LDAP Account Manager(LAM)采用PHP4/5编写,是基于Web的LDAP用户、用户组、主机和LDAP目录的管理系统,管理员可以通过加密的方式进行操作,增强了安全性。LAM支持管理的帐号类型有Samba2/3、Unix地址簿接口和计算机需要的信息,包括NIS映射、E-mail假名,MAC地址等。
LDAP Account Manager强大功能
1、使用LAM,可以通过Web接口较为直观的、简便的管理存储在LDAP目录里的用户、用户组和计算机系统账户。
2、管理Unix的用户、用户组、主机、域名。
3、强大的过滤和排序功能。
4、帐号属性管理。
5、多构造属性。
6、直观树状查看模式。
7、计划查看模式。
8、通过文件上传创建帐号。
9、所有帐号可导出为PDF文件格式。
10、管理用户、用户组、配额和自动创建删除用户的Home目录。
11、支持LDAP+SSL加密模式。
12、多国语言支持,如Catalan、Chinese(Traditional)等。
安装需求
1、PHP5语言环境和Perl语言环境。
2、OpenLDAP2.0或更高版本。
3、支持CSS的网页浏览器。
4、Apache WebServer,建议安装SSL、PHP-Module(PHP-Module with ldap、Gettext、XML、Mcrypt+mhash)等模块。
安装Openssl
[root@chenyi ldmp]# tar zxf openssl-1.0.0e.tar.gz [root@chenyi ldmp]# cd openssl-1.0.0e [root@chenyi openssl-1.0.0e]# ./config --prefix=/software/ssl --openssldir=/software/openssl shared [root@chenyi openssl-1.0.0e]# make && make test &&make install
|
1
2
3
4
|
[
root
@
chenyi
ldmp
]
# tar zxf openssl-1.0.0e.tar.gz
[
root
@
chenyi
ldmp
]
# cd openssl-1.0.0e
[
root
@
chenyi
openssl
-
1.0.0e
]
# ./config --prefix=/software/ssl --openssldir=/software/openssl shared
[
root
@
chenyi
openssl
-
1.0.0e
]
# make && make test &&make install
|
安装apr
[root@chenyi ldmp]# tar zxf apr-1.4.5.tar.gz [root@chenyi ldmp]# cd apr-1.4.5 [root@chenyi apr-1.4.5]# ./configure --prefix=/software/apr [root@chenyi apr-1.4.5]# make && make install
|
1
2
3
4
|
[
root
@
chenyi
ldmp
]
# tar zxf apr-1.4.5.tar.gz
[
root
@
chenyi
ldmp
]
# cd apr-1.4.5
[
root
@
chenyi
apr
-
1.4.5
]
# ./configure --prefix=/software/apr
[
root
@
chenyi
apr
-
1.4.5
]
# make && make install
|
安装apr-util
[root@chenyi apr-util-1.3.12]# tar zxf apr-util-1.3.12.tar.gz [root@chenyi apr-util-1.3.12]# cd apr-util-1.3.12 [root@chenyi apr-util-1.3.12]# ./configure --prefix=/software/apr-util --with-apr=/software/apr/ --with-ldap-include=/software/openldap/include/ --with-ldap-lib=/software/openldap/lib/ --with-berkeley-db=/software/BerkeleyDB.5.2/ [root@chenyi apr-util-1.3.12]# make && make install
|
1
2
3
|
[
root
@
chenyi
apr
-
util
-
1.3.12
]
# tar zxf apr-util-1.3.12.tar.gz
[
root
@
chenyi
apr
-
util
-
1.3.12
]
# cd apr-util-1.3.12
[
root
@
chenyi
apr
-
util
-
1.3.12
]
# ./configure --prefix=/software/apr-util --with-apr=/software/apr/ --with-ldap-include=/software/openldap/include/ --with-ldap-lib=/software/openldap/lib/ --with-berkeley-db=/software/BerkeleyDB.5.2/ [root@chenyi apr-util-1.3.12]# make && make install
|
安装Apache [这里我多次尝试使用2.2.29版进行编译,但终遇到各种挫折,由于没有得到完善的解决,所以选用了2.2.21,根据你的需要,可酌情删减编译参数]
[root@chenyi httpd-2.2.21]# tar zxf httpd-2.2.21.tar.gz [root@chenyi httpd-2.2.21]# cd httpd-2.2.21 [root@chenyi httpd-2.2.21]# ./configure --prefix=/software/apache2 --sysconfdir=/etc/httpd --enable-ssl --with-ssl=/software/openssl/ --with-z=/software/zlib/ --enable-rewrite=shared --enable-static-support --enable-deflate=shared --enable-so --enable-dav --enable-dav-fs --enable-ldap --enable-authnz-ldap --with-included-apr --with-ldap --with-ldap-include=/software/openldap/include/ --with-ldap-lib=/software/openldap/lib --with-apr=/software/apr/bin/apr-1-config --with-apr-util=/software/apr-util/bin/apu-1-config [root@chenyi httpd-2.2.21]# make && make install
|
1
2
3
4
|
[
root
@
chenyi
httpd
-
2.2.21
]
# tar zxf httpd-2.2.21.tar.gz
[
root
@
chenyi
httpd
-
2.2.21
]
# cd httpd-2.2.21
[
root
@
chenyi
httpd
-
2.2.21
]
# ./configure --prefix=/software/apache2 --sysconfdir=/etc/httpd --enable-ssl --with-ssl=/software/openssl/ --with-z=/software/zlib/ --enable-rewrite=shared --enable-static-support --enable-deflate=shared --enable-so --enable-dav --enable-dav-fs --enable-ldap --enable-authnz-ldap --with-included-apr --with-ldap --with-ldap-include=/software/openldap/include/ --with-ldap-lib=/software/openldap/lib --with-apr=/software/apr/bin/apr-1-config --with-apr-util=/software/apr-util/bin/apu-1-config
[
root
@
chenyi
httpd
-
2.2.21
]
# make && make install
|
安装gettext
[root@chenyi ldmp]# tar zxf gettext-0.17.tar.gz [root@chenyi ldmp]# cd gettext-0.17 [root@chenyi gettext-0.17]# ./configure --prefix=/software/gettext [root@chenyi gettext-0.17]# make && make install
|
1
2
3
4
|
[
root
@
chenyi
ldmp
]
# tar zxf gettext-0.17.tar.gz
[
root
@
chenyi
ldmp
]
# cd gettext-0.17
[
root
@
chenyi
gettext
-
0.17
]
# ./configure --prefix=/software/gettext
[
root
@
chenyi
gettext
-
0.17
]
# make && make install
|
加入配置库搜索路径
[root@chenyi gettext-0.17]# echo "/software/gettext/lib/" >> /etc/ld.so.conf && ldconfig -v [root@chenyi gettext-0.17]# rpm -qa | grep zlib-devel 检测zlib-devel 如果没安装则yum zlib-devel-1.2.3-27.el6.i686
|
1
2
3
|
[
root
@
chenyi
gettext
-
0.17
]
# echo "/software/gettext/lib/" >> /etc/ld.so.conf && ldconfig -v
[
root
@
chenyi
gettext
-
0.17
]
# rpm -qa | grep zlib-devel 检测zlib-devel 如果没安装则yum
zlib
-
devel
-
1.2.3
-
27.el6.i686
|
添加PHP支持
[root@chenyi ldmp]# tar zxf php-5.2.6.tar.gz [root@chenyi ldmp]# cd php-5.2.6 [root@chenyi php-5.2.6]# ./configure --prefix=/software/php --enable-zip --with-config-file-path=/software/php/etc --with-apxs2=/software/apache2/bin/apxs --with-libxml-dir=/software/libxml2 --with-png-dir=/software/libpng --with-jpeg-dir=/software/jpeg6 --with-freetype-dir=/software/freetype/ --with-gd=/software/gd2/ --with-ldap=/software/openldap/ --with-gettext=/software/gettext/ --with-zlib-dir=/software/zlib/ --with-mcrypt=/software/libmcrypt --enable-soap --enable-mbstring=all--enable-sockets [root@chenyi php-5.2.6]# make && make install
|
1
2
3
4
|
[
root
@
chenyi
ldmp
]
# tar zxf php-5.2.6.tar.gz
[
root
@
chenyi
ldmp
]
# cd php-5.2.6
[
root
@
chenyi
php
-
5.2.6
]
# ./configure --prefix=/software/php --enable-zip --with-config-file-path=/software/php/etc --with-apxs2=/software/apache2/bin/apxs --with-libxml-dir=/software/libxml2 --with-png-dir=/software/libpng --with-jpeg-dir=/software/jpeg6 --with-freetype-dir=/software/freetype/ --with-gd=/software/gd2/ --with-ldap=/software/openldap/ --with-gettext=/software/gettext/ --with-zlib-dir=/software/zlib/ --with-mcrypt=/software/libmcrypt --enable-soap --enable-mbstring=all--enable-sockets
[
root
@
chenyi
php
-
5.2.6
]
# make && make install
|
创建php配置文件
[root@chenyi php-5.2.6]# cp php.ini-dist /software/php/etc/php.ini #创建配置文件 [root@chenyi php-5.2.6]# vi /etc/httpd/httpd.conf #修改ServerName 添加相关配置 LoadModule php5_module modules/libphp5.so #查看是否有这一行 AddType application/x-httpd-php .php .php4 .php5 .php .phtml #查看是否有这一行,(表示以这些扩展名结尾的文件,在apache中使用php解析器解析)。
|
1
2
3
4
|
[
root
@
chenyi
php
-
5.2.6
]
# cp php.ini-dist /software/php/etc/php.ini #创建配置文件
[
root
@
chenyi
php
-
5.2.6
]
# vi /etc/httpd/httpd.conf #修改ServerName 添加相关配置
LoadModule
php5_module
modules
/
libphp5
.
so
#查看是否有这一行
AddType
application
/
x
-
httpd
-
php
.
php
.
php4
.
php5
.
php
.
phtml
#查看是否有这一行,(表示以这些扩展名结尾的文件,在apache中使用php解析器解析)。
|
接着重启apache服务器,创建一个php文件访问则可以看到结果了!这里也没什么必要演示了
下载LAM压缩包,然后解压后修改php.ini,内容如下
[root@chenyi ldmp]# tar zxf ldap-account-manager-3.7.RC1.tar.gz [root@chenyi ldmp]# mv ldap-account-manager-3.7.RC1 /software/apache2/htdocs/lam [root@chenyi config]# pwd #进入config目录,创建配置文件 /software/apache2/htdocs/lam/config [root@chenyi config]# cp config.cfg_sample config.cfg [root@chenyi ~]# /software/openldap/sbin/slappasswd -s itchenyi #使用slappasswd生成密码 {SSHA}WakGiZTwkh5e2MD8vgy9AUf9h18l6YlG
|
1
2
3
4
5
6
7
|
[
root
@
chenyi
ldmp
]
# tar zxf ldap-account-manager-3.7.RC1.tar.gz
[
root
@
chenyi
ldmp
]
# mv ldap-account-manager-3.7.RC1 /software/apache2/htdocs/lam
[
root
@
chenyi
config
]
# pwd #进入config目录,创建配置文件
/
software
/
apache2
/
htdocs
/
lam
/
config
[root@chenyi config]# cp config.cfg_sample config.cfg [root@chenyi config]# cp config/lam.conf_sample config/lam.conf #vim /config/lam.conf //修改lam.conf设定档
[
root
@
chenyi
~
]
# /software/openldap/sbin/slappasswd -s itchenyi #使用slappasswd生成密码
{
SSHA
}
WakGiZTwkh5e2MD8vgy9AUf9h18l6YlG
|
新建ldif文件 注:ldif文件中,每一行中冒号后有一个空格,行尾一定不能有空格(同时也可以通过migrationtools这个组件来建立ldif文件)
dn: dc=itchenyi, dc=com objectClass: dcObject objectClass: organization o: itchenyi Inc dc: itchenyi dn: cn=Manager, dc=itchenyi, dc=com objectCalss: organizationalRole cn: Manager dn: ou=group, dc=itchenyi, dc=com objectClass: top objectClass: organizationalUnit ou: group dn: ou=it, dc=itchenyi, dc=com objectClass: top objectClass: organizationalUnit ou: it
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
dn
:
dc
=
itchenyi
,
dc
=
com
objectClass
:
dcObject
objectClass
:
organization
o
:
itchenyi
Inc
dc
:
itchenyi
dn
:
cn
=
Manager
,
dc
=
itchenyi
,
dc
=
com
objectCalss
:
organizationalRole
cn
:
Manager
dn
:
ou
=
group
,
dc
=
itchenyi
,
dc
=
com
objectClass
:
top
objectClass
:
organizationalUnit
ou
:
group
dn
:
ou
=
it
,
dc
=
itchenyi
,
dc
=
com
objectClass
:
top
objectClass
:
organizationalUnit
ou
:
it
|
复制模版文件(如果没有,你在通过-d 256 调试时可以看到显著的错误)
[root@chenyi config]# cp /software/openldap/etc/openldap/DB_CONFIG.example /software/openldap/var/openldap-data/DB_CONFIG
|
1
|
[
root
@
chenyi
config
]
# cp /software/openldap/etc/openldap/DB_CONFIG.example /software/openldap/var/openldap-data/DB_CONFIG
|
关闭slapd进程,导入ldif文件
[root@chenyi config]# kill -INT `cat /software/openldap/var/run/slapd.pid` [root@chenyi config]# /software/openldap/sbin/slapadd -v -l ./itchenyi.ldif
|
1
2
|
[
root
@
chenyi
config
]
# kill -INT `cat /software/openldap/var/run/slapd.pid`
[
root
@
chenyi
config
]
# /software/openldap/sbin/slapadd -v -l ./itchenyi.ldif
|
几个常用选项:
1: -v选项表示启用verbose模式,即输出执行中的具体信息。
2: -l表示后面附加ldif文件。
3:-d 指定debug向日志文件输出信息,后面跟日志级别。
4: -f 指定要读取的配置文件。
启动服务进程
[root@chenyi config]# /software/openldap/libexec/slapd -d 256
通过http://ip/lam 进行访问
创建配置文件可以通过默认密码lam 进行编辑创建
LDAP access Manager
3956
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
