文章目录
- 一、背景
- 二、正文
- 三、安装途中可能碰到的报错
- 错误场景1:执行步骤“安装openldap”途中碰到的错误,即执行命令:`systemctl start slapd`报错
- 错误场景2:执行步骤“安装openldap”途中碰到的错误,即执行命令:`systemctl start slapd`报错
- 错误场景3:执行“修改openldap配置”报错
- 错误场景4:执行步骤“安装phpldapadmin”执行命令:yum install -y phpldapadmin时报错
- 错误场景:安装phpldapadmin完成后,apache启动报错,执行启动命令systemctl start httpd、systemctl restart httpd、systemctl restart httpd.service报错
- 四、注意点
- 五、卸载openldap
- 本人其他相关文章链接
一、背景
亲测可用,之前搜索了很多博客,啥样的都有,就是不介绍报错以及配置用处,根本不懂照抄那些配置是干啥的,稀里糊涂的按照博客搭完也跑不起来,因此记录这个。
项目背景:公司项目当前采用http协议+shiro+mysql的登录认证方式,而现在想支持ldap协议登录,所以需要安装openldap,当前版本如下:
centos 7.9openldap 2.4.44phpldapadmin 1.2.5服务器IP:10.110.38.162
本博客参考的博客是:Centos7 搭建openldap完整详细教程(真实可用),因为自己喜欢总结自己看着方便的文档,如果有相关问题,可以查看他的博客,因为回复的人比较多,没准就有你的问题的解决方案。
二、正文
2.1 安装openldap
# yum 安装相关包
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools
# 复制一个默认配置到指定目录下,并授权,这一步一定要做,然后再启动服务,不然生产密码时会报错
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# 授权给ldap用户,此用户yum安装时便会自动创建
chown -R ldap. /var/lib/ldap/DB_CONFIG
# 启动服务,先启动服务,配置后面再进行修改
systemctl start slapd
systemctl enable slapd
# 查看状态,正常启动则ok
systemctl status slapd
# 查看版本
slapd -VV
@(#) $OpenLDAP: slapd 2.4.44 (Feb 23 2022 17:11:27) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
[root@localhost ~]#
2.2 修改openldap配置
这里就是重点中的重点了,从openldap2.4.23版本开始,所有配置都保存在/etc/openldap/slapd.d目录下的cn=config文件夹内,不再使用slapd.conf作为配置文件。配置文件的后缀为 ldif,且每个配置文件都是通过命令自动生成的,任意打开一个配置文件,在开头都会有一行注释,说明此为自动生成的文件,请勿编辑,使用ldapmodify命令进行修改。
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
安装openldap后,会有三个命令用于修改配置文件,分别为ldapadd, ldapmodify, ldapdelete,顾名思义就是添加,修改和删除。而需要修改或增加配置时,则需要先写一个ldif后缀的配置文件,然后通过命令将写的配置更新到slapd.d目录下的配置文件中去,完整的配置过程如下,跟着我做就可以了:
# 生成管理员密码,记录下这个密码,后面需要用到
slappasswd -s 123456
{SSHA}IHveDAPJPxUFiKF17cVPg3Humkh1GjJj
# 新增修改密码文件,ldif为后缀,文件名随意,不要在/etc/openldap/slapd.d/目录下创建类似文件
# 生成的文件为需要通过命令去动态修改ldap现有配置,如下,我在家目录下,创建文件
cd ~
vim changepwd.ldif
----------------------------------------------------------------------
dn:olcDatabase={0}config,cn=config
changetype:modify
add:olcRootPW
olcRootPW:{SSHA}IHveDAPJPxUFiKF17cVPg3Humkh1GjJj
----------------------------------------------------------------------
# 这里解释一下这个文件的内容:
# 第一行执行配置文件,这里就表示指定为 cn=config/olcDatabase={0}config 文件。你到/etc/openldap/slapd.d/目录下就能找到此文件
# 第二行 changetype 指定类型为修改
# 第三行 add 表示添加 olcRootPW 配置项
# 第四行指定 olcRootPW 配置项的值
# 在执行下面的命令前,你可以先查看原本的olcDatabase={0}config文件,里面是没有olcRootPW这个项的,执行命令后,你再看就会新增了olcRootPW项,而且内容是我们文件中指定的值加密后的字符串
# 执行命令,修改ldap配置,通过-f执行文件
ldapadd -Y EXTERNAL -H ldapi:/// -f changepwd.ldif
执行修改命令后,有如下输出则为正常:
查看olcDatabase={0}config内容,新增了一个olcRootPW项。
上面就是一个完整的修改配置的过程,切记不能直接修改/etc/openldap/slapd.d/目录下的配置。
好了,下面继续进行配置:
# 我们需要向 LDAP 中导入一些基本的 Schema。这些 Schema 文件位于 /etc/openldap/schema/ 目录中,schema控制着条目拥有哪些对象类和属性,可以自行选择需要的进行导入,
# 依次执行下面的命令,导入基础的一些配置,我这里将所有的都导入一下,其中core.ldif是默认已经加载了的,不用导入
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/collective.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/corba.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/duaconf.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/dyngroup.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/java.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/openldap.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/pmi.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif
# 修改域名,新增changedomain.ldif, 这里我自定义的域名为 yaobili.com,管理员用户账号为admin。
# 如果要修改,则修改文件中相应的dc=yaobili,dc=com为自己的域名
vim changedomain.ldif
-------------------------------------------------------------------------
dn:olcDatabase={1}monitor,cn=config
changetype:modify
replace:olcAccess
olcAccess:{0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=admin,dc=yaobili,dc=com" read by * none
dn:olcDatabase={2}hdb,cn=config
changetype:modify
replace:olcSuffix
olcSuffix:dc=yaobili,dc=com
dn:olcDatabase={2}hdb,cn=config
changetype:modify
replace:olcRootDN
olcRootDN:cn=admin,dc=yaobili,dc=com
dn:olcDatabase={2}hdb,cn=config
changetype:modify
replace:olcRootPW
olcRootPW:{SSHA}IHveDAPJPxUFiKF17cVPg3Humkh1GjJj
dn:olcDatabase={2}hdb,cn=config
changetype:modify
add:olcAccess
olcAccess:{0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=yaobili,dc=com" write by anonymous auth by self write by * none
olcAccess:{1}to dn.base="" by * read
olcAccess:{2}to * by dn="cn=admin,dc=yaobili,dc=com" write by * read
-------------------------------------------------------------------------
# 执行命令,修改配置
ldapmodify -Y EXTERNAL -H ldapi:/// -f changedomain.ldif
最后这里有5个修改,所以执行会输出5行表示成功。
然后,启用memberof功能
# 新增add-memberof.ldif, #开启memberof支持并新增用户支持memberof配置
vim add-memberof.ldif
-------------------------------------------------------------
dn:cn=module{0},cn=config
cn:modulle{0}
objectClass:olcModuleList
objectclass:top
olcModuleload:memberof.la
olcModulePath:/usr/lib64/openldap
dn:olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config
objectClass:olcConfig
objectClass:olcMemberOf
objectClass:olcOverlayConfig
objectClass:top
olcOverlay:memberof
olcMemberOfDangling:ignore
olcMemberOfRefInt:TRUE
olcMemberOfGroupOC:groupOfUniqueNames
olcMemberOfMemberAD:uniqueMember
olcMemberOfMemberOfAD:memberOf
-------------------------------------------------------------
# 新增refint1.ldif文件
vim refint1.ldif
-------------------------------------------------------------
dn:cn=module{0},cn=config
add:olcmoduleload
olcmoduleload:refint
-------------------------------------------------------------
# 新增refint2.ldif文件
vim refint2.ldif
-------------------------------------------------------------
dn:olcOverlay=refint,olcDatabase={2}hdb,cn=config
objectClass:olcConfig
objectClass:olcOverlayConfig
objectClass:olcRefintConfig
objectClass:top
olcOverlay:refint
olcRefintAttribute:memberof uniqueMember manager owner
-------------------------------------------------------------
# 依次执行下面命令,加载配置,顺序不能错
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f add-memberof.ldif
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif
到此,配置修改完了,在上述基础上,我们来创建一个叫做 yaobili company 的组织,并在其下创建一个 admin 的组织角色(该组织角色内的用户具有管理整个 LDAP 的权限)和 People 和 Group 两个组织单元:
# 新增配置文件
vim base.ldif
----------------------------------------------------------
dn:dc=yaobili,dc=com
objectClass:top
objectClass:dcObject
objectClass:organization
o:Yaobili Company
dc:yaobili
dn:cn=admin,dc=yaobili,dc=com
objectClass:organizationalRole
cn:admin
dn:ou=People,dc=yaobili,dc=com
objectClass:organizationalUnit
ou:People
dn:ou=Group,dc=yaobili,dc=com
objectClass:organizationalRole
cn:Group
----------------------------------------------------------
# 执行命令,添加配置, 这里要注意修改域名为自己配置的域名,然后需要输入上面我们生成的密码
ldapadd -x -D cn=admin,dc=yaobili,dc=com -W -f base.ldif
通过以上的所有步骤,我们就设置好了一个 LDAP 目录树:其中基准 dc=yaobili,dc=com 是该树的根节点,其下有一个管理域 cn=admin,dc=yaobili,dc=com 和两个组织单元 ou=People,dc=yaobili,dc=com 及 ou=Group,dc=yaobili,dc=com。
2.3 安装phpldapadmin
ldap装好后,下面安装web界面phpldapadmin。
# yum安装时,会自动安装apache和php的依赖。
# 注意: phpldapadmin很多没更新了,只支持php5,如果你服务器的环境是php7,则会有问题,页面会有各种报错
yum install -y phpldapadmin
# 修改apache的phpldapadmin配置文件
# 修改如下内容,放开外网访问,这里只改了2.4版本的配置,因为centos7 默认安装的apache为2.4版本。所以只需要改2.4版本的配置就可以了
# 如果不知道自己apache版本,执行 rpm -qa|grep httpd 查看apache版本
vim /etc/httpd/conf.d/phpldapadmin.conf
-----------------------------------------------------------------
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
-----------------------------------------------------------------
# 修改配置用DN登录ldap
vim /etc/phpldapadmin/config.php
-----------------------------------------------------------------
# 398行,默认是使用uid进行登录,我这里改为cn,也就是用户名
$servers->setValue('login','attr','cn');
# 460行,关闭匿名登录,否则任何人都可以直接匿名登录查看所有人的信息
$servers->setValue('login','anon_bind',false);
# 519行,设置用户属性的唯一性,这里我将cn,sn加上了,以确保用户名的唯一性
$servers->setValue('unique','attrs',array('mail','uid','uidNumber','cn','sn'));
-----------------------------------------------------------------
# 启动apache
systemctl start httpd
systemctl restart httpd
systemctl restart httpd.service
2.4 登录phpldapadmin界面
http://10.110.38.162:8080/phpldapadmin/
其中cn:admin 密码:123456
三、安装途中可能碰到的报错
错误场景1 和错误场景2 可查看该博客解决:OpenLdap异常操作后无法启动
错误场景1:执行步骤“安装openldap”途中碰到的错误,即执行命令:systemctl start slapd报错
详细报错信息
5月 16 02:12:02 localhost.localdomain systemd[1]: Reloading.
5月 16 02:12:02 localhost.localdomain runuser[16907]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
5月 16 02:12:02 localhost.localdomain slapadd[16908]: DIGEST-MD5 common mech free
5月 16 02:12:02 localhost.localdomain runuser[16907]: pam_unix(runuser:session): session closed for user ldap
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: openldap-servers-2.4.44-25.el7_9.x86_64
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: openldap-servers-sql-2.4.44-25.el7_9.x86_64
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: migrationtools-47-15.el7.noarch
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: openldap-clients-2.4.44-25.el7_9.x86_64
5月 16 02:12:24 localhost.localdomain slapd[18194]: slapd stopped.
5月 16 02:12:24 localhost.localdomain slapd[18194]: connections_destroy: nothing to destroy.
5月 16 02:12:54 localhost.localdomain polkitd[864]: Registered Authentication Agent for unix-process:19884:103063759 (system bus name :1.197357 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/
5月 16 02:12:54 localhost.localdomain systemd[1]: Starting OpenLDAP Server Daemon...
-- Subject: Unit slapd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has begun starting up.
5月 16 02:12:54 localhost.localdomain runuser[19895]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
5月 16 02:12:54 localhost.localdomain runuser[19895]: pam_unix(runuser:session): session closed for user ldap
5月 16 02:12:54 localhost.localdomain slapcat[19899]: DIGEST-MD5 common mech free
5月 16 02:12:54 localhost.localdomain slapd[19909]: @(#) $OpenLDAP: slapd 2.4.44 (Feb 23 2022 17:11:27) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
5月 16 02:12:54 localhost.localdomain slapd[19909]: main: TLS init def ctx failed: -1
5月 16 02:12:54 localhost.localdomain slapd[19909]: DIGEST-MD5 common mech free
5月 16 02:12:54 localhost.localdomain slapd[19909]: slapd stopped.
5月 16 02:12:54 localhost.localdomain slapd[19909]: connections_destroy: nothing to destroy.
5月 16 02:12:54 localhost.localdomain systemd[1]: slapd.service: control process exited, code=exited status=1
5月 16 02:12:54 localhost.localdomain systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has failed.
--
-- The result is failed.
5月 16 02:12:54 localhost.localdomain systemd[1]: Unit slapd.service entered failed state.
5月 16 02:12:54 localhost.localdomain systemd[1]: slapd.service failed.
5月 16 02:12:54 localhost.localdomain polkitd[864]: Unregistered Authentication Agent for unix-process:19884:103063759 (system bus name :1.197357, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (dis
lines 3525-3562/3562 (END)
5月 16 02:12:02 localhost.localdomain systemd[1]: Reloading.
5月 16 02:12:02 localhost.localdomain runuser[16907]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
5月 16 02:12:02 localhost.localdomain slapadd[16908]: DIGEST-MD5 common mech free
5月 16 02:12:02 localhost.localdomain runuser[16907]: pam_unix(runuser:session): session closed for user ldap
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: openldap-servers-2.4.44-25.el7_9.x86_64
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: openldap-servers-sql-2.4.44-25.el7_9.x86_64
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: migrationtools-47-15.el7.noarch
5月 16 02:12:02 localhost.localdomain yum[15582]: Installed: openldap-clients-2.4.44-25.el7_9.x86_64
5月 16 02:12:24 localhost.localdomain slapd[18194]: slapd stopped.
5月 16 02:12:24 localhost.localdomain slapd[18194]: connections_destroy: nothing to destroy.
5月 16 02:12:54 localhost.localdomain polkitd[864]: Registered Authentication Agent for unix-process:19884:103063759 (system bus name :1.197357 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/
5月 16 02:12:54 localhost.localdomain systemd[1]: Starting OpenLDAP Server Daemon...
-- Subject: Unit slapd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has begun starting up.
5月 16 02:12:54 localhost.localdomain runuser[19895]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
5月 16 02:12:54 localhost.localdomain runuser[19895]: pam_unix(runuser:session): session closed for user ldap
5月 16 02:12:54 localhost.localdomain slapcat[19899]: DIGEST-MD5 common mech free
5月 16 02:12:54 localhost.localdomain slapd[19909]: @(#) $OpenLDAP: slapd 2.4.44 (Feb 23 2022 17:11:27) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
5月 16 02:12:54 localhost.localdomain slapd[19909]: main: TLS init def ctx failed: -1
5月 16 02:12:54 localhost.localdomain slapd[19909]: DIGEST-MD5 common mech free
5月 16 02:12:54 localhost.localdomain slapd[19909]: slapd stopped.
5月 16 02:12:54 localhost.localdomain slapd[19909]: connections_destroy: nothing to destroy.
5月 16 02:12:54 localhost.localdomain systemd[1]: slapd.service: control process exited, code=exited status=1
5月 16 02:12:54 localhost.localdomain systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has failed.
--
-- The result is failed.
5月 16 02:12:54 localhost.localdomain systemd[1]: Unit slapd.service entered failed state.
5月 16 02:12:54 localhost.localdomain systemd[1]: slapd.service failed.
5月 16 02:12:54 localhost.localdomain polkitd[864]: Unregistered Authentication Agent for unix-process:19884:103063759 (system bus name :1.197357, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (dis
[root@localhost /]#
错误原因:这种报错代表:OpenLdap异常操作后无法启动,如果是第一次安装没事且不会有这个报错,而我是之前在这个环境反复尝试过,可能导致的问题。
解决方案:依次执行如下命令即可:
slapd -d 2 -F /etc/openldap/slapd.d/ -u ldapmkdir -p /etc/openldap/certsbash /usr/libexec/openldap/create-certdb.shbash /usr/libexec/openldap/generate-server-cert.shsystemctl start slapd
启动成功后的效果如图:
错误场景2:执行步骤“安装openldap”途中碰到的错误,即执行命令:systemctl start slapd报错
详细报错信息
– Unit slapd.service has begun starting up.
May 14 08:42:21 localhost.localdomain runuser[15546]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
May 14 08:42:21 localhost.localdomain runuser[15546]: pam_unix(runuser:session): session closed for user ldap
May 14 08:42:21 localhost.localdomain slapd[15559]: @(#) $OpenLDAP: slapd 2.4.44 (Sep 30 2020 17:16:39) $
mockbuild@x86-02.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
May 14 08:42:21 localhost.localdomain slapd[15559]: main: TLS init def ctx failed: -1
May 14 08:42:21 localhost.localdomain slapd[15559]: slapd stopped.
May 14 08:42:21 localhost.localdomain slapd[15559]: connections_destroy: nothing to destroy.
May 14 08:42:21 localhost.localdomain rsyslogd[5418]: imjournal: rename() failed for new path: ‘/var/lib/rsyslog/imjournal.state’: Permission denied [v8.24.0-34.el7 try http://www.
May 14 08:42:21 localhost.localdomain systemd[1]: slapd.service: control process exited, code=exited status=1
May 14 08:42:21 localhost.localdomain systemd[1]: Failed to start OpenLDAP Server Daemon.
– Subject: Unit slapd.service has failed
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
– Unit slapd.service has failed.
– The result is failed.
May 14 08:42:21 localhost.localdomain systemd[1]: Unit slapd.service entered failed state.
May 14 08:42:21 localhost.localdomain systemd[1]: slapd.service failed.
May 14 08:42:21 localhost.localdomain polkitd[4916]: Unregistered Authentication Agent for unix-process:15537:82314 (system bus name :1.27, object path /org/freedesktop/PolicyKit1/
错误原因:这种报错是日志相关服务的报错
解决方案:删除/var/lib/rsyslog/imjournal.state文件后重启rsyslog服务
[root@localhost ~]# rm -f /var/lib/rsyslog/imjournal.state
[root@localhost ~]# systemctl restart rsyslog
错误场景1和错误场景2 究竟哪里不一样?
可以用对比工具查看,如图,红框处就是区别点,请想起查看自己的报错原因就针对性修改。
错误场景3:执行“修改openldap配置”报错
这块会编写很多文件,再执行相关ldapadd 、ldapmodify等等命令时会报错,如图
详细错误:
[root@localhost ~]# vim changedomain.ldif
[root@localhost ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f changedomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldapmodify: wrong attributeType at line 5, entry "olcDatabase={1}monitor,cn=config"
-----------------------------------------------------------------------------------------
[root@localhost ~]# vim refint2.ldif
[root@localhost ~]# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f add-memberof.ldif
ldapadd: attributeDescription "dn": (possible missing newline after line 10, entry "cn=module{0},cn=config"?)
adding new entry "cn=module{0},cn=config"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #3 invalid per syntax
-----------------------------------------------------------------------------------------
[root@localhost ~]# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif
modifying entry "cn=module{0},cn=config"
ldap_modify: No such object (32)
matched DN: cn=config
-----------------------------------------------------------------------------------------
[root@localhost ~]# vim base.ldif
[root@localhost ~]# ldapadd -x -D cn=admin,dc=yaobili,dc=com -W -f base.ldif
Enter LDAP Password:
ldapadd: attributeDescription "dn": (possible missing newline after line 9, entry "dc=yaobili,dc=com"?)
ldapadd: attributeDescription "dn": (possible missing newline after line 10, entry "dc=yaobili,dc=com"?)
ldapadd: attributeDescription "dn": (possible missing newline after line 11, entry "dc=yaobili,dc=com"?)
adding new entry "dc=yaobili,dc=com"
ldap_add: Type or value exists (20)
additional info: objectClass: value #3 provided more than once
错误原因2处:
- 第一处冒号:后有空格;
- 第二处换行那里有空格。
你直接复制的文件内容,拷贝后的你的K:V 的冒号“:”后面会有空格
解决方案:删除2处所有多余空格即可。
举例说明:这是刚执行vim 命令后复制粘贴后的效果,首先颜色不一样,其次冒号:后面是有空格的。
而当你把冒号:后面空格删除后的效果长这样,明显红色变白色了,说明空格删没了。
其次说换行那里也有空格,不能直接执行dd命令删除,否则也无效;请看当我点击一下删除键,按常理应该顶格才对,因为我删除的一个空白行啊,但是实际效果是不对齐,说明除了有个空白行外还有个多余的空格。
正确做法:应该是移动鼠标到dn字母处然后执行“退格Backspace”进行删除,当顶格后再按回车键进行换行就可以了。
正确效果长这样:
错误场景4:执行步骤“安装phpldapadmin”执行命令:yum install -y phpldapadmin时报错
错误原因:是因为使用yum搜索某些rpm包,找不到包是因为CentOS是RedHat企业版编译过来的,去掉了所有关于版权问题的东西。安装EPEL后可以很好的解决这个问题。EPEL(Extra Packages for Enterprise Linux )即企业版Linux的扩展包,提供了很多可共Centos使用的组件,安装完这个以后基本常用的rpm都可以找到。
解决方案:
执行命令:
yum localinstall http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
再执行
yum -y install phpldapamin
错误场景:安装phpldapadmin完成后,apache启动报错,执行启动命令systemctl start httpd、systemctl restart httpd、systemctl restart httpd.service报错
详细错误
May 07 10:10:15 localhost.localdomain dbus[580]: [system] Successfully activated service 'org.freedesktop.problems'
May 07 10:12:34 localhost.localdomain kernel: perf: interrupt took too long (16513 > 15557), lowering kernel.perf_event_max_sample_rate to 12000
May 07 10:13:48 localhost.localdomain polkitd[617]: Registered Authentication Agent for unix-process:5169:404183 (system bus name :1.220 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 07 10:13:52 localhost.localdomain polkitd[617]: Operator of unix-process:5169:404183 successfully authenticated as unix-user:root to gain ONE-SHOT authorization for action org.freedesktop.systemd1.manage-units for system-bus-name::1.221 [systemctl start httpd] (owne
May 07 10:13:52 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
May 07 10:13:52 localhost.localdomain httpd[5186]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
May 07 10:13:52 localhost.localdomain httpd[5186]: (98)Address already in use: AH00073: make_sock: unable to listen for connections on address [::]:80
May 07 10:13:52 localhost.localdomain httpd[5186]: (98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
May 07 10:13:52 localhost.localdomain httpd[5186]: no listening sockets available, shutting down
May 07 10:13:52 localhost.localdomain httpd[5186]: AH00015: Unable to open logs
May 07 10:13:52 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
May 07 10:13:52 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
May 07 10:13:52 localhost.localdomain polkitd[617]: Unregistered Authentication Agent for unix-process:5169:404183 (system bus name :1.220, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
May 07 10:13:52 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
May 07 10:13:52 localhost.localdomain systemd[1]: httpd.service failed.
May 07 10:13:58 localhost.localdomain su[5193]: (to root) zws on pts/0
May 07 10:13:58 localhost.localdomain su[5193]: pam_unix(su:session): session opened for user root by zws(uid=1000)
May 07 10:13:58 localhost.localdomain dbus[580]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
May 07 10:13:58 localhost.localdomain dbus[580]: [system] Successfully activated service 'org.freedesktop.problems'
May 07 10:14:12 localhost.localdomain polkitd[617]: Registered Authentication Agent for unix-process:5232:406549 (system bus name :1.226 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 07 10:14:12 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
May 07 10:14:12 localhost.localdomain httpd[5239]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
May 07 10:14:12 localhost.localdomain httpd[5239]: (98)Address already in use: AH00073: make_sock: unable to listen for connections on address [::]:80
May 07 10:14:12 localhost.localdomain httpd[5239]: (98)Address already in use: AH00073: make_sock: unable to listen for connections on address 0.0.0.0:80
May 07 10:14:12 localhost.localdomain httpd[5239]: no listening sockets available, shutting down
May 07 10:14:12 localhost.localdomain httpd[5239]: AH00015: Unable to open logs
May 07 10:14:12 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
May 07 10:14:12 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
May 07 10:14:12 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
May 07 10:14:12 localhost.localdomain systemd[1]: httpd.service failed.
May 07 10:14:12 localhost.localdomain polkitd[617]: Unregistered Authentication Agent for unix-process:5232:406549 (system bus name :1.226, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
错误原因:nginx和apache默认端口都是80,因为nginx得用不能随意修改,所以只能考虑修改apache端口号。
解决方案:修改apache端口号即可,比如改为8080。
修改apache端口号文件所在路径:/etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf
修改完成后执行命令即可。
systemctl start httpd
systemctl restart httpd
systemctl restart httpd.service
四、注意点
注意点:
- 注意点1:不可直接vim命令修改服务器文件,因为不生效
- 注意点2:生成的密码实际要修改2个文件,如果有遗漏,后面登录可能无法认证成功。
- 注意点3:在执行2.2修改openldap配置的时候,如果你想更改dc域名,请把如下红框的全部更改,少改了会无效。
五、卸载openldap
1、停止openldap
[root@nano cn=config]# systemctl stop slapd
[root@nano cn=config]# systemctl disable slapd
2、卸载
[root@nano cn=config]# yum -y remove openldap-servers openldap-clients
3.删除残留文件
[root@nano cn=config]# rm -rf /var/lib/ldap
4.删除ldap用户
[root@nano cn=config]# userdel ldap
5.删除openldap目录
[root@nano cn=config]# rm -rf /etc/openldap
本人其他相关文章链接
1.Centos7.9安装openldap和phpldapadmin
2.java连接ldap实现查询
3.LDAP: error code 32 - No Such Object
4.[LDAP: error code 34 - invalid DN]
5.java: 无法访问org.springframework.context.ConfigurableApplicationContext
6.java: 无法访问org.springframework.ldap.core.LdapTemplate
4141
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
