- isilon里很多可配置项都是从模板
/etc/mcp/templates
生成,故要先备份模板:
cp -frv /etc/mcp/templates /ifs/data/template.init
cp -frv /etc/mcp/templates /ifs/data/template.conf
- 修改
/ifs/data/template.conf/apache2.conf
添加 LDAP 模块:
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
- 给根目录添加
LDAP
支持,给每个用户跳转到名字所在的目录/ifs/data/template.conf/apache2.conf
:
<Directory "$$SERVER_ROOT$$">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
$$WEBDAV_COMMENT$$ DAV On
AuthBasicProvider ldap
AuthType Basic
AuthName "Login to isilon file server"
AuthLDAPUrl "ldap://192.168.10.31:389/dc=higkoo,dc=com?uid?sub?(objectClass=posixAccount)"
AuthzLDAPAuthoritative On
AuthLDAPBindDN "cn=isilon,ou=emc,ou=users,dc=higkoo,dc=com"
AuthLDAPBindPassword "YourPassWords"
Require valid-user
</Directory>
<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} ^(.+)
RewriteRule ^/(.*)?$ /%1/$1
</IfModule>
- 给管理后台添加IP限制
/ifs/data/template.conf/webui_httpd.conf
:
# </IfModule>
<Location "/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from 192.168.10.31 172.11.22.33
</Location>
# <Directory />
- 将配置分发到集群各个节点:
isi_for_array 'cp -fv /ifs/data/template.conf/apache2.conf /ifs/data/template.conf/webui_httpd.conf /etc/mcp/templates/'
isi services -a apache2 disable
isi services -a apache2 enable
-
验证访问效果:
-
测试验证:
$ ftp isilon.file.cn
Connected to isilon.file.cn.
220-Isilon OneFS v7.2.1.1
220
Name (shd-isilon.baka.im:root): higkoo
331 Please specify the password.
Password: ********
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-rw-r-- 1 ftp ftp 2137295 May 24 22:20 tengine-2.1.2.tar.gz
226 Directory send OK.
#-------------- download ----------------------#
$ curl -I -u higkoo isilon.file.cn/tengine-2.1.2.tar.gz
Enter host password for user 'higkoo': ********
HTTP/1.1 200 OK
Date: Wed, 25 May 2016 17:59:44 GMT
Server: Apache/2.2.31 (FreeBSD) DAV/2
Last-Modified: Tue, 24 May 2016 22:20:49 GMT
ETag: "100014095-209ccf-5339df81bb240"
Accept-Ranges: bytes
Content-Length: 2137295
Content-Type: application/x-gzip