Cent OS 6.3 Yum mode installation Openldap,phppldapadmin,lam

Source: Internet
Author: User
Tags ldap ldap parameters log log openssl x509 administrator password openldap rsyslog

Home directory http://407711169.blog.51cto.com/6616996/1439944

In fact, if the LDAP parameters are not very strict requirements, it is recommended to use Yum installation. Because of the dependent environment, the functions are very comprehensive. For beginners, it is strongly recommended that you install Yum for the first time.

Environment: Cent OS 6.3


First, prepare the environment

Make sure both the firewall and SELinux are off, and if the firewall must be turned on, configure the following:

 vim /etc/sysconfig/iptables*filter:input accept [0:0]:forward accept [0:0]:o Utput accept [0:0]-a input -m state --state established,related -j  ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j  Accept-a input -m state --state new -m tcp -p tcp --dport  22 -j accept-a input -m state --state new -m tcp -p  tcp --dport 80 -j ACCEPT-A INPUT -m state --state NEW  -m tcp -p tcp --dport 389 -j accept -s 192.168.0.0/16-a  Input -m state --state new -m tcp -p tcp --dport 636 -j  ACCEPT -s 192.168.0.0/16-A INPUT -j REJECT --reject-with  Icmp-host-prohibited-a forward -j reject --reject-with icmp-host-prohibitedcommit 
Reload as follows:iptables -laccept     tcp  --  anywhere              anywhere             state NEW tcp dpt:sshACCEPT      tcp  --  anywhere              anywhere            state new tcp  dpt:httpACCEPT     tcp  --  192.168.0.0/16        anywhere             state new tcp dpt:ldapaccept     tcp  --   192.168.0.0/16       anywhere             stAte new tcp dpt:ldaps 


Second, installation, configuration OpenLDAP

Yum install-y openldap-servers openldap-clients


Create log related

Mkdir/var/log/slapdchmod 755/var/log/slapd/chown ldap:ldap/var/log/slapd/sed-i "/local4.*/d"/etc/rsyslog.confcat & gt;>/etc/rsyslog.conf << eoflocal4.*/var/log/slapd/slapd.logeofservice rsyslog Restart


Third, create a certificate

Cd/etc/pki/tls/certsmake Slapd.pem Here is an example:

This time, you can run the OpenSSL x509-in slapd.pem-noout-text to observe the certificate situation

chmod 640 Slapd.pemchown:ldap Slapd.pemln-s/ETC/PKI/TLS/CERTS/SLAPD.PEM/ETC/OPENLDAP/CERTS/SLAPD.PEM


Configure Administrator Password

Slappasswdnew Password: ******re-enter new password: ******{SSHA}WMZ+MLF6BG9HSHSE/ZVEN2BDVEQMIAFS


Iv. Configuring LDAP-related configuration files


Cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.confcp/usr/share/openldap-servers/db_ Config.example/var/lib/ldap/db_config


Change the relevant configuration file

VIM/ETC/OPENLDAP/SLAPD.CONF1, change all dc=my-domain for your domain2, replace the certificate seat tlscacertificatefile/etc/pki/tls/certs/ CA-BUNDLE.CRTTLSCERTIFICATEFILE/ETC/PKI/TLS/CERTS/SLAPD.PEMTLSCERTIFICATEKEYFILE/ETC/PKI/TLS/CERTS/SLAPD.PEM3, Replace admin password # ROOTPW secret# rootpw {crypt}ijfyncsnctbygrootpw {SSHA}WMZ+MLF6BG 9hshse/zven2bdveqmiafs

Change the configuration file to turn on SSL authentication

Vim/etc/sysconfig/ldapslapd_ldaps=yes


Update LDAP configuration file

vim/etc/openldap/ldap.conf## "dc=my-domain,dc=com" requires you to do the same configuration (change domain)


Creating initialization data

vim/root/base.ldif## "dc=my-domain,dc=com" requires you to do the same configuration (change domain) # #startdn: DC=MY-DOMAIN,DC=COMDC: My-domainobjectclass:dcobjectobjectclass:organizationalunitou:my-domain.comdn:ou=people,dc=my-domain,dc=comou: peopleobjectclass:organizationalunitdn:ou=groups,dc=my-domain,dc=comou:groupsobjectclass:organizationalunit## End

RM-RF/ETC/OPENLDAP/SLAPD.D/*SLAPADD-V-N 2-l/root/root.ldif

Chown-r Ldap:ldap/var/lib/ldapchown-r Ldap:ldap/etc/openldap/slapd.d

Test configuration initialization

Rm-rf/etc/openldap/slapd.d/*slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.dchown-r ldap:ldap/etc/ Openldap/slapd.d

Boot Start Item

Chkconfig--level 235 slapd onservice SLAPD start


To test the LDAP situation:

Ldapsearch-x-zz-h localhost# #ps:-zz to start the encryption authentication, because the certificate is a self-signed problem, so will be an error (generally not verified certificates, such as information): Ldap_start_tls:connect error (11 ) Additional Info:tls Error-8172:peer ' s certificate issuer have been marked as not trusted by the USER.L Dapsearch-x-H Ldaps://localhost

Search results are as follows:

# extended ldif## ldapv3# base <dc=my-domain,dc=com> (default) with scope subtree# filter: (objectclass=*) # Requesti ng:all## My-domain.comdn:dc=my-domain,dc=comdc:my-domainobjectclass:dcobjectobjectclass:organizationalunitou: my-domain.com# people, my-domain.comdn:ou=people,dc=my-domain,dc=comou:peopleobjectclass:organizationalunit# Groups, my-domain.comdn:ou=groups,dc=my-domain,dc=comou:groupsobjectclass:organizationalunit# search Resultsearch : 3result:0 success# numresponses:4# Numentries:3

Configuring host Aliases

VIM/ETC/NSSWITCH.CONFHOSTS:LDAP Files DNS


Installing Phpldapadmin

Add Epel Source

RPM-IVH http://mirrors.ukfast.co.uk/sites/dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Installing Phpldapadmin

Yum install-y phpldapadminallow access from your network


Configure the configuration file for Apache ' s phpldapadmin

Vim/etc/httpd/conf.d/phpldapadmin.conf (automatically created) Order Deny,allowdeny from Allallow from 127.0.0.1Allow from:: 1Allow from 1 92.168.0#ps needs to be configured to do this


Disable automatic Logon

vim/etc/phpldapadmin/config.php# (line 398)//$servers->setvalue (' login ', ' attr ', ' uid ');


Open Apache Server

Service httpd Restart


Access Related:

Http://webserver/ldapadmin User name: cn=manager,dc=my-domain,dc=com password: You use Sldappass generated password


You can take action to observe the Tail-f/var/log/slapd/slapd.log log. Then there is another LDAP Web management tool.


650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/3F/EF/wKiom1PM17fwWP0jAAIC4yw1v4g502.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiom1pm17fwwp0jaaic4yw1v4g502.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/3F/F0/wKioL1PM2NKCjtj4AAEXUJ20Puc727.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiol1pm2nkcjtj4aaexuj20puc727.jpg "/>

Where the data has been added. No more demonstrations.

Installing Ldap-lam


Why ldapldapadmin a similar management-side tool, we'll just do a simple demo here:

Download the ldap-account-manager-4.6.rc1.tar.bz2 package and I will upload the attachment

Cd/usr/local/src

Tar XF ldap-account-manager-4.6.rc1.tar.bz2

MV Ldap-account-manager-4.6.rc1/usr/local/lam


Then add a line to the previous/etc/phpldapadmin/config.php

Vim/etc/httpd/conf.d/phpldapadmin.conf

Alias/lam/usr/local/src/lam


Then web-side access

User name: Manager password Ibid.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/3F/EF/wKiom1PM19zxnH0vAADeBNDa-6Y535.jpg "style=" float: none; "title=" 3.jpg "alt=" Wkiom1pm19zxnh0vaadebnda-6y535.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/3F/F0/wKioL1PM2PbQx5ahAAH8xYV0fts137.jpg "style=" float: none; "title=" 4.jpg "alt=" Wkiol1pm2pbqx5ahaah8xyv0fts137.jpg "/>


Lam will default to the default configuration structure, and when you first visit, you are prompted to initialize the data. That is, and the interface of the users,groups and other controls.

In fact, Lam is more receptive to beginners than phpldapadmin.

But if you figure out the LDAP-related architectural concepts, you'll find that the tree structure configuration looks obvious.

LDAP-related architecture concepts (tree most important): http://407711169.blog.51cto.com/6616996/1439623





This article is from the "Tofu Blog" blog, make sure to keep this source http://407711169.blog.51cto.com/6616996/1440993

Cent OS 6.3 Yum mode installation Openldap,phppldapadmin,lam

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.