LDAP及phpLDAPAdmin部署-创新互联
系统环境
专注于为中小企业提供成都网站设计、成都做网站服务,电脑端+手机端+微信端的三站合一,更高效的管理,为中小企业谢通门免费做网站提供优质的服务。我们立足成都,凝聚了一批互联网行业人才,有力地推动了超过千家企业的稳健成长,帮助中小企业通过网站建设实现规模扩充和转变。主机名 | 操作系统 | IP地址 | 备注 |
node201 | CentOS 7.6 x86_64 | 172.20.20.201 |
说明:以下均为超级管理员root用户进行的操作
基础环境配置
yum install -y wget wget http://mirrors.aliyun.com/repo/Centos-7.repo cp Centos-7.repo /etc/yum.repos.d/ cd /etc/yum.repos.d/ mv CentOS-Base.repo CentOS-Base.repo.bak mv Centos-7.repo CentOS-Base.repo yum clean all echo -e "172.20.20.201 www.node201.com node201.com node201" >> /etc/hosts hostnamectl set-hostname node201 systemctl stop firewalld.service sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config && setenforce 0&& systemctl disable firewalld.service && systemctl stop firewalld.service && logout安装LDAP
yum install -y openssl openssl-devel yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools mkdir -p /var/lib/ldap chown -R ldap:ldap /var/lib/ldap systemctl start slapd查看LDAP版本及服务及端口
slapd -VV ps -ef|grep slapd ss -lntup|grep 38配置LDAP管理员密码
slappasswdcd /etc/openldap/ vi chrootpw.ldif # specify the password generated above for "olcRootPW" section dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}c22zti7umHh8l1HGbFSHMQ4eXGMWEoYS # wq 保存退出 ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif导入Schema
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/collective.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/corba.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/core.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/duaconf.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/dyngroup.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/java.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/misc.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/openldap.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/pmi.ldif ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/ppolicy.ldif修改配置文件
cp /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif.bak sed -i 's#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g' /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif cp /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif.bak sed -i 's#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g' /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif配置LdAP的DN
假设我这里的ROOT DN为使用本地域名为node201.com
slappasswdvi chdomain.ldif # replace to your own domain name for "dc=***,dc=***" section # specify the password generated above for "olcRootPW" section dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=node201,dc=com" read by * none dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=node201,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=Manager,dc=node201,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}dmlBn+z3eUR4YYtOGMnoUUnWGxc8tyDJ dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=node201,dc=com" write by anonymous auth by self write by * none olcAccess: {2}to dn.base="" by * read olcAccess: {2}to * by dn="cn=Manager,dc=node201,dc=com" write by * read #wq!保存退出ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif导入Base domain
vi basedomain.ldif dn: dc=node201,dc=com dc: node201 objectClass: top objectClass: domain dn: ou=dev,dc=node201,dc=com ou: dev objectClass: top objectClass: organizationalUnit dn: ou=test,dc=node201,dc=com ou: test objectClass: top objectClass: organizationalUnit #wq! 保存退出ldapadd -x -D cn=Manager,dc=node201,dc=com -W -f basedomain.ldif #第二次创建的密码,我这里第一次和第二次都是同一个密码查询验证
ldapsearch -x -b "dc=node201,dc=com"支持LDAP安装成功,现在若要添加记录,则必须要使用ldapadd命令添加条目,是否有图形界面可以操作或查看其目录结构呢?答案是有的,那就是:phpLDAPAdmin,下面介绍如何部署phpLDAPAdmin
安装phpLDAPAdmin
yum -y install httpd mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak sed -i "s/#ServerName www.example.com:80/ServerName www.node201.com:80/g" /etc/httpd/conf/httpd.conf cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak sed -i '151s/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf sed -i '164s/DirectoryIndex index.html/DirectoryIndex index.html index.cgi index.php/g' /etc/httpd/conf/httpd.conf systemctl start httpd systemctl enable httpd echo "Apache is OK" >> /var/www/html/index.html curl -I http://www.node201.com/安装PHP
yum -y install php php-mbstring php-pear cp /etc/php.ini /etc/php.ini.bak sed -i '878s#;date.timezone =#date.timezone = "Asia/Shanghai"#g' /etc/php.ini systemctl restart httpd cat > /var/www/html/index.php << EOF EOF访问:http://172.20.20.201/index.php
出现如下界面,则表示PHP配置OK
安装phpLDAP admin
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -ivh epel-release-latest-7.noarch.rpm yum repolist yum --enablerepo=epel -y install phpldapadmin cp /etc/phpldapadmin/config.php /etc/phpldapadmin/config.php.bak vi /etc/phpldapadmin/config.php #将第397和398行 // $servers->setValue('login','attr','dn'); $servers->setValue('login','attr','uid'); 改为如下 $servers->setValue('login','attr','dn'); // $servers->setValue('login','attr','uid'); vi /etc/httpd/conf.d/phpldapadmin.conf #添加如下内容 # # Web-based tool for managing LDAP servers # Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs最后访问
http://172.20.20.201/ldapadmin/
输入上面建立的管理员用户名及密码
至此LDAP及phpLDAPAdmin全部部署完成
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
网站标题:LDAP及phpLDAPAdmin部署-创新互联
当前网址:http://scyanting.com/article/dijiph.html