(CentOS 6)OpenLDAP服务端+PhpLdapAdmin 基本安装与配置

37 篇文章 2 订阅
6 篇文章 0 订阅

参考了一些其他人写的一些关于安装配置OpenLDAP的文章,于是乎手痒痒也自己动手尝试了一下安装与配置OpenLDAP,并安装PhpLdapAdmin用来通过WEB界面去管理LDAP。

下面就详细介绍如何一步步安装配置LDAP服务器,仅供参考~

 

1 yum安装OpenLDAP

 

[root@ha-3 yum.repos.d]# yum install openldap openldap-* -y
[root@ha-3 yum.repos.d]# rpm -qa | grep openldap
openldap-servers-2.4.40-12.el6.x86_64
openldap-devel-2.4.40-12.el6.x86_64
openldap-servers-sql-2.4.40-12.el6.x86_64
openldap-clients-2.4.40-12.el6.x86_64
openldap-2.4.40-12.el6.x86_64

2 配置ldap,包括准备DB_CONFIG和slapd.conf

 

 

[root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

 

3 生成ldap管理员密码

 

[root@ha-3 yum.repos.d]# slappasswd -s ldap123
{SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ

 

4 修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码

 

database        bdb
suffix          "dc=esgyn,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=esgyn,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
rootpw                  {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ

 

5 检测并重新生成ldap数据库

 

[root@cent-1 slapd.d]# ls
cn=config  cn=config.ldif
[root@cent-1 slapd.d]# rm -rf *
[root@cent-1 slapd.d]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
config file testing succeeded

 

6 修改相关ldap文件权限

[root@ha-3 yum.repos.d]# chown -R ldap:ldap /var/lib/ldap/
[root@ha-3 yum.repos.d]# chown -R ldap:ldap /etc/openldap/

 

7 启动slapd服务

 

[root@cent-1 ~]# service slapd status
slapd is stopped
[root@cent-1 ~]# service slapd start
Starting slapd:                                            [  OK  ]

8 yum安装migrationtools

 

 

[root@cent-1 slapd.d]# yum install migrationtools -y

9 编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置

 

 

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "esgyn.com";

# Default base
$DEFAULT_BASE = "dc=esgyn,dc=com";

 

10 生成base.ldif

 

 

 

[root@cent-1 slapd.d]# /usr/share/migrationtools/migrate_base.pl >base.ldif

11 添加base.ldif到ldap

 

 

[root@cent-1 migrationtools]# ldapadd -x -D "cn=Manager,dc=esgyn,dc=com" -W -f ./base.ldif
Enter LDAP Password:
adding new entry "dc=esgyn,dc=com"

adding new entry "ou=Hosts,dc=esgyn,dc=com"

adding new entry "ou=Rpc,dc=esgyn,dc=com"

adding new entry "ou=Services,dc=esgyn,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=esgyn,dc=com"

adding new entry "ou=Mounts,dc=esgyn,dc=com"

adding new entry "ou=Networks,dc=esgyn,dc=com"

adding new entry "ou=People,dc=esgyn,dc=com"

adding new entry "ou=Group,dc=esgyn,dc=com"

adding new entry "ou=Netgroup,dc=esgyn,dc=com"

adding new entry "ou=Protocols,dc=esgyn,dc=com"

adding new entry "ou=Aliases,dc=esgyn,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=esgyn,dc=com"

12 检查ldapadd是否成功

 

 

[root@cent-1 migrationtools]# ldapsearch -x -D "cn=Manager,dc=esgyn,dc=com" -b "ou=Aliases,dc=esgyn,dc=com" -W
# extended LDIF
#
# LDAPv3
# base <ou=Aliases,dc=esgyn,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Aliases, hadoop.com
dn: ou=Aliases,dc=esgyn,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

13 yum安装httpd及PhpLdapAdmin

 

 

[root@cent-1 migrationtools]# yum install httpd phpldapadmin -y

14 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问

 

 

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  Order Deny,Allow
  Allow from all
</Directory>

 

15 修改/etc/phpldapadmin/config.php配置用DN登录

 

$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

16 启动httpd服务

 

 

[root@cent-1 migrationtools]# service httpd status
httpd is stopped
[root@cent-1 migrationtools]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.16 for ServerName
                                                           [  OK  ]

17 打开Web UI并登录LDAP

 

 

 

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

数据源的港湾

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值