{"id":434,"date":"2018-03-16T10:51:32","date_gmt":"2018-03-16T02:51:32","guid":{"rendered":"http:\/\/blogs.woria.cn\/?p=434"},"modified":"2018-03-16T10:51:32","modified_gmt":"2018-03-16T02:51:32","slug":"centos7-openldap-yum","status":"publish","type":"post","link":"https:\/\/blogs.woria.cn\/?p=434","title":{"rendered":"Centos7 OpenLdap\u5b89\u88c5\u914d\u7f6e"},"content":{"rendered":"<p>\u5b89\u88c5\u7b14\u8bb0<\/p>\n<p>\/\/\u5b89\u88c5\u8f6f\u4ef6\u53ca\u5de5\u5177<br \/>\nyum install -y openldap openldap-clients openldap-servers migrationtools<br \/>\n\/\/\u590d\u5236\u9ed8\u8ba4\u6570\u636e\u5e93\u8bbe\u7f6e\u6587\u4ef6<br \/>\ncp \/usr\/share\/openldap-servers\/DB_CONFIG.example \/var\/lib\/ldap\/DB_CONFIG<br \/>\n\/\/\u4fee\u6539\u6570\u636e\u5e93\u914d\u7f6e\u6587\u4ef6\u6240\u5c5e\u7528\u6237<br \/>\nchown ldap. \/var\/lib\/ldap\/DB_CONFIG<br \/>\n\/\/\u542f\u52a8\u670d\u52a1<br \/>\nsystemctl start slapd<br \/>\n\/\/\u5f00\u673a\u81ea\u542f\u52a8<br \/>\nsystemctl enable slapd<br \/>\n\/\/\u67e5\u770b\u8fd0\u884c\u53ca\u7aef\u53e3\u5360\u7528\u60c5\u51b5<br \/>\nnetstat -tlnp | grep slapd<\/p>\n<p>\u4f7f\u7528slappasswd \u547d\u4ee4\u751f\u6210\u4e00\u4e2a\u5bc6\u7801<br \/>\n\u6ce8\u610f\u4fdd\u5b58\u5b57\u7b26\u4e32\u7559\u5f85\u540e\u7528\u3002<\/p>\n<p>\/\/\u751f\u6210\u5bc6\u7801<br \/>\nslappasswd<br \/>\n\/\/\u751f\u6210\u6587\u4ef6\uff0c\u51c6\u5907\u4fee\u6539\u7ba1\u7406\u5458\u5bc6\u7801<br \/>\ntouch chrootpw.ldif<br \/>\n\/\/\u7f16\u8f91\uff0c\u6ce8\u610f\u7c98\u5165\u521a\u521a\u751f\u6210\u7684\u5bc6\u7801\u5b57\u7b26\u4e32\uff0c\u5192\u53f7\u540e\u6709\u534a\u89d2\u7a7a\u683c<br \/>\nvi chrootpw.ldif<br \/>\n\/\/\u5199\u5165\u6587\u4ef6\uff0c\u6ce8\u610f\u66ff\u6362olcRootPW<br \/>\ndn: olcDatabase={0}config,cn=config<br \/>\nchangetype: modify<br \/>\nadd: olcRootPW<br \/>\nolcRootPW: {SSHA}X5xbfE+AXb6P3Z1aDbBnfGFWwc13Hnoa<br \/>\n\/\/\u5bfc\u5165\u6587\u4ef6\uff0c\u4fee\u6539\u5bc6\u7801<br \/>\nldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f chrootpw.ldif<br \/>\n\/\/\u6ce8\u610f\u770b\u63d0\u793a\uff0c\u6b63\u5e38\u60c5\u51b5\u4e0b\u5982\u4e0b\u3002<br \/>\nSL\/EXTERNAL authentication started<br \/>\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br \/>\nSASL SSF: 0<br \/>\nmodifying entry &#8220;olcDatabase={0}config,cn=config&#8221;<\/p>\n<p>\/\/\u5bc6\u7801\u4fee\u6539\u7ed3\u675f\uff0c\u5bfc\u5165\u4e00\u4e9b\u5e38\u7528\u7684\u6a21\u7248\uff0c\u5148\u8fdb\u5165\u6a21\u7248\u6240\u5728\u76ee\u5f55<br \/>\ncd \/etc\/openldap\/schema\/<br \/>\n\/\/\u6309\u9700\u5bfc\u5165\uff0c\u8fd9\u91cc\u4e0d\u5199\u4e86<br \/>\nldapadd -Y EXTERNAL -H ldapi:\/\/\/ -D &#8220;cn=config&#8221; -f ppolicy.ldif<br \/>\n&#8230;..<\/p>\n<p><!--more--><\/p>\n<p>\/\/\u5f00\u59cb\u751f\u6210\u8bbe\u7f6e\u81ea\u5df1\u7684\u57fa\u7840DN\uff0c\u4e5f\u5c31\u662f\u4e13\u7528\u6807\u8bc6\u3002\u4e00\u822c\u6211\u4eec\u4f7f\u7528\u516c\u53f8\u7684\u57df\u540d\u3002\u4f8b\u5982\u6211\u4eec\u516c\u53f8 xiaowei-group.com \u90a3\u4e48\u5c31\u662f dc=xiaowei-group,dc=com<br \/>\ntouch chdomain.ldif<br \/>\nvi chdomain.ldif<br \/>\n\/\/\u6587\u4ef6\u5185\u5bb9\uff0c\u6ce8\u610f\u66ff\u6362\u57df\u540d\u548c\u7ba1\u7406\u5bc6\u7801\uff08\u524d\u8fb9\u751f\u6210\u7684\u5b57\u7b26\u4e32\uff0c\u4e5f\u53ef\u4ee5\u91cd\u65b0\u751f\u6210\uff0c\u76f8\u540c\u5bc6\u7801\u4e24\u6b21\u751f\u6210\u770b\u8d77\u6765\u4e0d\u4e00\u81f4 \u662f\u56e0\u4e3a\u6709\u65f6\u95f4\u5dee\u5f02\uff0c\u653e\u5fc3\u4f7f\u7528\uff09<br \/>\n# replace to your own domain name for &#8220;dc=***,dc=***&#8221; section<br \/>\n# specify the password generated above for &#8220;olcRootPW&#8221; section<br \/>\ndn: olcDatabase={1}monitor,cn=config<br \/>\nchangetype: modify<br \/>\nreplace: olcAccess<br \/>\nolcAccess: {0}to * by dn.base=&#8221;gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth&#8221;<br \/>\nread by dn.base=&#8221;cn=Manager,dc=xiaowei-group,dc=com&#8221; read by * none<\/p>\n<p>dn: olcDatabase={2}hdb,cn=config<br \/>\nchangetype: modify<br \/>\nreplace: olcSuffix<br \/>\nolcSuffix: dc=xiaowei-group,dc=com<\/p>\n<p>dn: olcDatabase={2}hdb,cn=config<br \/>\nchangetype: modify<br \/>\nreplace: olcRootDN<br \/>\nolcRootDN: cn=Manager,dc=xiaowei-group,dc=com<\/p>\n<p>dn: olcDatabase={2}hdb,cn=config<br \/>\nchangetype: modify<br \/>\nadd: olcRootPW<br \/>\nolcRootPW: {SSHA}lBS0AsQ2Bq+9st8hmRMiLLHzgHw4BiKX<\/p>\n<p>dn: olcDatabase={2}hdb,cn=config<br \/>\nchangetype: modify<br \/>\nadd: olcAccess<br \/>\nolcAccess: {0}to attrs=userPassword,shadowLastChange by<br \/>\ndn=&#8221;cn=Manager,dc=xiaowei-group,dc=com&#8221; write by anonymous auth by self write by * none<br \/>\nolcAccess: {1}to dn.base=&#8221;&#8221; by * read<br \/>\nolcAccess: {2}to * by dn=&#8221;cn=Manager,dc=xiaowei-group,dc=com&#8221; write by * read<\/p>\n<p>\/\/\u6267\u884c\u5bfc\u5165<br \/>\nldapmodify -Y EXTERNAL -H ldapi:\/\/\/ -f chdomain.ldif<\/p>\n<p>\/\/\u5f00\u59cb\u5bf9\u57fa\u7840DN\u8fdb\u884c\u57fa\u7840\u914d\u7f6e<br \/>\nvim basedomain.ldif<\/p>\n<p># to your own domain name for &#8220;dc=***,dc=***&#8221; section<br \/>\ndn: dc=xiaowei-group,dc=com<br \/>\ndc: xiaowei-group<br \/>\nobjectClass: top<br \/>\nobjectClass: domain<\/p>\n<p>dn: ou=People,dc=xiaowei-group,dc=com<br \/>\nou: People<br \/>\nobjectClass: top<br \/>\nobjectClass: organizationalUnit<\/p>\n<p>dn: ou=Group,dc=xiaowei-group,dc=com<br \/>\nou: Group<br \/>\nobjectClass: top<br \/>\nobjectClass: organizationalUnit<\/p>\n<p>\/\/\u6267\u884c\u5bfc\u5165\uff0c\u8fd9\u91cc\u8981\u7279\u522b\u6ce8\u610f\uff0c\u5012\u5165\u65f6\u5019\u8981\u628a\u5bf9\u5e94\u7684dc=xiaowei-group,dc=com\u66ff\u6362\u6210\u4f60\u81ea\u5df1\u7684\u57df\u540d\u3002<br \/>\nldapadd -x -D cn=Manager,dc=xiaowei-group,dc=com -W -f basedomain.ldif<\/p>\n<p>\/\/\u8f93\u5165\u5bc6\u7801\u4e4b\u540e \u5bfc\u5165\u6210\u529f\u5982\u4e0b\u663e\u793a<br \/>\nadding new entry &#8220;dc=xiaowei-group,dc=com&#8221;<br \/>\nadding new entry &#8220;ou=People,dc=xiaowei-group,dc=com&#8221;<br \/>\nadding new entry &#8220;ou=Group,dc=xiaowei-group,dc=com&#8221;<\/p>\n<p>\/\/\u5f00\u542f\u5e76\u91cd\u8f7d\u9632\u706b\u5899\u5141\u8bb8\u8bbf\u95ee<br \/>\nfirewall-cmd &#8211;add-service=ldap &#8211;permanent<br \/>\nfirewall-cmd &#8211;reload<\/p>\n<p>\/\/\u5b89\u88c5apache \u4ee5\u53caphpldapadmin \uff0c\u6ce8\u610f\u5148\u5b89\u88c5\u4e00\u4e2aepel-release\uff0c\u5426\u5219\u88c5\u4e0d\u4e0aphpldapadmin<br \/>\nyum -y install epel-release<br \/>\nyum -y install httpd php php-ldap php-gd php-mbstring php-pear php-bcmath php-xml<br \/>\nyum -y install phpldapadmin<\/p>\n<p>\/\/\u7f16\u8f91\u914d\u7f6e\u6587\u4ef6 398\u884c<br \/>\nvim \/etc\/phpldapadmin\/config.php +398<br \/>\n\/\/\u542f\u7528397\uff0c\u6ce8\u91ca398\uff0c\u8fd9\u4e2a\u610f\u601d\u662f\u4f7f\u7528\u57fa\u7840dn \u8fdb\u884c\u767b\u5f55<br \/>\n$servers-&gt;setValue(&#8216;login&#8217;,&#8217;attr&#8217;,&#8217;dn&#8217;);<br \/>\n\/\/$servers-&gt;setValue(&#8216;login&#8217;,&#8217;attr&#8217;,&#8217;uid&#8217;);<\/p>\n<p>\/\/\u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\uff0c\u8bbe\u7f6e\u53ef\u4ee5\u8bbf\u95ee\u7684ip\u3002\u6b64\u5904\u65e0\u6cd5\u7701\u7565\uff0c\u4e0d\u77e5\u9053\u548b\u56de\u4e8b<br \/>\nvim \/etc\/httpd\/conf.d\/phpldapadmin.conf<\/p>\n<p># Apache 2.4<br \/>\nRequire local<br \/>\nRequire all granted<\/p>\n<p># Apache 2.2<br \/>\nOrder Deny,Allow<br \/>\nDeny from all<br \/>\nAllow from 127.0.0.1<br \/>\nAllow from ::1<\/p>\n<p>\/\/\u542f\u52a8apache\uff0c\u8bbe\u7f6e\u5f00\u673a\u542f\u52a8\uff0c\u9632\u706b\u5899\u653e\u884c<br \/>\nsystemctl enable httpd<br \/>\nsystemctl start httpd<br \/>\nfirewall-cmd &#8211;add-service=http &#8211;permanent<br \/>\nfirewall-cmd &#8211;reload<\/p>\n<p>\u7136\u540e\u4f7f\u7528ip\u52a0phpldapadmin \u5c31\u53ef\u4ee5\u8fdb\u884cweb\u7ba1\u7406\u4e86\u3002<br \/>\n\u8fd9\u91cc \u6709\u53ef\u80fdselinux\u4f1a\u6363\u4e71\uff0c\u6211\u662f\u76f4\u63a5\u5173\u95ed\u7684\u3002 \u5982\u679c\u4f60\u6709\u6d01\u7656\u3002\u81ea\u884c\u89e3\u51b3\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5b89\u88c5\u7b14\u8bb0 \/\/\u5b89\u88c5\u8f6f\u4ef6\u53ca\u5de5\u5177 yum install -y openldap openldap-clients&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,8,9,4,5],"tags":[],"class_list":["post-434","post","type-post","status-publish","format-standard","hentry","category-technique","category-master","category-programmer","category-windtalker","category-magician"],"_links":{"self":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts\/434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=434"}],"version-history":[{"count":0,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts\/434\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}