一:前言

LDAP是轻量目录访问协议,英文全称是Lightweight Directory Access Protocol,一般都简称为LDAP。它是基于X.500标准的,但是简单多了并且可以根据需要定制。与X.500不同,LDAP支持TCP/IP,这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义,所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到。 

二:实验环境


系统版本:CentOS6.4_x64_mini.iso

OpenLDAP-Server:192.168.2.10

OpenLDAP-Client:192.168.2.20

Software:Development Tools+PhpldapAdmin

三:安装OpenLDAP服务端

1、安装相关软件

[root@OpenLDAP-Server ~]# yum install openldap openldap-servers openldap-devel openldap-clients -y

2、创建OpenLDAP的数据库配置文件

[root@OpenLDAP-Server ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[root@OpenLDAP-Server ~]# ll /var/lib/ldap/DB_CONFIG

-rw-r--r--  root root  Jul  : /var/lib/ldap/DB_CONFIG

[root@OpenLDAP-Server ~]# chown ldap.ldap /var/lib/ldap/DB_CONFIG

3、Copy OpenLDAP的配置文件模板到/etc/openldap/目录下

[root@OpenLDAP-Server ~]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

[root@OpenLDAP-Server ~]# cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak

4、创建LDAP登录密码,修改LDAP的slapd.conf主配置文件。

[root@OpenLDAP-Server openldap]# slappasswd

New password:

Re-enter new password:

{SSHA}RSrMQsEKK1O/K6OmUpMF7V0iZ73cS2qg    //这里输入完密码后就被加密了,这串字符后面有用,先保存下来。
[root@OpenLDAP-Server openldap]# vim slapd.conf

        by dn.exact="cn=Manager,dc=my-domain,dc=com" read

         by * none

 #######################################################################

 # database definitions

 #######################################################################

 database        bdb

 #######################################################################

 # enable server status monitoring (cn=monitor)

 database monitor

 access to *

         by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read

         by dn.exact="cn=Manager,dc=yangxiaofei,dc=com" read

         by * none

 #######################################################################

 # database definitions

 #######################################################################

 database        bdb

 suffix          "dc=yangxiaofei,dc=com"

 checkpoint

 rootdn          "cn=Manager,dc=yangxiaofei,dc=com"

 # Cleartext passwords, especially for the rootdn, should

 # be avoided.  See slappasswd() and slapd.conf() for details.

 # Use of strong authentication encouraged.

 # rootpw                secret

 # rootpw                {crypt}ijFYNcSNctBYg

 rootpw        {SSHA}RSrMQsEKK1O/K6OmUpMF7V0iZ73cS2qg

 # The database directory MUST exist prior to running slapd AND

 # should only be accessible by the slapd and slap tools.

 # Mode  recommended.

5、添加openLDAP日志功能

[root@OpenLDAP-Server openldap]# vim slapd.conf

   #

   # See slapd.conf() for details on configuration options.

   # This file should NOT be world readable.

   #

   loglevel

[root@OpenLDAP-Server openldap]# vim /etc/rsyslog.conf 

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html

#### MODULES ####

#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception

#$ModLoad imudp

#$UDPServerRun 

# Provides TCP syslog reception

#$ModLoad imtcp

#$InputTCPServerRun 

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html

# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception

#$ModLoad imudp

#$UDPServerRun

local4.* /var/log/ldap.log

[root@OpenLDAP-Server openldap]# touch  /var/log/ldap.log

[root@OpenLDAP-Server openldap]# chown ldap.ldap  /var/log/ldap.log

6、默认情况下,在/etc/openldap/slapd.d/目录下有很一些默认的配置文件,这里需要删除,重新建立,这一步很重要。

[root@OpenLDAP-Server openldap]# rm -rf /etc/openldap/slapd.d/*

[root@OpenLDAP-Server openldap]# chown ldap.ldap /var/lib/ldap/

[root@OpenLDAP-Server openldap]# /etc/init.d/slapd restart

Stopping slapd:                                            [  OK  ]

Starting slapd:                                            [  OK  ]

[root@OpenLDAP-Server openldap]# chown -R ldap.ldap /etc/openldap/slapd.d/

[root@OpenLDAP-Server openldap]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

config file testing succeeded

7、查看下slapd是否启动,使用netstat命令/ps命令

[root@OpenLDAP-Server openldap]# ps -aux | grep ldap

Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2./FAQ

ldap        0.0  1.0    ?        Ssl  :   : /usr/sbin/slapd -h  ldap:/// ldapi:/// -u ldap

root        0.0  0.1     pts/    S+   :   : grep ldap

[root@OpenLDAP-Server openldap]# netstat -lntp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp               0.0.0.0:                 0.0.0.0:*                   LISTEN      /slapd

tcp               0.0.0.0:                  0.0.0.0:*                   LISTEN      /sshd

tcp               127.0.0.1:                0.0.0.0:*                   LISTEN      /master

tcp               :::                      :::*                        LISTEN      /slapd

tcp               :::                       :::*                        LISTEN      /sshd

tcp               :::                      :::*                        LISTEN      /master

8、迁移User数据到openldap数据库,为什么要迁移呢,因为ldap识别的是ldif格式的,最简单的迁移办法就是使用ldap提供的迁移工具,是基于perl编写的脚本,在早期版本ldap包含了这些脚本,CentOS6版本以上就没了,需要单独下载,下载安装方式有2中,分别为yum and 编译安装

[root@OpenLDAP-Server openldap]# yum install MigrationTools -y

Loaded plugins: fastestmirror

Setting up Install Process

Loading mirror speeds from cached hostfile

 * base: mirrors.zju.edu.cn

 * extras: mirrors.zju.edu.cn

 * updates: mirrors.zju.edu.cn

No package MigrationTools available.

  * Maybe you meant: migrationtools

Error: Nothing to do

[root@OpenLDAP-Server openldap]# yum install migrationtools -y

Loaded plugins: fastestmirror

Setting up Install Process

Loading mirror speeds from cached hostfile

 * base: mirrors.yun-idc.com

 * extras: mirrors.btte.net

 * updates: mirrors.yun-idc.com

Resolving Dependencies

--> Running transaction check

---> Package migrationtools.noarch :-.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================

 Package                           Arch                      Version                       Repository               Size

=========================================================================================================================

Installing:

 migrationtools                    noarch                    -.el6                      base                      k

Transaction Summary

=========================================================================================================================

Install        Package(s)

Total download size:  k

Installed size:  k

Downloading Packages:

migrationtools--.el6.noarch.rpm                                                                |   kB     :

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

  Installing : migrationtools--.el6.noarch                                                                        /

  Verifying  : migrationtools--.el6.noarch                                                                        / 

Installed:

  migrationtools.noarch :-.el6                                                                                       

Complete!

编译:

[root@OpenLDAP-Server openldap]# wget 'http://www.padl.com/download/MigrationTools.tgz'

---- ::--  http://www.padl.com/download/MigrationTools.tgz

Resolving www.padl.com... 216.154.215.154

Connecting to www.padl.com|216.154.215.154|:... connected.

HTTP request sent, awaiting response...  OK

Length:  (21K) [application/x-gzip]

Saving to: “MigrationTools.tgz”

%[==============================>] ,      .89K/s   in 11s                   ] ,       .21K/s              

-- :: (1.89 KB/s) - “MigrationTools.tgz” saved [/]

[root@OpenLDAP-Server openldap]# tar zxvf MigrationTools.tgz

配置migration,进到migration目录

[root@OpenLDAP-Server openldap]# cd /usr/share/migrationtools/

[root@OpenLDAP-Server migrationtools]# ls

migrate_aliases.pl              migrate_all_offline.sh  migrate_hosts.pl            migrate_protocols.pl

migrate_all_netinfo_offline.sh  migrate_all_online.sh   migrate_netgroup_byhost.pl  migrate_rpc.pl

migrate_all_netinfo_online.sh   migrate_automount.pl    migrate_netgroup_byuser.pl  migrate_services.pl

migrate_all_nis_offline.sh      migrate_base.pl         migrate_netgroup.pl         migrate_slapd_conf.pl

migrate_all_nis_online.sh       migrate_common.ph       migrate_networks.pl

migrate_all_nisplus_offline.sh  migrate_fstab.pl        migrate_passwd.pl

migrate_all_nisplus_online.sh   migrate_group.pl        migrate_profile.pl

[root@OpenLDAP-Server migrationtools]# vim  migrate_common.ph 

# Default DNS domain

$DEFAULT_MAIL_DOMAIN = "yangxiaofei.com";

# Default base

$DEFAULT_BASE = "dc=yangxiaofei,dc=com";

下面利用这些pl脚本把/etc/passwd /etc/shadow生成LDAP能识别的格式保存到/tmp下,然后导入进去

[root@OpenLDAP-Server migrationtools]#  ./migrate_base.pl > /tmp/base.ldif

[root@OpenLDAP-Server migrationtools]# ./migrate_passwd.pl  /etc/passwd > /tmp/passwd.ldif

[root@OpenLDAP-Server migrationtools]# ./migrate_group.pl  /etc/group > /tmp/group.ldif

[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/base.ldif

adding new entry "dc=yangxiaofei,dc=com"

adding new entry "ou=Hosts,dc=yangxiaofei,dc=com"

adding new entry "ou=Rpc,dc=yangxiaofei,dc=com"

adding new entry "ou=Services,dc=yangxiaofei,dc=com"

adding new entry "nisMapName=netgroup.byuser,dc=yangxiaofei,dc=com"

adding new entry "ou=Mounts,dc=yangxiaofei,dc=com"

adding new entry "ou=Networks,dc=yangxiaofei,dc=com"

adding new entry "ou=People,dc=yangxiaofei,dc=com"

adding new entry "ou=Group,dc=yangxiaofei,dc=com"

adding new entry "ou=Netgroup,dc=yangxiaofei,dc=com"

adding new entry "ou=Protocols,dc=yangxiaofei,dc=com"

adding new entry "ou=Aliases,dc=yangxiaofei,dc=com"

adding new entry "nisMapName=netgroup.byhost,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/passwd.ldif

adding new entry "uid=root,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=bin,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=daemon,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=adm,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=lp,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=sync,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=shutdown,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=halt,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=mail,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=uucp,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=operator,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=games,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=gopher,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=ftp,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=nobody,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=vcsa,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=saslauth,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=postfix,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=sshd,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=apache,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=ldap,ou=People,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]#  ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/group.ldif adding new entry "cn=root,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=bin,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=daemon,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=sys,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=adm,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=tty,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=disk,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=lp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=mem,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=kmem,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=wheel,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=mail,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=uucp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=man,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=games,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=gopher,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=video,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=dip,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=ftp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=lock,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=audio,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=nobody,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=users,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=floppy,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=vcsa,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=utmp,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=utempter,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=cdrom,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=tape,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=dialout,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=saslauth,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=postdrop,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=postfix,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=fuse,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=sshd,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=apache,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=stapusr,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=stapsys,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=stapdev,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=ldap,ou=Group,dc=yangxiaofei,dc=com"

查询刚才导入的数据都是有那些,这里可以看到有很多。

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -H ldap://192.168.2.10 -b "dc=yangxiaofei,dc=com"

# extended LDIF

#

# LDAPv3

# base <dc=yangxiaofei,dc=com> with scope subtree

# filter: (objectclass=*)

# requesting: ALL

#

# yangxiaofei.com

dn: dc=yangxiaofei,dc=com

dc: yangxiaofei

objectClass: top

objectClass: domain

# Hosts, yangxiaofei.com

dn: ou=Hosts,dc=yangxiaofei,dc=com

ou: Hosts

objectClass: top

objectClass: organizationalUnit

# Rpc, yangxiaofei.com

dn: ou=Rpc,dc=yangxiaofei,dc=com

ou: Rpc

objectClass: top

objectClass: organizationalUnit

# Services, yangxiaofei.com

dn: ou=Services,dc=yangxiaofei,dc=com

ou: Services

objectClass: top

objectClass: organizationalUnit

# netgroup.byuser, yangxiaofei.com

dn: nisMapName=netgroup.byuser,dc=yangxiaofei,dc=com

nisMapName: netgroup.byuser

objectClass: top

objectClass: nisMap

# Mounts, yangxiaofei.com

dn: ou=Mounts,dc=yangxiaofei,dc=com

ou: Mounts

objectClass: top

objectClass: organizationalUnit

# Networks, yangxiaofei.com

dn: ou=Networks,dc=yangxiaofei,dc=com

ou: Networks

objectClass: top

objectClass: organizationalUnit

# People, yangxiaofei.com

dn: ou=People,dc=yangxiaofei,dc=com

ou: People

objectClass: top

objectClass: organizationalUnit

# Group, yangxiaofei.com

dn: ou=Group,dc=yangxiaofei,dc=com

ou: Group

objectClass: top

objectClass: organizationalUnit

# Netgroup, yangxiaofei.com

dn: ou=Netgroup,dc=yangxiaofei,dc=com

ou: Netgroup

objectClass: top

objectClass: organizationalUnit

# Protocols, yangxiaofei.com

dn: ou=Protocols,dc=yangxiaofei,dc=com

ou: Protocols

objectClass: top

objectClass: organizationalUnit

# Aliases, yangxiaofei.com

dn: ou=Aliases,dc=yangxiaofei,dc=com

ou: Aliases

objectClass: top

objectClass: organizationalUnit

# netgroup.byhost, yangxiaofei.com

dn: nisMapName=netgroup.byhost,dc=yangxiaofei,dc=com

nisMapName: netgroup.byhost

objectClass: top

objectClass: nisMap

# root, People, yangxiaofei.com

dn: uid=root,ou=People,dc=yangxiaofei,dc=com

uid: root

cn: root

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSQ2JFc4R0ZTelYzSk5MR0FWZmckUW5ZbWliQWF4U3pUUW9iT1FJbEF

 TUGVEZXlZcmhPM0FWSHlMRDlNanhscTRvTVhNU0p5ZWMwTVB2eEFKTzNNWi40T2o4cFdteHRuQXdl

 MWZQWGVGcy8=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /bin/bash

uidNumber:

gidNumber:

homeDirectory: /root

gecos: root

# bin, People, yangxiaofei.com

dn: uid=bin,ou=People,dc=yangxiaofei,dc=com

uid: bin

cn: bin

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /bin

gecos: bin

# daemon, People, yangxiaofei.com

dn: uid=daemon,ou=People,dc=yangxiaofei,dc=com

uid: daemon

cn: daemon

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /sbin

gecos: daemon

# adm, People, yangxiaofei.com

dn: uid=adm,ou=People,dc=yangxiaofei,dc=com

uid: adm

cn: adm

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/adm

gecos: adm

# lp, People, yangxiaofei.com

dn: uid=lp,ou=People,dc=yangxiaofei,dc=com

uid: lp

cn: lp

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/spool/lpd

gecos: lp

# sync, People, yangxiaofei.com

dn: uid=sync,ou=People,dc=yangxiaofei,dc=com

uid: sync

cn: sync

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /bin/sync

uidNumber:

gidNumber:

homeDirectory: /sbin

gecos: sync

# shutdown, People, yangxiaofei.com

dn: uid=shutdown,ou=People,dc=yangxiaofei,dc=com

uid: shutdown

cn: shutdown

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/shutdown

uidNumber:

gidNumber:

homeDirectory: /sbin

gecos: shutdown

# halt, People, yangxiaofei.com

dn: uid=halt,ou=People,dc=yangxiaofei,dc=com

uid: halt

cn: halt

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/halt

uidNumber:

gidNumber:

homeDirectory: /sbin

gecos: halt

# mail, People, yangxiaofei.com

dn: uid=mail,ou=People,dc=yangxiaofei,dc=com

uid: mail

cn: mail

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/spool/mail

gecos: mail

# uucp, People, yangxiaofei.com

dn: uid=uucp,ou=People,dc=yangxiaofei,dc=com

uid: uucp

cn: uucp

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/spool/uucp

gecos: uucp

# operator, People, yangxiaofei.com

dn: uid=operator,ou=People,dc=yangxiaofei,dc=com

uid: operator

cn: operator

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /root

gecos: operator

# games, People, yangxiaofei.com

dn: uid=games,ou=People,dc=yangxiaofei,dc=com

uid: games

cn: games

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /usr/games

gecos: games

# gopher, People, yangxiaofei.com

dn: uid=gopher,ou=People,dc=yangxiaofei,dc=com

uid: gopher

cn: gopher

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/gopher

gecos: gopher

# ftp, People, yangxiaofei.com

dn: uid=ftp,ou=People,dc=yangxiaofei,dc=com

uid: ftp

cn: FTP User

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/ftp

gecos: FTP User

# nobody, People, yangxiaofei.com

dn: uid=nobody,ou=People,dc=yangxiaofei,dc=com

uid: nobody

cn: Nobody

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSo=

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /

gecos: Nobody

# vcsa, People, yangxiaofei.com

dn: uid=vcsa,ou=People,dc=yangxiaofei,dc=com

uid: vcsa

cn: virtual console memory owner

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /dev

gecos: virtual console memory owner

# saslauth, People, yangxiaofei.com

dn: uid=saslauth,ou=People,dc=yangxiaofei,dc=com

uid: saslauth

cn: "Saslauthd user"

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/empty/saslauth

gecos: "Saslauthd user"

# postfix, People, yangxiaofei.com

dn: uid=postfix,ou=People,dc=yangxiaofei,dc=com

uid: postfix

cn: postfix

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/spool/postfix

# sshd, People, yangxiaofei.com

dn: uid=sshd,ou=People,dc=yangxiaofei,dc=com

uid: sshd

cn: Privilege-separated SSH

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/empty/sshd

gecos: Privilege-separated SSH

# apache, People, yangxiaofei.com

dn: uid=apache,ou=People,dc=yangxiaofei,dc=com

uid: apache

cn: Apache

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/www

gecos: Apache

# ldap, People, yangxiaofei.com

dn: uid=ldap,ou=People,dc=yangxiaofei,dc=com

uid: ldap

cn: LDAP User

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

loginShell: /sbin/nologin

uidNumber:

gidNumber:

homeDirectory: /var/lib/ldap

gecos: LDAP User

# root, Group, yangxiaofei.com

dn: cn=root,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: root

userPassword:: e2NyeXB0fXg=

gidNumber: 

# bin, Group, yangxiaofei.com

dn: cn=bin,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: bin

userPassword:: e2NyeXB0fXg=

gidNumber:

memberUid: daemon

# daemon, Group, yangxiaofei.com

dn: cn=daemon,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: daemon

userPassword:: e2NyeXB0fXg=

gidNumber:

memberUid: bin

# sys, Group, yangxiaofei.com

dn: cn=sys,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: sys

userPassword:: e2NyeXB0fXg=

gidNumber:

memberUid: adm

memberUid: bin

# adm, Group, yangxiaofei.com

dn: cn=adm,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: adm

userPassword:: e2NyeXB0fXg=

gidNumber:

memberUid: daemon

# tty, Group, yangxiaofei.com

dn: cn=tty,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: tty

userPassword:: e2NyeXB0fXg=

gidNumber: 

# disk, Group, yangxiaofei.com

dn: cn=disk,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: disk

userPassword:: e2NyeXB0fXg=

gidNumber: 

# lp, Group, yangxiaofei.com

dn: cn=lp,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: lp

userPassword:: e2NyeXB0fXg=

gidNumber:

memberUid: daemon

# mem, Group, yangxiaofei.com

dn: cn=mem,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: mem

userPassword:: e2NyeXB0fXg=

gidNumber: 

# kmem, Group, yangxiaofei.com

dn: cn=kmem,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: kmem

userPassword:: e2NyeXB0fXg=

gidNumber: 

# wheel, Group, yangxiaofei.com

dn: cn=wheel,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: wheel

userPassword:: e2NyeXB0fXg=

gidNumber: 

# mail, Group, yangxiaofei.com

dn: cn=mail,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: mail

userPassword:: e2NyeXB0fXg=

gidNumber:

memberUid: postfix

# uucp, Group, yangxiaofei.com

dn: cn=uucp,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: uucp

userPassword:: e2NyeXB0fXg=

gidNumber: 

# man, Group, yangxiaofei.com

dn: cn=man,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: man

userPassword:: e2NyeXB0fXg=

gidNumber: 

# games, Group, yangxiaofei.com

dn: cn=games,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: games

userPassword:: e2NyeXB0fXg=

gidNumber: 

# gopher, Group, yangxiaofei.com

dn: cn=gopher,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: gopher

userPassword:: e2NyeXB0fXg=

gidNumber: 

# video, Group, yangxiaofei.com

dn: cn=video,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: video

userPassword:: e2NyeXB0fXg=

gidNumber: 

# dip, Group, yangxiaofei.com

dn: cn=dip,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: dip

userPassword:: e2NyeXB0fXg=

gidNumber: 

# ftp, Group, yangxiaofei.com

dn: cn=ftp,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: ftp

userPassword:: e2NyeXB0fXg=

gidNumber: 

# lock, Group, yangxiaofei.com

dn: cn=lock,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: lock

userPassword:: e2NyeXB0fXg=

gidNumber: 

# audio, Group, yangxiaofei.com

dn: cn=audio,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: audio

userPassword:: e2NyeXB0fXg=

gidNumber: 

# nobody, Group, yangxiaofei.com

dn: cn=nobody,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: nobody

userPassword:: e2NyeXB0fXg=

gidNumber: 

# users, Group, yangxiaofei.com

dn: cn=users,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: users

userPassword:: e2NyeXB0fXg=

gidNumber: 

# floppy, Group, yangxiaofei.com

dn: cn=floppy,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: floppy

userPassword:: e2NyeXB0fXg=

gidNumber: 

# vcsa, Group, yangxiaofei.com

dn: cn=vcsa,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: vcsa

userPassword:: e2NyeXB0fXg=

gidNumber: 

# utmp, Group, yangxiaofei.com

dn: cn=utmp,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: utmp

userPassword:: e2NyeXB0fXg=

gidNumber: 

# utempter, Group, yangxiaofei.com

dn: cn=utempter,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: utempter

userPassword:: e2NyeXB0fXg=

gidNumber: 

# cdrom, Group, yangxiaofei.com

dn: cn=cdrom,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: cdrom

userPassword:: e2NyeXB0fXg=

gidNumber: 

# tape, Group, yangxiaofei.com

dn: cn=tape,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: tape

userPassword:: e2NyeXB0fXg=

gidNumber: 

# dialout, Group, yangxiaofei.com

dn: cn=dialout,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: dialout

userPassword:: e2NyeXB0fXg=

gidNumber: 

# saslauth, Group, yangxiaofei.com

dn: cn=saslauth,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: saslauth

userPassword:: e2NyeXB0fXg=

gidNumber: 

# postdrop, Group, yangxiaofei.com

dn: cn=postdrop,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: postdrop

userPassword:: e2NyeXB0fXg=

gidNumber: 

# postfix, Group, yangxiaofei.com

dn: cn=postfix,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: postfix

userPassword:: e2NyeXB0fXg=

gidNumber: 

# fuse, Group, yangxiaofei.com

dn: cn=fuse,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: fuse

userPassword:: e2NyeXB0fXg=

gidNumber: 

# sshd, Group, yangxiaofei.com

dn: cn=sshd,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: sshd

userPassword:: e2NyeXB0fXg=

gidNumber: 

# apache, Group, yangxiaofei.com

dn: cn=apache,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: apache

userPassword:: e2NyeXB0fXg=

gidNumber: 

# stapusr, Group, yangxiaofei.com

dn: cn=stapusr,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: stapusr

userPassword:: e2NyeXB0fXg=

gidNumber: 

# stapsys, Group, yangxiaofei.com

dn: cn=stapsys,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: stapsys

userPassword:: e2NyeXB0fXg=

gidNumber: 

# stapdev, Group, yangxiaofei.com

dn: cn=stapdev,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: stapdev

userPassword:: e2NyeXB0fXg=

gidNumber: 

# ldap, Group, yangxiaofei.com

dn: cn=ldap,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: ldap

userPassword:: e2NyeXB0fXg=

gidNumber: 

# search result

search:

result:  Success

# numResponses:

# numEntries:

但是我们在真实环境下并不会直接把所有的User Group都导入进去。我们只需要需要管理的用户用来LDAP管理即可。

删除LDAP里面所有的数据。

[root@OpenLDAP-Server migrationtools]# ldapdelete -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -r "dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]# echo $?

建立2个LDAP测试User,然后把这2个User导入进去。

[root@OpenLDAP-Server migrationtools]# useradd ldapuser01

[root@OpenLDAP-Server migrationtools]# useradd ldapuser02

[root@OpenLDAP-Server migrationtools]# tail -n  /etc/passwd

ldapuser01:x::::/home/ldapuser01:/bin/bash

ldapuser02:x::::/home/ldapuser02:/bin/bash

[root@OpenLDAP-Server migrationtools]# grep ldapuser* /etc/passwd > /tmp/passwd

[root@OpenLDAP-Server migrationtools]# tail -n  /etc/group

ldapuser01:x::

ldapuser02:x::

[root@OpenLDAP-Server migrationtools]# grep ldapuser* /etc/group > /tmp/group

[root@OpenLDAP-Server migrationtools]# cat /tmp/passwd

ldapuser01:x::::/home/ldapuser01:/bin/bash

ldapuser02:x::::/home/ldapuser02:/bin/bash

[root@OpenLDAP-Server migrationtools]# more /tmp/group

ldapuser01:x::

ldapuser02:x::

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -b "dc=yangxiaofei,dc=com" -LLL

No such object ()  //查询提示没有对象

ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/base.ldif

[root@OpenLDAP-Server migrationtools]# ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/passwd.ldif adding new entry "uid=ldapuser01,ou=People,dc=yangxiaofei,dc=com"

adding new entry "uid=ldapuser02,ou=People,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]# ldapadd -x -D "cn=Manager,dc=yangxiaofei,dc=com" -w shinezone -f /tmp/group.ldif

adding new entry "cn=ldapuser01,ou=Group,dc=yangxiaofei,dc=com"

adding new entry "cn=ldapuser02,ou=Group,dc=yangxiaofei,dc=com"

[root@OpenLDAP-Server migrationtools]# echo $?

查询刚才导入的数据

[root@OpenLDAP-Server migrationtools]# ldapsearch -x -b "dc=yangxiaofei,dc=com" -LLL

dn: dc=yangxiaofei,dc=com

dc: yangxiaofei

objectClass: top

objectClass: domain

dn: ou=Hosts,dc=yangxiaofei,dc=com

ou: Hosts

objectClass: top

objectClass: organizationalUnit

dn: ou=Rpc,dc=yangxiaofei,dc=com

ou: Rpc

objectClass: top

objectClass: organizationalUnit

dn: ou=Services,dc=yangxiaofei,dc=com

ou: Services

objectClass: top

objectClass: organizationalUnit

dn: nisMapName=netgroup.byuser,dc=yangxiaofei,dc=com

nisMapName: netgroup.byuser

objectClass: top

objectClass: nisMap

dn: ou=Mounts,dc=yangxiaofei,dc=com

ou: Mounts

objectClass: top

objectClass: organizationalUnit

dn: ou=Networks,dc=yangxiaofei,dc=com

ou: Networks

objectClass: top

objectClass: organizationalUnit

dn: ou=People,dc=yangxiaofei,dc=com

ou: People

objectClass: top

objectClass: organizationalUnit

dn: ou=Group,dc=yangxiaofei,dc=com

ou: Group

objectClass: top

objectClass: organizationalUnit

dn: ou=Netgroup,dc=yangxiaofei,dc=com

ou: Netgroup

objectClass: top

objectClass: organizationalUnit

dn: ou=Protocols,dc=yangxiaofei,dc=com

ou: Protocols

objectClass: top

objectClass: organizationalUnit

dn: ou=Aliases,dc=yangxiaofei,dc=com

ou: Aliases

objectClass: top

objectClass: organizationalUnit

dn: nisMapName=netgroup.byhost,dc=yangxiaofei,dc=com

nisMapName: netgroup.byhost

objectClass: top

objectClass: nisMap

dn: uid=ldapuser01,ou=People,dc=yangxiaofei,dc=com

uid: ldapuser01

cn: ldapuser01

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /bin/bash

uidNumber:

gidNumber:

homeDirectory: /home/ldapuser01

dn: uid=ldapuser02,ou=People,dc=yangxiaofei,dc=com

uid: ldapuser02

cn: ldapuser02

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSEh

shadowLastChange:

shadowMin:

shadowMax:

shadowWarning:

loginShell: /bin/bash

uidNumber:

gidNumber:

homeDirectory: /home/ldapuser02

dn: cn=ldapuser01,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: ldapuser01

userPassword:: e2NyeXB0fXg=

gidNumber: 

dn: cn=ldapuser02,ou=Group,dc=yangxiaofei,dc=com

objectClass: posixGroup

objectClass: top

cn: ldapuser02

userPassword:: e2NyeXB0fXg=

gidNumber: 

[root@OpenLDAP-Server migrationtools]#

四: openldap客户端配置( 采用修改配置文件法配置 )

1、在2.20Client上安装openldap-Clinet

[root@OpenLDAP-Client ~]# yum install nss-pam-ldapd pam_ldap openldap-clients -y

2、修改/etc/nsswitch.conf, nsswitch文件用户名称转换服务,默认情况linux的用户认证使用本地文件认证

#找到下面三行

passwd:     files

shadow:     files

group:      files

#修改为

passwd:     files ldap

shadow:     files ldap

group:      files ldap

3    修改/etc/sysconfig/authconfig

#以下的no替换为yes

USESYSNETAUTH=yes

USESHADOW=yes

USELOCAUTHORIZE=yes

USELDAP=yes

USELDAPAUTH=yes

USEMKHOMEDIR=yes

4    修改/etc/pam.d/system-auth,身份验证是由pam模块对本地的/etc/passwd文件经过对比进行验证的,使用的pam_unix.so模块,为了使ldap认证生效,我们需要加入pam_ldap.so,同时为了给用户创建家目录还需要加入pam_mkhomedir.do模块

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

auth        sufficient    pam_fprintd.so

auth        sufficient    pam_unix.so nullok try_first_pass

auth        sufficient    pam_ldap.so

auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow

account     sufficient    pam_localuser.so

account     sufficient    pam_succeed_if.so uid <  quiet

account     [default=bad success=ok user_unknown=ignore] pam_ldap.so

account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry= type=

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok

password    sufficient    pam_ldap.so use_authtok

password    required      pam_deny.so

session     optional      pam_keyinit.so revoke

session     required      pam_limits.so

session     optional      pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=

session     [success= default=ignore] pam_succeed_if.so service in crond quiet use_uid

session     required      pam_unix.so

session     optional      pam_ldap.so

5    修改/etc/openldap/ldap.conf文件,内容如下

URI ldap://192.168.2.10/

BASE dc=yangxiaofei;dc=com

6    修改/etc/pam_ldap.conf文件

base dc=yangxiaofei,dc=com

7、 启动sssd服务,先修改sssd.conf

[domain/default]

enumerate=true

ldap_id_use_start_tls = False

cache_credentials = True

ldap_search_base = dc=example,dc=com

krb5_realm = EXAMPLE.COM

krb5_server = kerberos.example.com

id_provider = ldap

auth_provider = ldap

chpass_provider = ldap

ldap_uri = ldap://192.168.1.203/

ldap_tls_cacertdir = /etc/openldap/cacerts

[sssd]

services = nss, pam

config_file_version = 

domains = default

[nss]

[pam]

[sudo]

[autofs]

[ssh]

[pac]

8    开启名称缓存服务nscd

/etc/init.d/nscd start

五:安装phpldapadmin来管理LDAP

1    下载phpldapadmin

[root@OpenLDAP-Server ~]# wget http://ncu.dl.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.2/phpldapadmin-1.2.2.tgz

2    安装httpd+phpldapadmin

[root@OpenLDAP-Server ~]# tar zxvf phpldapadmin-1.2..tgz

[root@OpenLDAP-Server ~]# cd phpldapadmin-1.2.

[root@OpenLDAP-Server phpldapadmin-1.2.]# cd config/

[root@OpenLDAP-Server config]# ls

config.php.example

[root@OpenLDAP-Server config]# mv config.php.example config.php

[root@OpenLDAP-Server config]# cd ../../

[root@OpenLDAP-Server ~]# ls

anaconda-ks.cfg              download     install.log.syslog  jdk-7u67-linux-x64.tar.gz  phpldapadmin-1.2.

apache-tomcat-8.0..tar.gz  install.log  jdk1..0_67         jdk-8u92-linux-x64.rpm     phpldapadmin-1.2..tgz

[root@OpenLDAP-Server ~]# mv hpldapadmin-1.2. ^C

[root@OpenLDAP-Server ~]# mv phpldapadmin-1.2. phpldapadmin

[root@OpenLDAP-Server ~]# yum install httpd

[root@OpenLDAP-Server ~]# mv phpldapadmin /var/www/html/

3    修改phpldapadmin的配置文件,以可以链接ldap服务器

/var/www/html/phpldapadmin/config/config.php修改的内容如下:

$servers = new Datastore();

$servers->newServer('ldap_pla');

$servers->setValue('server','name','My LDAP Server');

$servers->setValue('server','host','192.168.2.10');

$servers->setValue('server','port',);

$servers->setValue('server','base',array('dc=yangxiaofei,dc=com'));

$servers->setValue('login','auth_type','session');

$servers->setValue('login','bind_id','cn=Manager,dc=yangxiaofei,dc=com');

$servers->setValue('login','bind_pass','shinezone');

$servers->setValue('server','tls',false);

4    启动httpd,登陆phpldapadmin,在浏览器输入http://192.168.2.10/phpldapadmin/

[root@OpenLDAP-Server ~]# service httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

[root@OpenLDAP-Server ~]# service iptables stop

[root@OpenLDAP-Server ~]# setenforce

setenforce: SELinux is disabled

备注:我这里是安装好的PHP环境,没得话建议安装

yum install httpd mysql-server mysql-devel php-mysql php php* -y

CentOS6.4_x64配置OpenLDAP+PhpldapAdmin的更多相关文章

  1. Centos6 yum安装openldap+phpldapadmin+TLS+双主配置

    原文地址:http://54im.com/openldap/centos-6-yum-install-openldap-phpldapadmin-tls-%E5%8F%8C%E4%B8%BB%E9%8 ...

  2. Linux系统下安装配置 OpenLDAP + phpLDAPadmin

    实验环境: 操作系统:Centos 7.4 服务器ip:192.168.3.41 运行用户:root 网络环境:Internet LDAP(轻量级目录访问协议)是一个能实现提供被称为目录服务的信息服务 ...

  3. CentOS6下OpenLDAP+PhpLdapAdmin基本安装及主从/主主高可用模式部署记录

    下面测试的部署机ip地址为:192.168.10.2051)yum安装OpenLDAP [root@openldap-server ~]# yum install openldap openldap- ...

  4. Centos7下安装OpenLDAP+Phpldapadmin及主主同步

    1.环境介绍及初始化准备 server1:172.16.138.87 openldap01 server2:172.16.138.88 openldap02 配置yum源 wget -O /etc/y ...

  5. OpenLDAP + phpLDAPadmin

    一.基础设置 1.1 环境说明 Centos 7.5 openldap 1.2 关闭防火墙和selinux setenforce sed -i 's/SELINUX=enforcing/SELINUX ...

  6. 在CentOS6上配置MHA过程全记录

    在CentOS6上配置MHA过程全记录 MHA(Master High Availability)是一款开源的MariaDB or MySQL高可用程序,为MariaDB or MySQL主从复制架构 ...

  7. centos6 网卡配置,多IP设置

    ##云服务器 centos6网卡配置 #设置出口IP vim /etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=seth0 #网卡名称 BOOTPROTO ...

  8. centos6 安装配置ss笔记

    2018-05-17 centos6 安装配置ss笔记 操作环境:Centos 6 x86_64 bbr 服务器地址:美国 1.准备VPS 在https://www.bwh1.net可购买,购买时已默 ...

  9. CentOS6.5配置 cron

    CentOS6.5配置 cron 任务 - mengjiaoduan的博客 - CSDN博客https://blog.csdn.net/mengjiaoduan/article/details/649 ...

随机推荐

  1. Spring与junit4集成测试

    一.应用场景:普通java web集成spring test, 项目结构:使用的是加入jar的方式,不是maven加入依赖的方式 注意:如果是引入jar包的方式,例如:spring-test4.0.5 ...

  2. Invalid prop: custom validator check failed for prop "pagerCount"

    在element分页中使用pager-count报错: vue.esm.js?c5de:628 [Vue warn]: Invalid prop: custom validator check fai ...

  3. mint-ui下拉加载min和上拉刷新(demo实例)

    <template> <div class="share"> <div class="header"> <div cl ...

  4. 最简单webview跳转

    String url = "http://www.qq.com" Uri uri=Uri.parse("http://www.baidu.com"); Inte ...

  5. jsfuck-原理

    jsfuck真的fuck,第一眼就是WTF?? Example The following source will do an alert(1): [][(![]+[])[+[]]+([![]]+[] ...

  6. 配置LANMP环境(6)-- 安装APACHE与PHP配置

    一.安装 Apache 2.4 安装:默认安装2.4版本 yum install httpd 修改配置 vim /etc/httpd/conf/httpd.conf 42行80端口改为 8080查看行 ...

  7. Linux之yum安装LAMP环境与管理

    [1] 什么是LAMP 目前世界最流行的企业建站方式是LAMP(Linux+Apache+MySQL+PHP),即使用Linux作为操作系统,Apache作为Web服务器,MySQL作为数据库,PHP ...

  8. (四) 结构化查询语言SQL——2

    3)ORDER BY排序语句 通常,查询的结果是以无序的方式显示的,有时需要将查询结果按照一定次序来进行排序.ORDER BY就可以用上了,例如查询课程号为202的课程成绩的所有信息,并按照成绩降序排 ...

  9. Vue数据通信详解

    如果有需要源代码,请猛戳源代码 希望文章给大家些许帮助和启发,麻烦大家在GitHub上面点个赞!!!十分感谢 一.前言 组件是 vue.js最强大的功能之一,而组件实例的作用域是相互独立的,这就意味着 ...

  10. 水果商城 ( Iview+ SSM + MySQL )

    因为时间原因,只做了后台,前台本来是打算使用 uni 框架 的. 有文档.E-R流程图.数据库文件. 项目源码地址:https://github.com/oukele/MyProject-Two