在CentOS 6.5上安裝OpenLDAP並配置LDAP方式使用者登入
1.安裝PHP和apache
如果沒有EPEL的源需要安裝下
yum install epel-release
若沒有下載下來,就建立/etc/yum.repo.d/epel.repo
--------------------------------------------------------------------------------
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=Fedora project.org/pub/epel/6/$basearch
mirrorlist=
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
--------------------------------------------------------------------------------
phpldapadmin依賴apache和php
yum install php httpd
配置httpd.conf
2.安裝OpenLDAP
yum install *openldap* openldap openldap-servers openldap-clients
配置OpenLDAP,配置檔案/etc/openldap/slapd.conf
該檔案預設沒有,從/usr/share/openldap-servers/slapd.conf.obsolete複製一份到該位置
owner為ldap:ldap
--------------------------------------------------------------------------------
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=Manager,dc=iflyyun,dc=cn" read
by * none
database bdb
suffix "dc=iflyyun,dc=cn"
checkpoint 1024 15
rootdn "cn=Manager,dc=iflyyun,dc=cn"
--------------------------------------------------------------------------------
配置/etc/openldap/ldap.conf
--------------------------------------------------------------------------------
BASE dc=iflyyun,dc=cn
URI ldap://bja-pro0002..cpcc.iflyyun.cn
--------------------------------------------------------------------------------
配置ldap管理員使用者密碼
sldappasswd(注意不要用ldappasswd,否則會報GSSAPI錯誤)
輸入密碼,獲得{SSHA}ph+VRzfWSeamboy0itVlazrJrxzVHh80格式的密碼再修改/etc/openldap/slapd.conf
直接使用明文密碼,使用加密密碼有點問題
配置apache識別index.php
修改/etc/httpd/conf/httpd.conf
找到下面這一行,新增index.php
DirectoryIndex index.html index.html.var index.php
修改/etc/httpd/conf.d/php.conf
測試OpenLDAP配置檔案是否正確:
slaptest -u -f /etc/openldap/slapd.conf
3.安裝phpldapadmin
yum install phpldapadmin
配置/etc/phpldapadmin/config.ini
--------------------------------------------------------------------------------
$servers->setValue('server','host','192.168.51.211');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=iflyyun,dc=cn'));
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','cn=Manager,dc=iflyyun,dc=cn');
$servers->setValue('login','attr','dn');(397行,這行取消註釋)
// $servers->setValue('login','attr','uid');(將這行註釋掉,否則登入會報錯)
--------------------------------------------------------------------------------
修改/etc/httpd/conf.d/phpldapadmin.conf,允許從其他機器訪問
--------------------------------------------------------------------------------
Order Deny,Allow
Allow from all
--------------------------------------------------------------------------------
4.phpldapadmin配置
刪除/etc/openldap/lapd.d/目錄下的所有檔案
建立LDAP根目錄
ldapadd -x -D"cn=Manager,dc=iflyyun,dc=cn" -f base.ldif -W
base.ldif
--------------------------------------------------------------------------------
dn: dc=iflyyun,dc=cn
o: ldap
objectclass: dcObject
objectclass: organization
--------------------------------------------------------------------------------
建立管理員使用者
# Manager, iflyyun.cn
dn: cn=Manager,dc=iflyyun,dc=cn
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: Manager
description: LDAP administrator
5.LDAP客戶端配置
安裝必備軟體
yum install nss-pam-ldapd pam_ldap openldap-clients
需要修改的配置檔案有:
/etc/sysconfig/authconfig、/etc/pam.d/system-auth、/etc/openldap/ldap.conf、/etc/nssswitch.conf
修改/etc/sysconfig/authconfig
--------------------------------------------------------------------------------
IPADOMAINJOINED=no
USEMKHOMEDIR=yes
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
USEDB=no
FORCELEGACY=no
USEFPRINTD=yes
FORCESMARTCARD=no
PASSWDALGORITHM=yes
USELDAPAUTH=yes
USEPASSWDQC=no
IPAV2NONTP=no
USELOCAUTHORIZE=yes
USECRACKLIB=yes
USEIPAV2=no
USEWINBINDAUTH=no
USESMARTCARD=no
USELDAP=yes
USENIS=no
USEKERBEROS=no
USESYSNETAUTH=yes
USESSSD=no
USEHESIOD=no
--------------------------------------------------------------------------------
修改/etc/pam.d/system-auth
--------------------------------------------------------------------------------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
account required pam_ldap.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok md5
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_ldap.so
--------------------------------------------------------------------------------
修改/etc/openldap/ldap.conf
--------------------------------------------------------------------------------
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
BASE dc=iflyyun,dc=cn
URI ldap://hfa-pro0002.hadoop.cpcc.iflyyun.cn
--------------------------------------------------------------------------------
修改/etc/nssswitch.conf
--------------------------------------------------------------------------------
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
--------------------------------------------------------------------------------
開啟名稱快取服務
service nscd restart
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/9034054/viewspace-2056563/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 在Centos6.5上安裝ossfsCentOS
- 2、在VM上的 CentOS 6.5 上安裝mysqlCentOSMySql
- 在CentOS 6.5上安裝python2.7CentOSPython
- CentOS 6.5系統安裝配置CentOS
- centos6.5下安裝配置hudsonCentOS
- CentOS 6.5安裝Oracle 11.2.0.4------CentOS 6.5安裝CentOSOracle
- 在CentOS 7.5上安裝和配置ProFTPDCentOSFTP
- centos6.8安裝mysql並配置遠端登陸CentOSMySql
- centos6.5上安裝mysql 5.7.20CentOSMySql
- centos6.5上安裝discuzX3.3CentOS
- CentOS6.5上安裝MySQL5.6CentOSMySql
- LDAP系列(三)LDAP + Samba 安裝配置LDASamba
- 安裝和配置OPENLDAP(轉)LDA
- CentOS7上安裝並配置Nginx、PHP、MySqlCentOSNginxPHPMySql
- centos 6.5 安裝chromeCentOSChrome
- Xmanager遠端桌面登入CentOS 6.5CentOS
- CentOS6.5安裝pipCentOS
- CentOS6.5 安裝opensslCentOS
- CentOS6.5安裝ScrapyCentOS
- CentOS 6.5 tree命令安裝CentOS
- Centos6.5 Docker安裝CentOSDocker
- centos6.5安裝gitCentOSGit
- CentOS6.5安裝MongoDBCentOSMongoDB
- CentOS 6.5安裝Nginx (一)CentOSNginx
- CentOS6.5安裝RHBaseCentOS
- CentOS6.5安裝RHiveCentOSHive
- CentOS 6.5 安裝影像介面CentOS
- Centos6.5上安裝oracle 10.2.0.1小記CentOSOracle
- Centos6.5上安裝oracle 11.2.0.3小記CentOSOracle
- CentOS 6.5 下安裝Sublime Text 3並且安裝Package ControlCentOSPackage
- 在CentOS上安裝GitCentOSGit
- 在centos上安裝molochCentOS
- 在CentOS上安裝dockerCentOSDocker
- 在CentOS上安裝PowerShellCentOS
- 在Centos上安裝wordpressCentOS
- hive在centos上安裝HiveCentOS
- 在Centos 6.5上安裝Oracle Database 11g Release 2 (11.2.0.4.0) RACCentOSOracleDatabase
- vmware中安裝centos6.5配置網路環境CentOS