LDAP1-安装部署LDAP服务

时间:2021-06-07 19:41:24

基于Linux部署openldap服务

参考文档: https://blog.csdn.net/computer1024/article/details/78172785

参考文档:  https://www.cnblogs.com/linuxws/p/9084455.html

1.部署配置

#关闭SELINUX vim /etc/sysconfig/selinux   # SELINUX=disabled setenforce 0 #关闭防火墙 systemctl stop firewalld systemctl disable firewalld


#安装了ldap工具
yum install -y openldap-servers openldap-clients migrationtools  #安装LDAP工具
slappasswd   #据提示输入密码会返回加密的密码字符串,保存好这个字符串
 
 
#配置数据库缓存
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 
chown -R ldap:ldap /var/lib/ldap/


#测试配置文件
 
 
slaptest -u  #出现configfile testing successed 说明成功了

#启动ldap
 
 
systemctl start slapd.service 
systemctl enable slapd.service

#导入模板
 
 
ls /etc/openldap/schema/*.ldif | xargs -I {} sudo ldapadd -Y EXTERNAL -H ldapi:/// -f {}
 
 
 




2.安装phpldapadmin
 

 
 
#安装HTTPD yum -y install httpd #修改配置文件 vim /etc/httpd/conf/httpd.conf #AllowOverride all #启动服务测试 systemctl start httpd systemctl enable httpd curl 127.0.0.1 #安装phpldapadmin cat /etc/yum.repos.d/epel.repo [epel] name=Extra Packages for Enterprise Linux 7 - $basearch baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7Server/x86_64/
enabled=1 gpgcheck=0

yum install phpldapadmin #修改配置文件 $servers->setValue('server','host','127.0.0.1'); $servers->setValue('server','port',389); $servers->setValue('server','base',array('dc=my-domain,dc=com')); $servers->setValue('login','auth_type','session'); $servers->setValue('login','attr','dn'); $servers->setValue('login','attr','dn'); #注释掉 #修改httpd配置文件 vim /etc/httpd/conf.d/phpldapadmin.conf Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c> # Apache 2.4 Require local Require ip 192.168.0
  </IfModule>
  <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1
  </IfModule>
</Directory> #创建基础目录 vim /etc/openldap/base.ldif dn: dc=my-domain,dc=com o: ldap objectclass: dcObject objectclass: organization dc: my-domain #重启httpd服务 service restart httpd #访问测试 http://192.168.0.41/phpldapadmin

 

 

 
 

3.登录



登录LDAP   cn=Manager,dc=my-domain,dc=com  123456
 

LDAP1-安装部署LDAP服务
 

 
 

4.FAQ
 

1.如果要更改dc名称
 

vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={2}hdb.ldif
 

vim /etc/openldap/slapd.d/cn\=config\/olcDatabase\={1}monitor.ldif
标签:
相关文章