Home directory http://407711169.blog.51cto.com/6616996/1439944
In fact, if the LDAP parameters are not very strict requirements, it is recommended to use Yum installation. Because of the dependent environment, the functions are very comprehensive. For beginners, it is strongly recommended that you install Yum for the first time.
Environment: Cent OS 6.3
First, prepare the environment
Make sure both the firewall and SELinux are off, and if the firewall must be turned on, configure the following:
vim /etc/sysconfig/iptables*filter:input accept [0:0]:forward accept [0:0]:o Utput accept [0:0]-a input -m state --state established,related -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j Accept-a input -m state --state new -m tcp -p tcp --dport 22 -j accept-a input -m state --state new -m tcp -p tcp --dport 80 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j accept -s 192.168.0.0/16-a Input -m state --state new -m tcp -p tcp --dport 636 -j ACCEPT -s 192.168.0.0/16-A INPUT -j REJECT --reject-with Icmp-host-prohibited-a forward -j reject --reject-with icmp-host-prohibitedcommit
Reload as follows:iptables -laccept tcp -- anywhere anywhere state NEW tcp dpt:sshACCEPT tcp -- anywhere anywhere state new tcp dpt:httpACCEPT tcp -- 192.168.0.0/16 anywhere state new tcp dpt:ldapaccept tcp -- 192.168.0.0/16 anywhere stAte new tcp dpt:ldaps
Second, installation, configuration OpenLDAP
Yum install-y openldap-servers openldap-clients
Create log related
Mkdir/var/log/slapdchmod 755/var/log/slapd/chown ldap:ldap/var/log/slapd/sed-i "/local4.*/d"/etc/rsyslog.confcat & gt;>/etc/rsyslog.conf << eoflocal4.*/var/log/slapd/slapd.logeofservice rsyslog Restart
Third, create a certificate
Cd/etc/pki/tls/certsmake Slapd.pem Here is an example:
This time, you can run the OpenSSL x509-in slapd.pem-noout-text to observe the certificate situation
chmod 640 Slapd.pemchown:ldap Slapd.pemln-s/ETC/PKI/TLS/CERTS/SLAPD.PEM/ETC/OPENLDAP/CERTS/SLAPD.PEM
Configure Administrator Password
Slappasswdnew Password: ******re-enter new password: ******{SSHA}WMZ+MLF6BG9HSHSE/ZVEN2BDVEQMIAFS
Iv. Configuring LDAP-related configuration files
Cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.confcp/usr/share/openldap-servers/db_ Config.example/var/lib/ldap/db_config
Change the relevant configuration file
VIM/ETC/OPENLDAP/SLAPD.CONF1, change all dc=my-domain for your domain2, replace the certificate seat tlscacertificatefile/etc/pki/tls/certs/ CA-BUNDLE.CRTTLSCERTIFICATEFILE/ETC/PKI/TLS/CERTS/SLAPD.PEMTLSCERTIFICATEKEYFILE/ETC/PKI/TLS/CERTS/SLAPD.PEM3, Replace admin password # ROOTPW secret# rootpw {crypt}ijfyncsnctbygrootpw {SSHA}WMZ+MLF6BG 9hshse/zven2bdveqmiafs
Change the configuration file to turn on SSL authentication
Vim/etc/sysconfig/ldapslapd_ldaps=yes
Update LDAP configuration file
vim/etc/openldap/ldap.conf## "dc=my-domain,dc=com" requires you to do the same configuration (change domain)
Creating initialization data
vim/root/base.ldif## "dc=my-domain,dc=com" requires you to do the same configuration (change domain) # #startdn: DC=MY-DOMAIN,DC=COMDC: My-domainobjectclass:dcobjectobjectclass:organizationalunitou:my-domain.comdn:ou=people,dc=my-domain,dc=comou: peopleobjectclass:organizationalunitdn:ou=groups,dc=my-domain,dc=comou:groupsobjectclass:organizationalunit## End
RM-RF/ETC/OPENLDAP/SLAPD.D/*SLAPADD-V-N 2-l/root/root.ldif
Chown-r Ldap:ldap/var/lib/ldapchown-r Ldap:ldap/etc/openldap/slapd.d
Test configuration initialization
Rm-rf/etc/openldap/slapd.d/*slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.dchown-r ldap:ldap/etc/ Openldap/slapd.d
Boot Start Item
Chkconfig--level 235 slapd onservice SLAPD start
To test the LDAP situation:
Ldapsearch-x-zz-h localhost# #ps:-zz to start the encryption authentication, because the certificate is a self-signed problem, so will be an error (generally not verified certificates, such as information): Ldap_start_tls:connect error (11 ) Additional Info:tls Error-8172:peer ' s certificate issuer have been marked as not trusted by the USER.L Dapsearch-x-H Ldaps://localhost
Search results are as follows:
# extended ldif## ldapv3# base <dc=my-domain,dc=com> (default) with scope subtree# filter: (objectclass=*) # Requesti ng:all## My-domain.comdn:dc=my-domain,dc=comdc:my-domainobjectclass:dcobjectobjectclass:organizationalunitou: my-domain.com# people, my-domain.comdn:ou=people,dc=my-domain,dc=comou:peopleobjectclass:organizationalunit# Groups, my-domain.comdn:ou=groups,dc=my-domain,dc=comou:groupsobjectclass:organizationalunit# search Resultsearch : 3result:0 success# numresponses:4# Numentries:3
Configuring host Aliases
VIM/ETC/NSSWITCH.CONFHOSTS:LDAP Files DNS
Installing Phpldapadmin
Add Epel Source
RPM-IVH http://mirrors.ukfast.co.uk/sites/dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Installing Phpldapadmin
Yum install-y phpldapadminallow access from your network
Configure the configuration file for Apache ' s phpldapadmin
Vim/etc/httpd/conf.d/phpldapadmin.conf (automatically created) Order Deny,allowdeny from Allallow from 127.0.0.1Allow from:: 1Allow from 1 92.168.0#ps needs to be configured to do this
Disable automatic Logon
vim/etc/phpldapadmin/config.php# (line 398)//$servers->setvalue (' login ', ' attr ', ' uid ');
Open Apache Server
Service httpd Restart
Access Related:
Http://webserver/ldapadmin User name: cn=manager,dc=my-domain,dc=com password: You use Sldappass generated password
You can take action to observe the Tail-f/var/log/slapd/slapd.log log. Then there is another LDAP Web management tool.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/3F/EF/wKiom1PM17fwWP0jAAIC4yw1v4g502.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiom1pm17fwwp0jaaic4yw1v4g502.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/3F/F0/wKioL1PM2NKCjtj4AAEXUJ20Puc727.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiol1pm2nkcjtj4aaexuj20puc727.jpg "/>
Where the data has been added. No more demonstrations.
Installing Ldap-lam
Why ldapldapadmin a similar management-side tool, we'll just do a simple demo here:
Download the ldap-account-manager-4.6.rc1.tar.bz2 package and I will upload the attachment
Cd/usr/local/src
Tar XF ldap-account-manager-4.6.rc1.tar.bz2
MV Ldap-account-manager-4.6.rc1/usr/local/lam
Then add a line to the previous/etc/phpldapadmin/config.php
Vim/etc/httpd/conf.d/phpldapadmin.conf
Alias/lam/usr/local/src/lam
Then web-side access
User name: Manager password Ibid.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/3F/EF/wKiom1PM19zxnH0vAADeBNDa-6Y535.jpg "style=" float: none; "title=" 3.jpg "alt=" Wkiom1pm19zxnh0vaadebnda-6y535.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/3F/F0/wKioL1PM2PbQx5ahAAH8xYV0fts137.jpg "style=" float: none; "title=" 4.jpg "alt=" Wkiol1pm2pbqx5ahaah8xyv0fts137.jpg "/>
Lam will default to the default configuration structure, and when you first visit, you are prompted to initialize the data. That is, and the interface of the users,groups and other controls.
In fact, Lam is more receptive to beginners than phpldapadmin.
But if you figure out the LDAP-related architectural concepts, you'll find that the tree structure configuration looks obvious.
LDAP-related architecture concepts (tree most important): http://407711169.blog.51cto.com/6616996/1439623
This article is from the "Tofu Blog" blog, make sure to keep this source http://407711169.blog.51cto.com/6616996/1440993
Cent OS 6.3 Yum mode installation Openldap,phppldapadmin,lam