您好,登录后才能下订单哦!
密码登录
登录注册
点击 登录注册 即表示同意《亿速云用户服务条款》
今天小编给大家分享的是openldap安装与配置的详细介绍,相信大部分人都不太了解,为了让大家更加了解,小编给大家总结了以下内容,话不多说,一起往下看吧。
目前的架构分为如下两种:
互联网命名组织架构
流程:
objectClass分为如下几类
~]# yum -y install wget curl git
~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
~]# yum -y install epel-release
~]# yum -y install openldap openldap-servers openldap-clients compat-openladp openldap-devel migrationtools
~]# cd /etc/openldap/
~]# mv slapd.d/ slapd.d.bak
~]# mkdir slapd.d && slappasswd #生成密钥
New password:
Re-enter new password:
{SSHA}CYZ2put971vDLOeZVvbG7W9E3aOjantN
~]# cp /usr/share/openldap-servers/slapd.ldif /etc/openldap/
#### 配置schema加载
~]# vim /etc/openldap/slapd.ldif
cn: schema
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/collective.ldif
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/pmi.ldif
include: file:///etc/openldap/schema/ppolicy.ldif
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" read by dn.base="cn=admin,dc=neuvision,dc=ai" read by * none
olcSuffix: dc=neuvision,dc=ai
olcRootDN: cn=admin,dc=neuvision,dc=ai
olcRootPW: {SSHA}WslU/LDXGf/WTLLYGafxBzmT6y1CDabz
~ ]# slapadd -n 0 -F /etc/openldap/slapd.d -l slapd.ldif #生成配置
~]# chown -R ldap.ldap /etc/openldap/slapd.d
~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG #拷贝数据库配置文件
~]# chown ldap.ldap -R /var/lib/ldap/
~]# systemctl start slapd && systemctl enable slapd #服务启动
~]# vim /usr/share/migrationtools/migrate_common.ph #导入数据脚本配置
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "51cto.com";
# Default base
$DEFAULT_BASE = "dc=51cto,dc=com";
# such as person.
$EXTENDED_SCHEMA = 1;
~ ]# /usr/share/migrationtools/migrate_base.pl > /etc/openldap/basedomain.ldif #生成domain(域)文件
~ ]# ldapadd -x -D cn=admin,dc=51cto,dc=com -W -f /etc/openldap/basedomain.ldif #添加条目
~]# mkdir /root/ldif && cd /root/ldif
~]# vim config_init.ldif
dn: dc=51cto,dc=com
objectClass: dcObject
objectClass: organization
o: wanghui
dc: neuvision
~]# ldapadd -x -D "cn=admin,dc=51cto,dc=com" -W -f config_init.ldif
~]# ldapsearch -x -b 'dc=51cto,dc=com' '(objectClass=*)' #查询记录
~]# ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q #ladpi查询
系统文件: /etc/openldap/ldap.conf
用户文件:$HOME/ldaprc $HOME/.ldaprc
ldapsearch -x -W -D 'cn=admin,dc=51cto,dc=com' -H ldaps://10.18.99.41 #连接ldap
主配置文件布局如下:
dn: cn=config
dn: cn=module,cn=config
dn: cn=schema,cn=config
dn: olcDatabase=config,cn=config
~ ]# /usr/share/migrationtools/migrate_base.pl > /etc/openldap/basedomain.ldif #生成domain(域)文件
# 需要创建好一些用户和组,并且将用户添加到组,groupadd DEV,useradd wanghui -g DEV
~]# tail -3 /etc/group > system_group
DEV:x:1003:
OPS:x:1004:
QA:x:1005:
~]# tail -4 /etc/passwd > system_user
zhangsan:x:1000:1004::/home/zhansan:/bin/bash
lisi:x:1001:1003::/home/lisi:/bin/bash
wangwu:x:1002:1003::/home/wangwu:/bin/bash
mazi:x:1003:1005::/home/mazi:/bin/bash
~]#ldapadd -x -W -D "cn=admin,dc=51cto,dc=com" -f base.ldif
~]# ldapadd -x -W -D "cn=admin,dc=51cto,dc=com" -f group.ldif # 添加组到ldap
~]# ldapadd -x -W -D "cn=admin,dc=51cto,dc=com" -f user.ldif
~]# mkdir /data/logs/slapd
~]# touch /data/logs/slapd/slapd.log
~]# chown ldap:ldap /data/logs/slapd/ -R
----- 创建日志ldif
~]# vim log.ldif
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: stats
~]# ldapadd -Y EXTERNAL -H ldapi:/// -f log.ldif #加载配置
~]# cat /etc/openldap/slapd.d/cn\=config.ldif #检查是否加载成功
olcLogLevel: stats
~]# vim /etc/rsyslog.conf #配置日志
local7.* /var/log/boot.log
local4.* /data/logs/slapd/slapd.log
~ ]# systemctl restart rsyslog
~]# systemctl restart slapd
~]# vim /etc/logrotate.d/slapd
/data/logs/slapd/slapd.log {
daily
rotate 5
copytruncate
dateext
missingok
}
~]# systemctl restart rsyslog
~]# logrotate -f /etc/logrotate.d/slapd #测试日志切割
~]# ldapsearch -x -LLL uid=wanghui #查询用户。然后看日志是否正常
~]# yum -y install phpldapadmin
~]# vim /etc/httpd/conf.d/phpldapadmin.conf
<VirtualHost *:80>
ServerName ldap.51cto.com
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs
<Directory /usr/share/phpldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
</VirtualHost>
~]# vim /etc/phpldapadmin/config.php
$servers->setValue('login','attr','dn');
~ ]# systemctl start httpd && systemctl enable httpd
~]# cat config_init.ldif
dn: dc=51cto,dc=com
objectClass: dcObject
objectClass: organization
o: wanghui
dc: neuvision
~]# ldapadd -x -D 'cn=admin,dc=neuvision,dc=ai' -W -f config_init.ldif
Generic: Organisational Unit
密码类型是ssha
选择对应的GID
选择对应的loginshell
----------
返回终端查询下创建的用户
~]# ldapsearch -x -LL -b '51cto,dc=com' '(uid=whui)'
~]# ldapsearch -x -LL uid=whui
~#] vim /etc/phpldapadmin/config.php
$config->custom->appearance['hide_template_warning'] = true;
~#]systemctl restart httpd
以上就是openldap安装与配置的详细内容了,看完之后是否有所收获呢?如果想了解更多相关内容,欢迎关注亿速云行业资讯!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。