabase={2}hdb,cn=config
      changetype: modify
      replace: olcRootDN
      olcRootDN: cn=Manager,dc=cloud,dc=cn
      
      dn: olcDatabase={2}hdb,cn=config
      changetype: modify
      add: olcRootPW
      olcRootPW: {SSHA}xaRi0x5xgyC+EmRTy3rHYV4DisYyKyMT
      
      dn: olcDatabase={2}hdb,cn=config
      changetype: modify
      add: olcAccess
      olcAccess: {0}to attrs=userPassword,shadowLastChange by
        dn="cn=Manager,dc=cloud,dc=cn" write by anonymous auth by self write by * none
      olcAccess: {1}to dn.base="" by * read
      olcAccess: {2}to * by dn="cn=Manager,dc=cloud,dc=cn" write by * read
      
    • 导入信息

      ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif 
      
    • vi basedomain.ldif

      dn: dc=cloud,dc=cn
      objectClass: top
      objectClass: dcObject
      objectclass: organization
      o: cloud
      dc: cloud
      
      dn: cn=Manager,dc=cloud,dc=cn
      objectClass: organizationalRole
      cn: Manager
      description: Directory Manager
      
      dn: ou=People,dc=cloud,dc=cn
      objectClass: organizationalUnit
      ou: People
      
      dn: ou=Group,dc=cloud,dc=cn
      objectClass: organizationalUnit
      ou: Group
      
    • 导入信息

      ldapadd -x -D cn=Manager,dc=cloud,dc=cn -W -f basedomain.ldif
      
  5. 添加一个用户

    • lappasswd 生成新用户密码(@WSX3edc)

      [root@mcp-ldap ~]# slappasswd
      New password:
      Re-enter new password:
      {SSHA}X0H336Kv0o9c76T+MGand0AImIh2F0VE
      [root@mcp-ldap ~]#
      
    • vi ldapuser.ldif 使用上面生成的密码

      dn: uid=xuanll,ou=People,dc=cloud,dc=cn
      objectClass: inetOrgPerson
      objectClass: posixAccount
      objectClass: shadowAccount
      cn: xuanll
      sn: Linux
      userPassword: {SSHA}X0H336Kv0o9c76T+MGand0AImIh2F0VE
      loginShell: /bin/bash
      uidNumber: 1000
      gidNumber: 1000
      homeDirectory: /home/test
      
      dn: cn=test,ou=Group,dc=cloud,dc=cn
      objectClass: posixGroup
      cn: test
      gidNumber: 1000
      memberUid: test
      
    • 导入信息

      ldapadd -x -D cn=Manager,dc=cloud,dc=cn -W -f ldapuser.ldif 
      

安装phpLDAPadmin实现通过Web管理LDAP服务

  1. 安装epel

    yum install epel-release -y
    
  2. 安装httpd服务

    yum install -y httpd
    
  3. 配置

    mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf_bak
    vi /etc/httpd/conf/httpd.conf 
    
    95行下面加一行
        95 #ServerName www.example.com:80
        96 ServerName 192.168.104.35:80
    
    在151行处改为
        AllowOverride All
    
    164行处改为
        DirectoryIndex index.html index.php index.cgi
    
    在最下面添加如下两行
    
        ServerTokens Prod
        KeepAlive On
    
  4. 重启服务

    systemctl start httpd
    systemctl enable httpd.service
    
  5. 安装php

    yum -y install php php-mbstring php-pear
    systemctl restart httpd
    
  6. 安装phpldapadmin

    yum -y install phpldapadmin
    
  7. 配置

    • vi /etc/phpldapadmin/config.php

      397行取消注释,398行注释掉
      $servers->setValue('login','attr','dn');
      //$servers->setValue('login','attr','uid')
      
    • vi /etc/httpd/conf.d/phpldapadmin.conf

      [root@mcp-ldap ~]# cat /etc/httpd/conf.d/phpldapadmin.conf
      #
      #  Web-based tool for managing LDAP servers
      #
      
      Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
      Alias /ldapadmin /usr/share/phpldapadmin/htdocs
      
      <Directory /usr/share/phpldapadmin/htdocs>
        <IfModule mod_authz_core.c>
          # Apache 2.4
          Require all granted #修改访问限制
        </IfModule>
        <IfModule !mod_authz_core.c>
          # Apache 2.2
          Order Deny,Allow
          Deny from all
          Allow from 127.0.0.1
          Allow from ::1
        </IfModule>
      </Directory>
      
      [root@mcp-ldap ~]#
      
    • 然后重启httpd服务 ssystemctl restart httpd

  8. 验证phpldapadmin是否可以打开

    浏览器打开http://192.168.104.35/ldapadmin/

    使用cn=Manager,dc=cloud,dc=cn登录