OpenLDAP服务端+PhpLdapAdmin 基本安装与配置
转载:http://blog.****.net/post_yuan/article/details/53129735
参考了一些其他人写的一些关于安装配置OpenLDAP的文章,于是乎手痒痒也自己动手尝试了一下安装与配置OpenLDAP,并安装PhpLdapAdmin用来通过WEB界面去管理LDAP。
下面就详细介绍如何一步步安装配置LDAP服务器,仅供参考~
1 yum安装OpenLDAP
- <span style="font-size:14px;">[[email protected] yum.repos.d]# yum install openldap openldap-* -y
- [[email protected] yum.repos.d]# rpm -qa | grep openldap
- openldap-servers-2.4.40-12.el6.x86_64
- openldap-devel-2.4.40-12.el6.x86_64
- openldap-servers-sql-2.4.40-12.el6.x86_64
- openldap-clients-2.4.40-12.el6.x86_64
- openldap-2.4.40-12.el6.x86_64
- </span>
2 配置ldap,包括准备DB_CONFIG和slapd.conf
- <span style="font-size:14px;">[[email protected] yum.repos.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
- [[email protected] yum.repos.d]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf</span>
3 生成ldap管理员密码
- <span style="font-size:14px;">[[email protected] yum.repos.d]# slappasswd -s ldap123
- {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ</span>
4 修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
- <span style="font-size:14px;">database bdb
- suffix "dc=esgyn,dc=com"
- checkpoint 1024 15
- rootdn "cn=Manager,dc=esgyn,dc=com"
- # Cleartext passwords, especially for the rootdn, should
- # be avoided. See slappasswd(8) and slapd.conf(5) for details.
- # Use of strong authentication encouraged.
- # rootpw secret
- # rootpw {crypt}ijFYNcSNctBYg
- rootpw {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ</span>
5 检测并重新生成ldap数据库
- <span style="font-size:14px;">[[email protected] slapd.d]# ls
- cn=config cn=config.ldif
- [[email protected] slapd.d]# rm -rf *
- [[email protected] slapd.d]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
- config file testing succeeded</span>
6 修改相关ldap文件权限
- <span style="font-size:14px;">[[email protected] yum.repos.d]# chown -R ldap:ldap /var/lib/ldap/
- [[email protected] yum.repos.d]# chown -R ldap:ldap /etc/openldap/</span>
7 启动slapd服务
- <span style="font-size:14px;">[[email protected] ~]# service slapd status
- slapd is stopped
- [[email protected] ~]# service slapd start
- Starting slapd: [ OK ]</span>
- <span style="font-size:14px;">[[email protected] slapd.d]# yum install migrationtools -y</span>
- <span style="font-size:14px;"># Default DNS domain
- $DEFAULT_MAIL_DOMAIN = "esgyn.com";
- # Default base
- $DEFAULT_BASE = "dc=esgyn,dc=com";
- </span>
- <span style="font-size:14px;">[[email protected] slapd.d]# /usr/share/migrationtools/migrate_base.pl >base.ldif</span>
- <span style="font-size:14px;">[[email protected] migrationtools]# ldapadd -x -D "cn=Manager,dc=esgyn,dc=com" -W -f ./base.ldif
- Enter LDAP Password:
- adding new entry "dc=esgyn,dc=com"
- adding new entry "ou=Hosts,dc=esgyn,dc=com"
- adding new entry "ou=Rpc,dc=esgyn,dc=com"
- adding new entry "ou=Services,dc=esgyn,dc=com"
- adding new entry "nisMapName=netgroup.byuser,dc=esgyn,dc=com"
- adding new entry "ou=Mounts,dc=esgyn,dc=com"
- adding new entry "ou=Networks,dc=esgyn,dc=com"
- adding new entry "ou=People,dc=esgyn,dc=com"
- adding new entry "ou=Group,dc=esgyn,dc=com"
- adding new entry "ou=Netgroup,dc=esgyn,dc=com"
- adding new entry "ou=Protocols,dc=esgyn,dc=com"
- adding new entry "ou=Aliases,dc=esgyn,dc=com"
- adding new entry "nisMapName=netgroup.byhost,dc=esgyn,dc=com"</span>
- <span style="font-size:14px;">[[email protected] migrationtools]# ldapsearch -x -D "cn=Manager,dc=esgyn,dc=com" -b "ou=Aliases,dc=esgyn,dc=com" -W
- # extended LDIF
- #
- # LDAPv3
- # base <ouou=Aliases,dc=esgyn,dc=com> with scope subtree
- # filter: (objectclass=*)
- # requesting: ALL
- #
- # Aliases, hadoop.com
- dn: ou=Aliases,dc=esgyn,dc=com
- ou: Aliases
- objectClass: top
- objectClass: organizationalUnit
- # search result
- search: 2
- result: 0 Success
- # numResponses: 2
- # numEntries: 1</span>
- <span style="font-size:14px;">[[email protected] migrationtools]# yum install httpd phpldapadmin -y</span>
- <span style="font-size:14px;">Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
- Alias /ldapadmin /usr/share/phpldapadmin/htdocs
- <Directory /usr/share/phpldapadmin/htdocs>
- Order Deny,Allow
- Allow from all
- </Directory></span>
15 修改/etc/phpldapadmin/config.php配置用DN登录
- <span style="font-size:14px;">$servers->setValue('login','attr','dn');
- // $servers->setValue('login','attr','uid');</span>
- <span style="font-size:14px;">[[email protected] migrationtools]# service httpd status
- httpd is stopped
- [[email protected] migrationtools]# service httpd start
- Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.16 for ServerName
- [ OK ]</span>
17 打开Web UI并登录LDAP