LDAP1-安装部署LDAP服务

基于Linux部署openldap服务

参考文档: https://blog.csdn.net/computer1024/article/details/78172785

参考文档:  https://www.cnblogs.com/linuxws/p/9084455.html

1.部署配置

#关闭SELINUX
vim /etc/sysconfig/selinux   # SELINUX=disabled
setenforce 0 

#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld


#安装了ldap工具
yum install -y openldap-servers openldap-clients migrationtools  #安装LDAP工具
slappasswd   #据提示输入密码会返回加密的密码字符串,保存好这个字符串

#配置数据库缓存
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown -R ldap:ldap /var/lib/ldap/


#测试配置文件
slaptest -u  #出现configfile testing successed 说明成功了

#启动ldap
systemctl start slapd.service 
systemctl enable slapd.service

#导入模板
ls /etc/openldap/schema/*.ldif | xargs -I {} sudo ldapadd -Y EXTERNAL -H ldapi:/// -f {}

2.安装phpldapadmin

#安装HTTPD
yum -y install httpd 

#修改配置文件
vim /etc/httpd/conf/httpd.conf #AllowOverride all

#启动服务测试
systemctl start httpd
systemctl enable httpd
curl 127.0.0.1

#安装phpldapadmin
cat /etc/yum.repos.d/epel.repo 
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7Server/x86_64/
enabled=1
gpgcheck=0

yum install phpldapadmin


#修改配置文件
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=my-domain,dc=com'));
$servers->setValue('login','auth_type','session');
$servers->setValue('login','attr','dn');

$servers->setValue('login','attr','dn'); #注释掉

#修改httpd配置文件
vim /etc/httpd/conf.d/phpldapadmin.conf 
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    Require local
    Require ip 192.168.0
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
  </IfModule>
</Directory>

#创建基础目录
vim /etc/openldap/base.ldif
dn: dc=my-domain,dc=com
o: ldap
objectclass: dcObject
objectclass: organization
dc: my-domain

#重启httpd服务
service restart httpd

#访问测试
http://192.168.0.41/phpldapadmin

 

3.登录

登录LDAP   cn=Manager,dc=my-domain,dc=com  123456

 

4.FAQ

1.如果要更改dc名称

vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={2}hdb.ldif

vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={1}monitor.ldif

posted @ 2019-03-08 21:32  Zeyangli  阅读(1377)  评论(0编辑  收藏  举报