LDAP1-安装部署LDAP服务
基于Linux部署openldap服务
参考文档: https://blog.csdn.net/computer1024/article/details/78172785
参考文档: https://www.cnblogs.com/linuxws/p/9084455.html
1.部署配置
#关闭SELINUX
vim /etc/sysconfig/selinux # SELINUX=disabled
setenforce 0
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#安装了ldap工具
yum install -y openldap-servers openldap-clients migrationtools #安装LDAP工具
slappasswd #据提示输入密码会返回加密的密码字符串,保存好这个字符串
#配置数据库缓存
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown -R ldap:ldap /var/lib/ldap/
#测试配置文件
slaptest -u #出现configfile testing successed 说明成功了
#启动ldap
systemctl start slapd.service systemctl enable slapd.service
#导入模板
ls /etc/openldap/schema/*.ldif | xargs -I {} sudo ldapadd -Y EXTERNAL -H ldapi:/// -f {}
2.安装phpldapadmin
#安装HTTPD yum -y install httpd #修改配置文件 vim /etc/httpd/conf/httpd.conf #AllowOverride all #启动服务测试 systemctl start httpd systemctl enable httpd curl 127.0.0.1 #安装phpldapadmin cat /etc/yum.repos.d/epel.repo [epel] name=Extra Packages for Enterprise Linux 7 - $basearch baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7Server/x86_64/ enabled=1 gpgcheck=0 yum install phpldapadmin #修改配置文件 $servers->setValue('server','host','127.0.0.1'); $servers->setValue('server','port',389); $servers->setValue('server','base',array('dc=my-domain,dc=com')); $servers->setValue('login','auth_type','session'); $servers->setValue('login','attr','dn'); $servers->setValue('login','attr','dn'); #注释掉 #修改httpd配置文件 vim /etc/httpd/conf.d/phpldapadmin.conf Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs> <IfModule mod_authz_core.c> # Apache 2.4 Require local Require ip 192.168.0 </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory> #创建基础目录 vim /etc/openldap/base.ldif dn: dc=my-domain,dc=com o: ldap objectclass: dcObject objectclass: organization dc: my-domain #重启httpd服务 service restart httpd #访问测试 http://192.168.0.41/phpldapadmin
3.登录
登录LDAP cn=Manager,dc=my-domain,dc=com 123456
4.FAQ
1.如果要更改dc名称
vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={2}hdb.ldif
vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={1}monitor.ldif
关注公众号