OpenLDAP服务端+PhpLdapAdmin 基本安装与配置

参考了一些其他人写的一些关于安装配置OpenLDAP的文章，于是乎手痒痒也自己动手尝试了一下安装与配置OpenLDAP，并安装PhpLdapAdmin用来通过WEB界面去管理LDAP。

下面就详细介绍如何一步步安装配置LDAP服务器，仅供参考~

1 yum安装OpenLDAP

[root@ha-3 yum.repos.d]# yum install openldap openldap-* -y
[root@ha-3 yum.repos.d]# rpm -qa | grep openldap
openldap-servers-2.4.40-12.el6.x86_64
openldap-devel-2.4.40-12.el6.x86_64
openldap-servers-sql-2.4.40-12.el6.x86_64
openldap-clients-2.4.40-12.el6.x86_64
openldap-2.4.40-12.el6.x86_64

2 配置ldap，包括准备DB_CONFIG和slapd.conf

[root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

3 生成ldap管理员密码

[root@ha-3 yum.repos.d]# slappasswd -s ldap123
{SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ

4 修改slapd.conf，主要配置dc和rootpw，rootpw配置为上述步骤中的密码

database        bdb
suffix          "dc=esgyn,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=esgyn,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
rootpw                  {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ

5 检测并重新生成ldap数据库

[root@cent-1 slapd.d]# ls
cn=config  cn=config.ldif
[root@cent-1 slapd.d]# rm -rf *
[root@cent-1 slapd.d]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
config file testing succeeded

6 修改相关ldap文件权限

[root@ha-3 yum.repos.d]# chown -R ldap:ldap /var/lib/ldap/
[root@ha-3 yum.repos.d]# chown -R ldap:ldap /etc/openldap/

7 启动slapd服务

[root@cent-1 ~]# service slapd status
slapd is stopped
[root@cent-1 ~]# service slapd start
Starting slapd:                                            [  OK  ]

8 yum安装migrationtools

[root@cent-1 slapd.d]# yum install migrationtools -y

9 编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "esgyn.com";

# Default base
$DEFAULT_BASE = "dc=esgyn,dc=com";

10 生成base.ldif

[root@cent-1 slapd.d]# /usr/share/migrationtools/migrate_base.pl >base.ldif

11 添加base.ldif到ldap

[root@cent-1 migrationtools]# ldapadd -x -D "cn=Manager,dc=esgyn,dc=com" -W -f ./base.ldif
Enter LDAP Password:
adding new entry "dc=esgyn,dc=com"

adding new entry "ou=Hosts,dc=esgyn,dc=com"

adding new entry "ou=Rpc,dc=esgyn,dc=com"

adding new entry "ou=Services,dc=esgyn,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=esgyn,dc=com"

adding new entry "ou=Mounts,dc=esgyn,dc=com"

adding new entry "ou=Networks,dc=esgyn,dc=com"

adding new entry "ou=People,dc=esgyn,dc=com"

adding new entry "ou=Group,dc=esgyn,dc=com"

adding new entry "ou=Netgroup,dc=esgyn,dc=com"

adding new entry "ou=Protocols,dc=esgyn,dc=com"

adding new entry "ou=Aliases,dc=esgyn,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=esgyn,dc=com"

12 检查ldapadd是否成功

[root@cent-1 migrationtools]# ldapsearch -x -D "cn=Manager,dc=esgyn,dc=com" -b "ou=Aliases,dc=esgyn,dc=com" -W
# extended LDIF
#
# LDAPv3
# base <ou=Aliases,dc=esgyn,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Aliases, hadoop.com
dn: ou=Aliases,dc=esgyn,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

13 yum安装httpd及PhpLdapAdmin

[root@cent-1 migrationtools]# yum install httpd phpldapadmin -y

14 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Allow from all
</Directory>

15 修改/etc/phpldapadmin/config.php配置用DN登录

$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

16 启动httpd服务

[root@cent-1 migrationtools]# service httpd status
httpd is stopped
[root@cent-1 migrationtools]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.16 for ServerName
[  OK  ]

17 打开Web UI并登录LDAP