快速搭建ldap
搭建搭到想吐
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
yum - y install php php - mysql php - gd libjpeg * php - imap php - ldap php - odbc php - pear php - xml php - xmlrpc php - mbstring php - mcrypt php - bcmath php - mhash libmcrypt libmcrypt - devel php - fpm
yum - y install http
yum - y install openldap openldap - servers openldap - clients openldap - devel compat - openldap db4 db4 - utils
1. 创建slapd.conf配置文件
cat slapd.conf|grep - v "#"
include / etc / openldap / schema / corba.schema
include / etc / openldap / schema / core.schema
include / etc / openldap / schema / cosine.schema
include / etc / openldap / schema / duaconf.schema
include / etc / openldap / schema / dyngroup.schema
include / etc / openldap / schema / inetorgperson.schema
include / etc / openldap / schema / java.schema
include / etc / openldap / schema / misc.schema
include / etc / openldap / schema / nis.schema
include / etc / openldap / schema / openldap.schema
include / etc / openldap / schema / ppolicy.schema
include / etc / openldap / schema / collective.schema
allow bind_v2 pidfile / var / run / openldap / slapd.pid
argsfile / var / run / openldap / slapd.args
loglevel 1
TLSCACertificatePath / etc / openldap / certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile / etc / openldap / certs / password
database config access to *
by dn.exact = "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
database monitor access to *
by dn.exact = "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact = "cn=Manager,dc=my-domain,dc=com" read
by * none
database bdb suffix "dc=test,dc=com"
checkpoint 1024 15
rootdn "cn=admin,dc=test,dc=com"
rootpw admin directory / var / lib / ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub 2. 启动
/ usr / sbin / slapd - f slapd.conf
web界面操作 3. 版本 phpldapadmin - 1.2 . 3
cat phpldapadmin.conf # # Web-based tool for managing LDAP servers # Alias / phpldapadmin / usr / share / phpldapadmin / htdocs
Alias / ldapadmin / usr / share / phpldapadmin / htdocs
<Directory / usr / share / phpldapadmin / htdocs>
Order Allow,Deny
Allow from all
Allow from 127.0 . 0.1
Allow from :: 1
< / Directory>
4.ldapadmin web界面建立ou
碰到PLA灰色,做下面的操作 vim base.ldif dn: dc = test,dc = com
objectClass: dcObject objectClass: organization dc: test o: Corporation description: d Corporation ldapadd - f base.ldif - x - D cn = admin,dc = test,dc = com - W
5. 用命令建立系统cn,web界面也可以
vim zxy.ldif # zxy, people, example.com dn: uid = zxy,ou = people,dc = example,dc = com
uid: zxy cn: zxy objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: 111111
shadowLastChange: 14323
shadowMax: 99999
shadowWarning: 7
loginShell: / bin / bash
uidNumber: 1005
gidNumber: 1005
homeDirectory: / home / zxy
ldapadd - f base.ldif - x - D cn = admin,dc = test,dc = com - W
ldapadd - x - D "cn = root,dc = example,dc = com" - W - f zxy.ldif
Ldapsearch - x –b “dc = example,dc = com"
注意事项是一些映射关系的对于,比如ldap的userid对应于一些系统不同字段。 |
最后ldapadmin config.php 要改。真是坑。
应该有用吧。心累。
本文转自 liqius 51CTO博客,原文链接:http://blog.51cto.com/szgb17/1940636,如需转载请自行联系原作者