参考了一些其他人写的一些关于安装配置OpenLDAP的文章,于是乎手痒痒也自己动手尝试了一下安装与配置OpenLDAP,并安装PhpLdapAdmin用来通过WEB界面去管理LDAP。
下面就详细介绍如何一步步安装配置LDAP服务器,仅供参考~
1 yum安装OpenLDAP
[root@ha-3 yum.repos.d]# yum install openldap openldap-* -y
[root@ha-3 yum.repos.d]# rpm -qa | grep openldap
openldap-servers-2.4.40-12.el6.x86_64
openldap-devel-2.4.40-12.el6.x86_64
openldap-servers-sql-2.4.40-12.el6.x86_64
openldap-clients-2.4.40-12.el6.x86_64
openldap-2.4.40-12.el6.x86_64
2 配置ldap,包括准备DB_CONFIG和slapd.conf
[root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
3 生成ldap管理员密码
[root@ha-3 yum.repos.d]# slappasswd -s ldap123
{SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ
4 修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
database bdb
suffix "dc=esgyn,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=esgyn,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ
5 检测并重新生成ldap数据库
[root@cent-1 slapd.d]# ls
cn=config cn=config.ldif
[root@cent-1 slapd.d]# rm -rf *
[root@cent-1 slapd.d]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
config file testing succeeded
6 修改相关ldap文件权限
[root@ha-3 yum.repos.d]# chown -R ldap:ldap /var/lib/ldap/
[root@ha-3 yum.repos.d]# chown -R ldap:ldap /etc/openldap/
7 启动slapd服务
[root@cent-1 ~]# service slapd status
slapd is stopped
[root@cent-1 ~]# service slapd start
Starting slapd: [ OK ]
8 yum安装migrationtools
[root@cent-1 slapd.d]# yum install migrationtools -y
9 编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "esgyn.com";
# Default base
$DEFAULT_BASE = "dc=esgyn,dc=com";
10 生成base.ldif
[root@cent-1 slapd.d]# /usr/share/migrationtools/migrate_base.pl >base.ldif
11 添加base.ldif到ldap
[root@cent-1 migrationtools]# ldapadd -x -D "cn=Manager,dc=esgyn,dc=com" -W -f ./base.ldif
Enter LDAP Password:
adding new entry "dc=esgyn,dc=com"
adding new entry "ou=Hosts,dc=esgyn,dc=com"
adding new entry "ou=Rpc,dc=esgyn,dc=com"
adding new entry "ou=Services,dc=esgyn,dc=com"
adding new entry "nisMapName=netgroup.byuser,dc=esgyn,dc=com"
adding new entry "ou=Mounts,dc=esgyn,dc=com"
adding new entry "ou=Networks,dc=esgyn,dc=com"
adding new entry "ou=People,dc=esgyn,dc=com"
adding new entry "ou=Group,dc=esgyn,dc=com"
adding new entry "ou=Netgroup,dc=esgyn,dc=com"
adding new entry "ou=Protocols,dc=esgyn,dc=com"
adding new entry "ou=Aliases,dc=esgyn,dc=com"
adding new entry "nisMapName=netgroup.byhost,dc=esgyn,dc=com"
12 检查ldapadd是否成功
[root@cent-1 migrationtools]# ldapsearch -x -D "cn=Manager,dc=esgyn,dc=com" -b "ou=Aliases,dc=esgyn,dc=com" -W
# extended LDIF
#
# LDAPv3
# base <ou=Aliases,dc=esgyn,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# Aliases, hadoop.com
dn: ou=Aliases,dc=esgyn,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
13 yum安装httpd及PhpLdapAdmin
[root@cent-1 migrationtools]# yum install httpd phpldapadmin -y
14 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs
<Directory /usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Allow from all
</Directory>
15 修改/etc/phpldapadmin/config.php配置用DN登录
$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');
16 启动httpd服务
[root@cent-1 migrationtools]# service httpd status
httpd is stopped
[root@cent-1 migrationtools]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.16 for ServerName
[ OK ]
17 打开Web UI并登录LDAP