基于Linux部署openldap服务

参考文档: https://blog.csdn.net/computer1024/article/details/78172785

参考文档:  https://www.cnblogs.com/linuxws/p/9084455.html

1.部署配置

#关闭SELINUX
vim /etc/sysconfig/selinux   # SELINUX=disabled
setenforce 0 

#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld


#安装了ldap工具
yum install -y openldap-servers openldap-clients migrationtools  #安装LDAP工具
slappasswd   #据提示输入密码会返回加密的密码字符串,保存好这个字符串


#配置数据库缓存
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 
chown -R ldap:ldap /var/lib/ldap/


#测试配置文件


slaptest -u  #出现configfile testing successed 说明成功了

#启动ldap


systemctl start slapd.service 
systemctl enable slapd.service

#导入模板


ls /etc/openldap/schema/*.ldif | xargs -I {} sudo ldapadd -Y EXTERNAL -H ldapi:/// -f {}






2.安装phpldapadmin




#安装HTTPD
yum -y install httpd 

#修改配置文件
vim /etc/httpd/conf/httpd.conf #AllowOverride all

#启动服务测试
systemctl start httpd
systemctl enable httpd
curl 127.0.0.1

#安装phpldapadmin
cat /etc/yum.repos.d/epel.repo 
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7Server/x86_64/
enabled=1
gpgcheck=0

yum install phpldapadmin


#修改配置文件
$servers->setValue(\'server\',\'host\',\'127.0.0.1\');
$servers->setValue(\'server\',\'port\',389);
$servers->setValue(\'server\',\'base\',array(\'dc=my-domain,dc=com\'));
$servers->setValue(\'login\',\'auth_type\',\'session\');
$servers->setValue(\'login\',\'attr\',\'dn\');

$servers->setValue(\'login\',\'attr\',\'dn\'); #注释掉

#修改httpd配置文件
vim /etc/httpd/conf.d/phpldapadmin.conf 
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    Require local
    Require ip 192.168.0
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
  </IfModule>
</Directory>

#创建基础目录
vim /etc/openldap/base.ldif
dn: dc=my-domain,dc=com
o: ldap
objectclass: dcObject
objectclass: organization
dc: my-domain

#重启httpd服务
service restart httpd

#访问测试
http://192.168.0.41/phpldapadmin





 


3.登录


登录LDAP   cn=Manager,dc=my-domain,dc=com  123456




 


4.FAQ


1.如果要更改dc名称


vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={2}hdb.ldif


vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={1}monitor.ldif







							

   
版权声明:本文为mascot1原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。



本文链接:https://www.cnblogs.com/mascot1/p/10498392.html