千家信息网

LDAP及phpLDAPAdmin部署

发表于:2024-12-12 作者:千家信息网编辑
千家信息网最后更新 2024年12月12日,系统环境主机名操作系统IP地址备注node201CentOS 7.6 x86_64172.20.20.201说明:以下均为超级管理员root用户进行的操作基础环境配置yum install -y wg
千家信息网最后更新 2024年12月12日LDAP及phpLDAPAdmin部署

系统环境

主机名

操作系统

IP地址

备注

node201

CentOS 7.6 x86_64

172.20.20.201


说明:以下均为超级管理员root用户进行的操作

基础环境配置

yum install -y wgetwget http://mirrors.aliyun.com/repo/Centos-7.repocp Centos-7.repo /etc/yum.repos.d/cd /etc/yum.repos.d/mv CentOS-Base.repo CentOS-Base.repo.bakmv Centos-7.repo CentOS-Base.repoyum clean allecho -e "172.20.20.201 www.node201.com node201.com node201" >> /etc/hostshostnamectl set-hostname node201systemctl stop firewalld.servicesed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config && setenforce 0&& systemctl disable firewalld.service && systemctl stop firewalld.service && logout

安装LDAP

yum install -y openssl openssl-devel yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools mkdir -p /var/lib/ldapchown -R ldap:ldap /var/lib/ldapsystemctl start slapd

查看LDAP版本及服务及端口

slapd -VVps -ef|grep slapdss -lntup|grep 38

配置LDAP管理员密码

slappasswd

cd /etc/openldap/vi chrootpw.ldif # specify the password generated above for "olcRootPW" sectiondn: olcDatabase={0}config,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}c22zti7umHh8l1HGbFSHMQ4eXGMWEoYS# wq 保存退出ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif

导入Schema

ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/cosine.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/nis.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/collective.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/corba.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/core.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/duaconf.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/dyngroup.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/inetorgperson.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/java.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/misc.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/openldap.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/pmi.ldifldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/ppolicy.ldif


修改配置文件

cp /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif.baksed -i  's#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g' /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldifcp /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif.baksed -i 's#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g' /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif


配置LdAP的DN

假设我这里的ROOT DN为使用本地域名为node201.com

slappasswd

vi chdomain.ldif # replace to your own domain name for "dc=***,dc=***" section# specify the password generated above for "olcRootPW" sectiondn: olcDatabase={1}monitor,cn=configchangetype: modifyreplace: olcAccessolcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"  read by dn.base="cn=Manager,dc=node201,dc=com" read by * nonedn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcSuffixolcSuffix: dc=node201,dc=comdn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcRootDNolcRootDN: cn=Manager,dc=node201,dc=comdn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}dmlBn+z3eUR4YYtOGMnoUUnWGxc8tyDJdn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcAccessolcAccess: {0}to attrs=userPassword,shadowLastChange by  dn="cn=Manager,dc=node201,dc=com" write by anonymous auth by self write by * noneolcAccess: {2}to dn.base="" by * readolcAccess: {2}to * by dn="cn=Manager,dc=node201,dc=com" write by * read#wq!保存退出
ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

导入Base domain

vi basedomain.ldif dn: dc=node201,dc=comdc: node201objectClass: topobjectClass: domaindn: ou=dev,dc=node201,dc=comou: devobjectClass: topobjectClass: organizationalUnitdn: ou=test,dc=node201,dc=comou: testobjectClass: topobjectClass: organizationalUnit#wq! 保存退出
ldapadd -x -D cn=Manager,dc=node201,dc=com -W -f basedomain.ldif     #第二次创建的密码,我这里第一次和第二次都是同一个密码

查询验证

ldapsearch  -x -b "dc=node201,dc=com"

支持LDAP安装成功,现在若要添加记录,则必须要使用ldapadd命令添加条目,是否有图形界面可以操作或查看其目录结构呢?答案是有的,那就是:phpLDAPAdmin,下面介绍如何部署phpLDAPAdmin

安装phpLDAPAdmin

yum -y install httpdmv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.baksed -i "s/#ServerName www.example.com:80/ServerName www.node201.com:80/g" /etc/httpd/conf/httpd.confcp /etc/httpd/conf/httpd.conf  /etc/httpd/conf/httpd.conf.baksed -i '151s/AllowOverride None/AllowOverride All/g'  /etc/httpd/conf/httpd.confsed -i '164s/DirectoryIndex index.html/DirectoryIndex index.html index.cgi index.php/g'  /etc/httpd/conf/httpd.confsystemctl start httpdsystemctl enable httpdecho "Apache is OK" >> /var/www/html/index.htmlcurl -I http://www.node201.com/

安装PHP

yum -y install php php-mbstring php-pearcp  /etc/php.ini /etc/php.ini.baksed -i  '878s#;date.timezone =#date.timezone = "Asia/Shanghai"#g' /etc/php.ini systemctl restart httpdcat > /var/www/html/index.php << EOFEOF

访问:http://172.20.20.201/index.php

出现如下界面,则表示PHP配置OK

安装phpLDAP admin

wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmrpm -ivh epel-release-latest-7.noarch.rpmyum repolistyum --enablerepo=epel -y install phpldapadmincp /etc/phpldapadmin/config.php /etc/phpldapadmin/config.php.bakvi /etc/phpldapadmin/config.php#将第397和398行    // $servers->setValue('login','attr','dn');    $servers->setValue('login','attr','uid');    改为如下    $servers->setValue('login','attr','dn');    // $servers->setValue('login','attr','uid');    vi /etc/httpd/conf.d/phpldapadmin.conf #添加如下内容##  Web-based tool for managing LDAP servers# Alias /phpldapadmin /usr/share/phpldapadmin/htdocsAlias /ldapadmin /usr/share/phpldapadmin/htdocs       # Apache 2.4    Require local    Require ip 172.20.0.0/8                # Apache 2.2    Order Deny,Allow    Deny from all    Allow from 127.0.0.1    Allow from ::1  ### :wq 保存chown -R apache.apache /usr/share/phpldapadminsystemctl restart httpd.service

最后访问

http://172.20.20.201/ldapadmin/

输入上面建立的管理员用户名及密码

至此LDAP及phpLDAPAdmin全部部署完成


0