溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
系統環境
主機名 | 操作系統 | IP地址 | 備注 |
node201 | CentOS 7.6 x86_64 | 172.20.20.201 |
說明:以下均為超級管理員root用戶進行的操作
基礎環境配置
yum?install?-y?wget wget?http://mirrors.aliyun.com/repo/Centos-7.repo cp?Centos-7.repo?/etc/yum.repos.d/ cd?/etc/yum.repos.d/ mv?CentOS-Base.repo?CentOS-Base.repo.bak mv?Centos-7.repo?CentOS-Base.repo yum?clean?all echo?-e?"172.20.20.201?www.node201.com?node201.com?node201"?>>?/etc/hosts hostnamectl?set-hostname?node201 systemctl?stop?firewalld.service sed?-i?'/SELINUX/s/enforcing/disabled/'?/etc/selinux/config?&&?setenforce?0&&?systemctl?disable?firewalld.service?&&?systemctl?stop?firewalld.service?&&?logout
安裝LDAP
yum?install?-y?openssl?openssl-devel ? yum?-y?install?openldap?compat-openldap?openldap-clients?openldap-servers?openldap-servers-sql?openldap-devel?migrationtools ? mkdir?-p?/var/lib/ldap chown?-R?ldap:ldap?/var/lib/ldap systemctl?start?slapd
查看LDAP版本及服務及端口
slapd?-VV ps?-ef|grep?slapd ss?-lntup|grep?38
配置LDAP管理員密碼
slappasswd
cd?/etc/openldap/
vi?chrootpw.ldif?
#?specify?the?password?generated?above?for?"olcRootPW"?section
dn:?olcDatabase={0}config,cn=config
changetype:?modify
add:?olcRootPW
olcRootPW:?{SSHA}c22zti7umHh8l1HGbFSHMQ4eXGMWEoYS
#?wq?保存退出
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-f?chrootpw.ldif
導入Schema
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/cosine.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/nis.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/collective.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/corba.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/core.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/duaconf.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/dyngroup.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/inetorgperson.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/java.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/misc.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/openldap.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/pmi.ldif ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/ppolicy.ldif
修改配置文件
cp?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif.bak
sed?-i??'s#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g'?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
cp?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif.bak
sed?-i?'s#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g'?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif配置LdAP的DN
?假設我這里的ROOT DN為使用本地域名為node201.com
slappasswd
vi?chdomain.ldif?
#?replace?to?your?own?domain?name?for?"dc=***,dc=***"?section
#?specify?the?password?generated?above?for?"olcRootPW"?section
dn:?olcDatabase={1}monitor,cn=config
changetype:?modify
replace:?olcAccess
olcAccess:?{0}to?*?by?dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
??read?by?dn.base="cn=Manager,dc=node201,dc=com"?read?by?*?none
dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
replace:?olcSuffix
olcSuffix:?dc=node201,dc=com
dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
replace:?olcRootDN
olcRootDN:?cn=Manager,dc=node201,dc=com
dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
add:?olcRootPW
olcRootPW:?{SSHA}dmlBn+z3eUR4YYtOGMnoUUnWGxc8tyDJ
dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
add:?olcAccess
olcAccess:?{0}to?attrs=userPassword,shadowLastChange?by
??dn="cn=Manager,dc=node201,dc=com"?write?by?anonymous?auth?by?self?write?by?*?none
olcAccess:?{2}to?dn.base=""?by?*?read
olcAccess:?{2}to?*?by?dn="cn=Manager,dc=node201,dc=com"?write?by?*?read
#wq!保存退出ldapmodify?-Y?EXTERNAL?-H?ldapi:///?-f?chdomain.ldif
導入Base domain
vi?basedomain.ldif? dn:?dc=node201,dc=com dc:?node201 objectClass:?top objectClass:?domain dn:?ou=dev,dc=node201,dc=com ou:?dev objectClass:?top objectClass:?organizationalUnit dn:?ou=test,dc=node201,dc=com ou:?test objectClass:?top objectClass:?organizationalUnit #wq!?保存退出
ldapadd?-x?-D?cn=Manager,dc=node201,dc=com?-W?-f?basedomain.ldif?????#第二次創建的密碼,我這里第一次和第二次都是同一個密碼
查詢驗證
ldapsearch??-x?-b?"dc=node201,dc=com"
支持LDAP安裝成功,現在若要添加記錄,則必須要使用ldapadd命令添加條目,是否有圖形界面可以操作或查看其目錄結構呢?答案是有的,那就是:phpLDAPAdmin,下面介紹如何部署phpLDAPAdmin
安裝phpLDAPAdmin
yum?-y?install?httpd mv?/etc/httpd/conf.d/welcome.conf?/etc/httpd/conf.d/welcome.conf.bak sed?-i?"s/#ServerName?www.example.com:80/ServerName?www.node201.com:80/g"?/etc/httpd/conf/httpd.conf cp?/etc/httpd/conf/httpd.conf??/etc/httpd/conf/httpd.conf.bak sed?-i?'151s/AllowOverride?None/AllowOverride?All/g'??/etc/httpd/conf/httpd.conf sed?-i?'164s/DirectoryIndex?index.html/DirectoryIndex?index.html?index.cgi?index.php/g'??/etc/httpd/conf/httpd.conf systemctl?start?httpd systemctl?enable?httpd echo?"Apache?is?OK"?>>?/var/www/html/index.html curl?-I?http://www.node201.com/
安裝PHP
yum?-y?install?php?php-mbstring?php-pear cp??/etc/php.ini?/etc/php.ini.bak sed?-i??'878s#;date.timezone?=#date.timezone?=?"Asia/Shanghai"#g'?/etc/php.ini? systemctl?restart?httpd cat?>?/var/www/html/index.php?<<?EOF <?php phpinfo() ?> EOF
訪問:http://172.20.20.201/index.php
出現如下界面,則表示PHP配置OK
安裝phpLDAP admin
wget?http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm?-ivh?epel-release-latest-7.noarch.rpm
yum?repolist
yum?--enablerepo=epel?-y?install?phpldapadmin
cp?/etc/phpldapadmin/config.php?/etc/phpldapadmin/config.php.bak
vi?/etc/phpldapadmin/config.php
#將第397和398行
????//?$servers->setValue('login','attr','dn');
????$servers->setValue('login','attr','uid');
????改為如下
????$servers->setValue('login','attr','dn');
????//?$servers->setValue('login','attr','uid');
????
vi?/etc/httpd/conf.d/phpldapadmin.conf?
#添加如下內容
#
#??Web-based?tool?for?managing?LDAP?servers
#
?
Alias?/phpldapadmin?/usr/share/phpldapadmin/htdocs
Alias?/ldapadmin?/usr/share/phpldapadmin/htdocs
?
<Directory?/usr/share/phpldapadmin/htdocs>
??<IfModule?mod_authz_core.c>
????#?Apache?2.4
????Require?local
????Require?ip?172.20.0.0/8????????
??</IfModule>
??<IfModule?!mod_authz_core.c>
????#?Apache?2.2
????Order?Deny,Allow
????Deny?from?all
????Allow?from?127.0.0.1
????Allow?from?::1
??</IfModule>
</Directory>
###?:wq?保存
chown?-R?apache.apache?/usr/share/phpldapadmin
systemctl?restart?httpd.service最后訪問
http://172.20.20.201/ldapadmin/
輸入上面建立的管理員用戶名及密碼
至此LDAP及phpLDAPAdmin全部部署完成
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
