CentOS7 下 OpenLDAP Server 及phpLDAPadmin安装、配置及使用

最新推荐文章于 2024-08-30 15:44:16 发布
最新推荐文章于 2024-08-30 15:44:16 发布
阅读量764 收藏 1
点赞数
文章标签: centos7 openldap phpoldapadmin
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ousamadm/article/details/89481500
版权

一、准备工作

1、centos 7.6最小化安装

2、将centos base源改变为国内源,选择USTC源

替换/etc/yum.repos.d/CentOS-Base.repo

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever - Updates
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

3、添加epel源,依然选择ustc

[root@Centos7u6 ~]#yum install http://mirrors.ustc.edu.cn/epel/epel-release-latest-7.noarch.rpm

[root@Centos7u6 ~]#yum install -y epel-release
[root@Centos7u6 ~]#sed -e 's/^mirrorlist=/#mirrorlist=/g' \
         -e 's/^#baseurl=/baseurl=/g' \
         -e 's/\/download\.fedoraproject\.org\/pub/\/mirrors.ustc.edu.cn/g' \
         -e 's/http:\/\/mirrors\.ustc/https:\/\/mirrors.ustc/g' \
         -i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo

4、[root@Centos7u6 ~]#yum makecache

 二、安装openLDAP

1、yum 安装openldap

[root@Centos7u6 ~]# yum install -y openldap openldap-clients openldap-servers migrationtools

[root@Centos7u6 ~]#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[root@Centos7u6 ~]#chown ldap. /var/lib/ldap/DB_CONFIG

[root@Centos7u6 ~]#systemctl start slapd

[root@Centos7u6 ~]#systemctl enable slapd

2、设置openLDAP管理员密码

2.1生成加密密码

[root@Centos7u6 ~]# slappasswd
New password:
Re-enter new password:
{SSHA}JoT0Ti77zCnF3L5JdLrksg5SCVdR/HIk

2.2编辑chrootpw.ldif

"dn: olcDatabase={0}config,cn=config"
"changetype: modify"
"add: olcRootPW"
"olcRootPW: {SSHA}JoT0Ti77zCnF3L5JdLrksg5SCVdR/HIk

2.3导入chrootpw.ldif

[root@Centos7u6 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

3、导入基本schema

[root@Centos7u6 ~]# cd /etc/openldap/schema/

ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f collective.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f corba.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f core.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f duaconf.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f dyngroup.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f java.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f openldap.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f pmi.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f ppolicy.ldif

 4、设置domain name

[root@Centos7u6 ~]# vim chdomain.ldif

 

# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
 
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=xxxx,dc=edu,dc=cn" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=xxxx,dc=edu,dc=cn

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=xxxx,dc=edu,dc=cn

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}JoT0Ti77zCnF3L5JdLrksg5SCVdR/HIk

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=xxxx,dc=edu,dc=cn" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=xxxx,dc=edu,dc=cn" write by * read

[root@Centos7u6 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}monitor,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

设置basedomain

[root@Centos7u6 ~]# vim basedomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

dn: dc=xxxx,dc=edu,dc=cn
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server World
dc: xxxx

dn: cn=Manager,dc=xxxx,dc=edu,dc=cn
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=xxxx,dc=edu,dc=cn
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=xxxx,dc=edu,dc=cn
objectClass: organizationalUnit
ou: Group

 

 

[root@Centos7u6 ~]# ldapadd -x -D cn=Manager,dc=xxxx,dc=edu,dc=cn -W -f basedomain.ldif
Enter LDAP Password:
adding new entry "dc=cctc,dc=edu,dc=cn"

adding new entry "cn=Manager,dc=cctc,dc=edu,dc=cn"

adding new entry "ou=People,dc=cctc,dc=edu,dc=cn"

adding new entry "ou=Group,dc=cctc,dc=edu,dc=cn"

5、设置防火墙,允许外部访问LDAP服务

[root@Centos7u6 ~]# firewall-cmd --add-service=ldap --permanent
success
[root@Centos7u6 ~]# firewall-cmd --reload
succes

6、修改SELINUX设置

[root@Centos7u6 ~]# setenforce 0
[root@Centos7u6 ~]# vim /etc/selinux/config

SELINUX=disabled

7、添加测试用户

[root@Centos7u6 ~]# vim ldapuser.ldif

 

# create new ldap user test
# replace to your own domain name for "dc=***,dc=***" section
 
dn: uid=test,ou=People,dc=xxxx,dc=edu,dc=cn
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: test
sn: Linux
userPassword: {SSHA}yLdBxsuiZOTgOHlaKWj14L8vdL31fvGR
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/test

dn: cn=test,ou=Group,dc=xxxx,dc=edu,dc=cn
objectClass: posixGroup
cn: test
gidNumber: 1000
memberUid: test

[root@Centos7u6 ~]# ldapadd -x -D cn=Manager,dc=xxxx,dc=edu,dc=cn -W -f ldapuser.ldif
Enter LDAP Password:
adding new entry "uid=test,ou=People,dc=xxxx,dc=edu,dc=cn"

adding new entry "cn=test,ou=Group,dc=xxxx,dc=edu,dc=cn"

 8、将linux系统用户导入ldap

[root@Centos7u6 ~]# vim ldapuser.sh

 

#!/bin/bash  
# extract local users and groups who have 1000-9999 digit UID  
# replace "SUFFIX=***" to your own domain name  
# this is an example  

SUFFIX='dc=xxxx,dc=edu,dc=cn'
LDIF='system2ldapuser.ldif'

echo -n > $LDIF
GROUP_IDS=()
grep "x:[1-9][0-9][0-9][0-9]:" /etc/passwd | (while read TARGET_USER
do
    USER_ID="$(echo "$TARGET_USER" | cut -d':' -f1)"

    USER_NAME="$(echo "$TARGET_USER" | cut -d':' -f5 | cut -d' ' -f1,2)"
    [ ! "$USER_NAME" ] && USER_NAME="$USER_ID"

    LDAP_SN="$(echo "$USER_NAME" | cut -d' ' -f2)"
    [ ! "$LDAP_SN" ] && LDAP_SN="$USER_NAME"

    LASTCHANGE_FLAG="$(grep "${USER_ID}:" /etc/shadow | cut -d':' -f3)"
    [ ! "$LASTCHANGE_FLAG" ] && LASTCHANGE_FLAG="0"

    SHADOW_FLAG="$(grep "${USER_ID}:" /etc/shadow | cut -d':' -f9)"
    [ ! "$SHADOW_FLAG" ] && SHADOW_FLAG="0"

    GROUP_ID="$(echo "$TARGET_USER" | cut -d':' -f4)"
    [ ! "$(echo "${GROUP_IDS[@]}" | grep "$GROUP_ID")" ] && GROUP_IDS=("${GROUP_IDS[@]}" "$GROUP_ID")

    echo "dn: uid=$USER_ID,ou=People,$SUFFIX" >> $LDIF
    echo "objectClass: inetOrgPerson" >> $LDIF
    echo "objectClass: posixAccount" >> $LDIF
    echo "objectClass: shadowAccount" >> $LDIF
    echo "sn: $LDAP_SN" >> $LDIF
    echo "givenName: $(echo "$USER_NAME" | awk '{print $1}')" >> $LDIF
    echo "cn: $USER_NAME" >> $LDIF
    echo "displayName: $USER_NAME" >> $LDIF
    echo "uidNumber: $(echo "$TARGET_USER" | cut -d':' -f3)" >> $LDIF
    echo "gidNumber: $(echo "$TARGET_USER" | cut -d':' -f4)" >> $LDIF
    echo "userPassword: {crypt}$(grep "${USER_ID}:" /etc/shadow | cut -d':' -f2)" >> $LDIF
    echo "gecos: $USER_NAME" >> $LDIF
    echo "loginShell: $(echo "$TARGET_USER" | cut -d':' -f7)" >> $LDIF
    echo "homeDirectory: $(echo "$TARGET_USER" | cut -d':' -f6)" >> $LDIF
    echo "shadowExpire: $(passwd -S "$USER_ID" | awk '{print $7}')" >> $LDIF
    echo "shadowFlag: $SHADOW_FLAG" >> $LDIF
    echo "shadowWarning: $(passwd -S "$USER_ID" | awk '{print $6}')" >> $LDIF
    echo "shadowMin: $(passwd -S "$USER_ID" | awk '{print $4}')" >> $LDIF
    echo "shadowMax: $(passwd -S "$USER_ID" | awk '{print $5}')" >> $LDIF
    echo "shadowLastChange: $LASTCHANGE_FLAG" >> $LDIF
    echo >> $LDIF
done

for TARGET_GROUP_ID in "${GROUP_IDS[@]}"
do
    LDAP_CN="$(grep ":${TARGET_GROUP_ID}:" /etc/group | cut -d':' -f1)"

    echo "dn: cn=$LDAP_CN,ou=Group,$SUFFIX" >> $LDIF
    echo "objectClass: posixGroup" >> $LDIF
    echo "cn: $LDAP_CN" >> $LDIF
    echo "gidNumber: $TARGET_GROUP_ID" >> $LDIF

    for MEMBER_UID in $(grep ":${TARGET_GROUP_ID}:" /etc/passwd | cut -d':' -f1,3)
    do
        UID_NUM=$(echo "$MEMBER_UID" | cut -d':' -f2)
        [ $UID_NUM -ge 1000 -a $UID_NUM -le 9999 ] && echo "memberUid: $(echo "$MEMBER_UID" | cut -d':' -f1)" >> $LDIF
    done
    echo >> $LDIF
done
)

 [root@Centos7u6 ~]# sh ldapuser.sh

 [root@Centos7u6 ~]# ldapadd -x -D cn=Manager,dc=xxxx,dc=edu,dc=cn -W -f system2ldapuser.ldif
Enter LDAP Password:
adding new entry "uid=wdm,ou=People,dc=xxxx,dc=edu,dc=cn"

adding new entry "cn=wdm,ou=Group,dc=xxxx,dc=edu,dc=cn"

三、安装配置phpLDAPadmin

1、安装apache

[root@Centos7u6 ~]# yum install httpd

[root@Centos7u6 ~]# firewall-cmd --add-service=http --permanent
success

[root@Centos7u6 ~]# firewall-cmd --reload
success

[root@Centos7u6 ~]# systemctl start httpd

[root@Centos7u6 ~]# systemctl enable httpd

2、安装php

[root@Centos7u6 ~]# yum install php php-mbstring php-pear

设置php时区

[root@Centos7u6 ~]# vi /etc/php.ini

# line 878: uncomment and add your timezone
date.timezone = "Asia/Shanghai"

[root@Centos7u6 ~]# systemctl restart httpd 

3、安装phpLDAPadmin  

[root@Centos7u6 ~]# yum install phpldapadmin

修改/etc/phpldapadmin/config.php

[root@Centos7u6 ~]# vim /etc/phpldapadmin/config.php

修改397、398行

$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

修改/etc/httpd/conf.d/phpldapadmin.conf

[root@Centos7u6 ~]# vim /etc/httpd/conf.d/phpldapadmin.conf

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs
<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    # line 12: add access permission
    Require local
    # 追加内容,设置允许访问 phpLDAPadmin 的 IP 段 
    Require ip 10.0.0.0/24

 重启动apache

[root@Centos7u6 ~]# systemctl restart httpd

访问phpLDAPadmin

http://ldap.xxxx.edu.cn/ldapadmin

 

ousamadm
关注
phpldapadmin工具安装(Centos7)
belialxing的专栏
04-10 1583
openLdap安装(安装包含:ldap安装、客户端sssd同步、ssh集成) 参考地址:https://blog.csdn.net/belialxing/article/details/87878614 如下是ldap客户端工具(phpldapadmin)的安装。 【防火墙关闭】 ######关闭防火墙 systemctl stop firewalld.service #停止f...
Centos7安装OpenLDAP
aen60571的博客
08-23 349
环境 系统版本:centos7.4 openldap版本2.4 安装配置 安装并启动服务 安装: yum install openldap openldap-servers openldap-clients 拷贝数据库配置文件 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_...
Openldap可视化工具PhpLdapAdmin服务配置
最新发布
weixin_43837718的博客
08-30 710
Openldap可视化工具PhpLdapAdmin服务配置
Centos7 安装配置OpenLdap服务端及phpadmin
12-13
Centos7 安装配置OpenLdap服务端及OpenLdap管理工具 CA认证配置 PHPLdapadmin
Centos7上部署LDAP服务
weixin_44014460的博客
05-01 849
部署一个ldap服务
LDAP&IMPLEMENTATION
K_irving_whj的博客
04-04 178
LDAP是轻量目录访问协议,英文全称是LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL,一般都简称为LDAP LDAP的特点 1.LDAP 是一种网络协议而不是数据库,而且LDAP的目录不是关系型的,没有RDBMS那么复杂, 2.LDAP不支持数据库的Transaction机制,纯粹的无状态、请求-响应的工作模式。 3.LDAP不能存储BLOB,LDAP的读写操作是非对称...
[原创] CentOS7OpenLDAP Server 安装配置使用 phpLDAPadmin 和 Java LDAP 访问 LDAP Server
04-26
以上内容详细介绍了在CentOS7环境下安装配置OpenLDAP服务器,使用phpLDAPadmin进行图形化管理,以及如何通过Java LDAP API与LDAP服务器进行数据交互。这些步骤对于构建企业级的身份认证和授权系统至关重要。在实际...
CentOS7安装openLDAPphpldapadmin.pdf
10-28
通过以上知识点的介绍,我们可以了解到在CentOS 7上搭建OpenLDAPPhpldapadmin的过程,以及相关的LDAP协议知识、目录服务概念、安装配置过程中可能遇到的问题及解决方法。熟练掌握这些知识点,将有助于在实际工作中...
CentOS7搭建openLDAPphpldapadmin实战指南
该资源是关于在 CentOS7 系统上安装配置 openLDAPphpldapadmin 的教程。内容涉及如何通过 yum 安装 openLDAP 相关组件,设置 DB_CONFIG 文件,启动和启用 slapd 服务,以及使用 ldapmodify 命令更新 LDAP ...
Centos7搭建LDAP
HK_boy的博客
05-11 621
设置docker开机自启。下载docker镜像。
Centos7OpenLDAP主从配置
05-16
本文档是参考了官网文档及网上多篇openldap安装及主从部署文档,详细描述了部署过程
centos7安装openldap
weixin_43776646的博客
01-10 1105
文章目录一、环境准备二、安装openldap三、安装phpldapadmin网页登陆 一、环境准备 yum -y install ntp* && ntpdate -u ntp.api.bz && setenforce 0&& systemctl disable firewalld.service && systemctl stop firewalld.service && shutdown -r now 二、安装openlda
centos7下搭建ldap服务器
无效的博客
01-14 1244
该密码是LADP服务器的管理员根密码,输入slappasswd后提示输入密码(123456)与确认密码,系统会输出一串加密后的字符串。创建monitor.ldif文件。编辑数据文件db.ldif。ldap服务器基础配置完成。
CentOS7安装OpenLdap(转)
完颜振江
01-10 518
安装: yum install openldap openldap-servers openldap-clients 拷贝数据库配置文件 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap:ldap /var/lib/ldap/DB_CONFIG DB_CONIFG中主要是关于Berkeley DB的相关的一些配置 启动OpenLDAP Server: systemctl start sl
centos7 安装LDAP
喵″的博客
10-19 6393
安装教程总结 (1)安装ldap yum install -y openldap openldap-clients openldap-servers migrationtools (2)修改根DN与添加密码 vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif olcSuffix: dc=cst,d
Centos7.9安装phpldapadmin
刘大猫
05-16 1216
是因为使用yum搜索某些rpm包,找不到包是因为CentOS是RedHat企业版编译过来的,去掉了所有关于版权问题的东西。:假设我们公司有自己的门户网站,现在我们收购了一家公司,他们数据库采用ldap存储用户数据,那么为了他们账户能登陆我们公司项目所以需要集成,而不是再把他们的账户重新在mysql再创建一遍,万一人家有1W个账户呢,不累死了且也不现实啊。修改apache端口号文件所在路径:/etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf。
centos7安装配置openldap
Enzo
01-07 463
更新yum源 yum update 安装软件包 yum -y install openldap openldap-clients openldap-servers openldap-devel 复制一个默认配置到指定目录下,并授权,这一步一定要做,然后再启动服务,不然生产密码时会报错 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 授权给ldap用户,此用户yum安装时便会自动创建 chown -R ldap.
Centos7搭建openldap+phpldapadmin以及相关简单需求配置
weixin_43404818的博客
08-31 3001
Centos7搭建openldap+phpldapadmin 一、基础配置配置yum源 [root@ldapserver ~]# wget http://mirrors.aliyun.com/repo/Centos-7.repo [root@ldapserver ~]# cd /etc/yum.repos.d/ [root@ldapserver ~]# mv CentOS-Base.repo CentOS-Base.repo.bak && mv Centos-7.repo Cent
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值