OpenLDAP服务端+PhpLdapAdmin 基本安装与配置
2016-11-11 16:53
459 查看
参考了一些其他人写的一些关于安装配置OpenLDAP的文章,于是乎手痒痒也自己动手尝试了一下安装与配置OpenLDAP,并安装PhpLdapAdmin用来通过WEB界面去管理LDAP。
下面就详细介绍如何一步步安装配置LDAP服务器,仅供参考~
1 yum安装OpenLDAP
2 配置ldap,包括准备DB_CONFIG和slapd.conf
3 生成ldap管理员密码
4 修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
5 检测并重新生成ldap数据库
6 修改相关ldap文件权限
7 启动slapd服务
15 修改/etc/phpldapadmin/config.php配置用DN登录
17 打开Web UI并登录LDAP
下面就详细介绍如何一步步安装配置LDAP服务器,仅供参考~
1 yum安装OpenLDAP
[root@ha-3 yum.repos.d]# yum install openldap openldap-* -y [root@ha-3 yum.repos.d]# rpm -qa | grep openldap openldap-servers-2.4.40-12.el6.x86_64 openldap-devel-2.4.40-12.el6.x86_64 openldap-servers-sql-2.4.40-12.el6.x86_64 openldap-clients-2.4.40-12.el6.x86_64 openldap-2.4.40-12.el6.x86_64
2 配置ldap,包括准备DB_CONFIG和slapd.conf
[root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@ha-3 yum.repos.d]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
3 生成ldap管理员密码
[root@ha-3 yum.repos.d]# slappasswd -s ldap123 {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ
4 修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
database bdb suffix "dc=esgyn,dc=com" checkpoint 1024 15 rootdn "cn=Manager,dc=esgyn,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg rootpw {SSHA}iVje00GFFMDTkymLvxTF3lA7aRgiWRwZ
5 检测并重新生成ldap数据库
[root@cent-1 slapd.d]# ls cn=config cn=config.ldif [root@cent-1 slapd.d]# rm -rf * [root@cent-1 slapd.d]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ config file testing succeeded
6 修改相关ldap文件权限
[root@ha-3 yum.repos.d]# chown -R ldap:ldap /var/lib/ldap/ [root@ha-3 yum.repos.d]# chown -R ldap:ldap /etc/openldap/
7 启动slapd服务
[root@cent-1 ~]# service slapd status slapd is stopped [root@cent-1 ~]# service slapd start Starting slapd: [ OK ]8 yum安装migrationtools
[root@cent-1 slapd.d]# yum install migrationtools -y9 编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置
# Default DNS domain $DEFAULT_MAIL_DOMAIN = "esgyn.com"; # Default base $DEFAULT_BASE = "dc=esgyn,dc=com";10 生成base.ldif
[root@cent-1 slapd.d]# /usr/share/migrationtools/migrate_base.pl >base.ldif11 添加base.ldif到ldap
[root@cent-1 migrationtools]# ldapadd -x -D "cn=Manager,dc=esgyn,dc=com" -W -f ./base.ldif Enter LDAP Password: adding new entry "dc=esgyn,dc=com" adding new entry "ou=Hosts,dc=esgyn,dc=com" adding new entry "ou=Rpc,dc=esgyn,dc=com" adding new entry "ou=Services,dc=esgyn,dc=com" adding new entry "nisMapName=netgroup.byuser,dc=esgyn,dc=com" adding new entry "ou=Mounts,dc=esgyn,dc=com" adding new entry "ou=Networks,dc=esgyn,dc=com" adding new entry "ou=People,dc=esgyn,dc=com" adding new entry "ou=Group,dc=esgyn,dc=com" adding new entry "ou=Netgroup,dc=esgyn,dc=com" adding new entry "ou=Protocols,dc=esgyn,dc=com" adding new entry "ou=Aliases,dc=esgyn,dc=com" adding new entry "nisMapName=netgroup.byhost,dc=esgyn,dc=com"12 检查ldapadd是否成功
[root@cent-1 migrationtools]# ldapsearch -x -D "cn=Manager,dc=esgyn,dc=com" -b "ou=Aliases,dc=esgyn,dc=com" -W # extended LDIF # # LDAPv3 # base <ou=Aliases,dc=esgyn,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # Aliases, hadoop.com dn: ou=Aliases,dc=esgyn,dc=com ou: Aliases objectClass: top objectClass: organizationalUnit # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 113 yum安装httpd及PhpLdapAdmin
[root@cent-1 migrationtools]# yum install httpd phpldapadmin -y14 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs> Order Deny,Allow Allow from all </Directory>
15 修改/etc/phpldapadmin/config.php配置用DN登录
$servers->setValue('login','attr','dn'); // $servers->setValue('login','attr','uid');16 启动httpd服务
[root@cent-1 migrationtools]# service httpd status httpd is stopped [root@cent-1 migrationtools]# service httpd start Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.0.16 for ServerName [ OK ]
17 打开Web UI并登录LDAP
相关文章推荐
- OpenLDAP服务端+PhpLdapAdmin 基本安装与配置
- OpenLDAP 服务端安装与配置
- [转]Solaris10从下载、安装到基本配置过程
- AD学习笔记8——活动目录服务的基本安装和配置
- Win2000活动目录服务的基本安装和配置
- nagios全攻略(二)----基本安装和配置(下) 推荐
- 安装Sarge(二) 配置基本系统
- nagios全攻略(二)----基本安装和配置(上)
- OpenLDAP安装配置中需要注意的问题
- Solaris10从下载、安装到基本配置过程
- Debian 基本系统安装和配置
- linux下weblogic的安装以及基本配置
- PHP安装配置,基本语法
- Mysql快速安装与基本配置
- Ubuntu - Edgy Eft 下安装配置OpenLDAP
- IBM P服务器的Linux基本安装和配置
- Struts的安装与基本配置