溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

LDAP及phpLDAPAdmin部署

發(fā)布時間:2020-05-02 01:40:26 來源:網(wǎng)絡(luò) 閱讀:1678 作者:zjdevops 欄目:系統(tǒng)運維

系統(tǒng)環(huán)境

主機名

操作系統(tǒng)

IP地址

備注

node201

CentOS 7.6 x86_64

172.20.20.201


說明:以下均為超級管理員root用戶進行的操作

基礎(chǔ)環(huán)境配置

yum?install?-y?wget
wget?http://mirrors.aliyun.com/repo/Centos-7.repo
cp?Centos-7.repo?/etc/yum.repos.d/
cd?/etc/yum.repos.d/
mv?CentOS-Base.repo?CentOS-Base.repo.bak
mv?Centos-7.repo?CentOS-Base.repo
yum?clean?all
echo?-e?"172.20.20.201?www.node201.com?node201.com?node201"?>>?/etc/hosts
hostnamectl?set-hostname?node201
systemctl?stop?firewalld.service
sed?-i?'/SELINUX/s/enforcing/disabled/'?/etc/selinux/config?&&?setenforce?0&&?systemctl?disable?firewalld.service?&&?systemctl?stop?firewalld.service?&&?logout

安裝LDAP

yum?install?-y?openssl?openssl-devel
?
yum?-y?install?openldap?compat-openldap?openldap-clients?openldap-servers?openldap-servers-sql?openldap-devel?migrationtools
?
mkdir?-p?/var/lib/ldap

chown?-R?ldap:ldap?/var/lib/ldap

systemctl?start?slapd

查看LDAP版本及服務(wù)及端口

slapd?-VV
ps?-ef|grep?slapd
ss?-lntup|grep?38

LDAP及phpLDAPAdmin部署

配置LDAP管理員密碼

slappasswd

LDAP及phpLDAPAdmin部署

cd?/etc/openldap/
vi?chrootpw.ldif?
#?specify?the?password?generated?above?for?"olcRootPW"?section
dn:?olcDatabase={0}config,cn=config
changetype:?modify
add:?olcRootPW
olcRootPW:?{SSHA}c22zti7umHh8l1HGbFSHMQ4eXGMWEoYS

#?wq?保存退出
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-f?chrootpw.ldif

LDAP及phpLDAPAdmin部署

導(dǎo)入Schema

ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/cosine.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/nis.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/collective.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/corba.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/core.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/duaconf.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/dyngroup.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/inetorgperson.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/java.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/misc.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/openldap.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/pmi.ldif
ldapadd?-Y?EXTERNAL?-H?ldapi:///?-D?"cn=config"?-f?/etc/openldap/schema/ppolicy.ldif

LDAP及phpLDAPAdmin部署


修改配置文件

cp?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif.bak
sed?-i??'s#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g'?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif

cp?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif.bak
sed?-i?'s#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=node201,dc=com#g'?/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif


配置LdAP的DN

?假設(shè)我這里的ROOT DN為使用本地域名為node201.com

slappasswd

LDAP及phpLDAPAdmin部署

vi?chdomain.ldif?
#?replace?to?your?own?domain?name?for?"dc=***,dc=***"?section
#?specify?the?password?generated?above?for?"olcRootPW"?section
dn:?olcDatabase={1}monitor,cn=config
changetype:?modify
replace:?olcAccess
olcAccess:?{0}to?*?by?dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
??read?by?dn.base="cn=Manager,dc=node201,dc=com"?read?by?*?none

dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
replace:?olcSuffix
olcSuffix:?dc=node201,dc=com

dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
replace:?olcRootDN
olcRootDN:?cn=Manager,dc=node201,dc=com

dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
add:?olcRootPW
olcRootPW:?{SSHA}dmlBn+z3eUR4YYtOGMnoUUnWGxc8tyDJ

dn:?olcDatabase={2}hdb,cn=config
changetype:?modify
add:?olcAccess
olcAccess:?{0}to?attrs=userPassword,shadowLastChange?by
??dn="cn=Manager,dc=node201,dc=com"?write?by?anonymous?auth?by?self?write?by?*?none
olcAccess:?{2}to?dn.base=""?by?*?read
olcAccess:?{2}to?*?by?dn="cn=Manager,dc=node201,dc=com"?write?by?*?read

#wq!保存退出
ldapmodify?-Y?EXTERNAL?-H?ldapi:///?-f?chdomain.ldif

LDAP及phpLDAPAdmin部署

導(dǎo)入Base domain

vi?basedomain.ldif?

dn:?dc=node201,dc=com
dc:?node201
objectClass:?top
objectClass:?domain

dn:?ou=dev,dc=node201,dc=com
ou:?dev
objectClass:?top
objectClass:?organizationalUnit

dn:?ou=test,dc=node201,dc=com
ou:?test
objectClass:?top
objectClass:?organizationalUnit

#wq!?保存退出
ldapadd?-x?-D?cn=Manager,dc=node201,dc=com?-W?-f?basedomain.ldif?????#第二次創(chuàng)建的密碼,我這里第一次和第二次都是同一個密碼

LDAP及phpLDAPAdmin部署

查詢驗證

ldapsearch??-x?-b?"dc=node201,dc=com"

LDAP及phpLDAPAdmin部署

支持LDAP安裝成功,現(xiàn)在若要添加記錄,則必須要使用ldapadd命令添加條目,是否有圖形界面可以操作或查看其目錄結(jié)構(gòu)呢?答案是有的,那就是:phpLDAPAdmin,下面介紹如何部署phpLDAPAdmin

安裝phpLDAPAdmin

yum?-y?install?httpd
mv?/etc/httpd/conf.d/welcome.conf?/etc/httpd/conf.d/welcome.conf.bak
sed?-i?"s/#ServerName?www.example.com:80/ServerName?www.node201.com:80/g"?/etc/httpd/conf/httpd.conf
cp?/etc/httpd/conf/httpd.conf??/etc/httpd/conf/httpd.conf.bak
sed?-i?'151s/AllowOverride?None/AllowOverride?All/g'??/etc/httpd/conf/httpd.conf
sed?-i?'164s/DirectoryIndex?index.html/DirectoryIndex?index.html?index.cgi?index.php/g'??/etc/httpd/conf/httpd.conf
systemctl?start?httpd
systemctl?enable?httpd
echo?"Apache?is?OK"?>>?/var/www/html/index.html
curl?-I?http://www.node201.com/

LDAP及phpLDAPAdmin部署

安裝PHP

yum?-y?install?php?php-mbstring?php-pear
cp??/etc/php.ini?/etc/php.ini.bak
sed?-i??'878s#;date.timezone?=#date.timezone?=?"Asia/Shanghai"#g'?/etc/php.ini?
systemctl?restart?httpd
cat?>?/var/www/html/index.php?<<?EOF
<?php
phpinfo()
?>
EOF

訪問:http://172.20.20.201/index.php

出現(xiàn)如下界面,則表示PHP配置OK

LDAP及phpLDAPAdmin部署

安裝phpLDAP admin

wget?http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm?-ivh?epel-release-latest-7.noarch.rpm
yum?repolist
yum?--enablerepo=epel?-y?install?phpldapadmin
cp?/etc/phpldapadmin/config.php?/etc/phpldapadmin/config.php.bak
vi?/etc/phpldapadmin/config.php
#將第397和398行
????//?$servers->setValue('login','attr','dn');
????$servers->setValue('login','attr','uid');
????改為如下
????$servers->setValue('login','attr','dn');
????//?$servers->setValue('login','attr','uid');
????
vi?/etc/httpd/conf.d/phpldapadmin.conf?
#添加如下內(nèi)容
#
#??Web-based?tool?for?managing?LDAP?servers
#
?
Alias?/phpldapadmin?/usr/share/phpldapadmin/htdocs
Alias?/ldapadmin?/usr/share/phpldapadmin/htdocs
?
<Directory?/usr/share/phpldapadmin/htdocs>
??<IfModule?mod_authz_core.c>
????#?Apache?2.4
????Require?local
????Require?ip?172.20.0.0/8????????
??</IfModule>
??<IfModule?!mod_authz_core.c>
????#?Apache?2.2
????Order?Deny,Allow
????Deny?from?all
????Allow?from?127.0.0.1
????Allow?from?::1
??</IfModule>
</Directory>

###?:wq?保存
chown?-R?apache.apache?/usr/share/phpldapadmin
systemctl?restart?httpd.service

最后訪問

http://172.20.20.201/ldapadmin/

輸入上面建立的管理員用戶名及密碼

LDAP及phpLDAPAdmin部署

LDAP及phpLDAPAdmin部署

至此LDAP及phpLDAPAdmin全部部署完成


向AI問一下細節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI