Cent OS 6.3 Yum mode installation Openldap,phppldapadmin,lam

Home directory http://407711169.blog.51cto.com/6616996/1439944

In fact, if the LDAP parameters are not very strict requirements, it is recommended to use Yum installation. Because of the dependent environment, the functions are very comprehensive. For beginners, it is strongly recommended that you install Yum for the first time.

Environment: Cent OS 6.3

First, prepare the environment

Make sure both the firewall and SELinux are off, and if the firewall must be turned on, configure the following:

 vim /etc/sysconfig/iptables*filter:input accept [0:0]:forward accept [0:0]:o Utput accept [0:0]-a input -m state --state established,related -j  ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j  Accept-a input -m state --state new -m tcp -p tcp --dport  22 -j accept-a input -m state --state new -m tcp -p  tcp --dport 80 -j ACCEPT-A INPUT -m state --state NEW  -m tcp -p tcp --dport 389 -j accept -s 192.168.0.0/16-a  Input -m state --state new -m tcp -p tcp --dport 636 -j  ACCEPT -s 192.168.0.0/16-A INPUT -j REJECT --reject-with  Icmp-host-prohibited-a forward -j reject --reject-with icmp-host-prohibitedcommit 

Reload as follows:iptables -laccept     tcp  --  anywhere              anywhere             state NEW tcp dpt:sshACCEPT      tcp  --  anywhere              anywhere            state new tcp  dpt:httpACCEPT     tcp  --  192.168.0.0/16        anywhere             state new tcp dpt:ldapaccept     tcp  --   192.168.0.0/16       anywhere             stAte new tcp dpt:ldaps 

Second, installation, configuration OpenLDAP

Yum install-y openldap-servers openldap-clients

Create log related

Mkdir/var/log/slapdchmod 755/var/log/slapd/chown ldap:ldap/var/log/slapd/sed-i "/local4.*/d"/etc/rsyslog.confcat & gt;>/etc/rsyslog.conf << eoflocal4.*/var/log/slapd/slapd.logeofservice rsyslog Restart

Third, create a certificate

Cd/etc/pki/tls/certsmake Slapd.pem Here is an example:

This time, you can run the OpenSSL x509-in slapd.pem-noout-text to observe the certificate situation

chmod 640 Slapd.pemchown:ldap Slapd.pemln-s/ETC/PKI/TLS/CERTS/SLAPD.PEM/ETC/OPENLDAP/CERTS/SLAPD.PEM

Configure Administrator Password

Slappasswdnew Password: ******re-enter new password: ******{SSHA}WMZ+MLF6BG9HSHSE/ZVEN2BDVEQMIAFS

Iv. Configuring LDAP-related configuration files

Cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.confcp/usr/share/openldap-servers/db_ Config.example/var/lib/ldap/db_config

Change the relevant configuration file

VIM/ETC/OPENLDAP/SLAPD.CONF1, change all dc=my-domain for your domain2, replace the certificate seat tlscacertificatefile/etc/pki/tls/certs/ CA-BUNDLE.CRTTLSCERTIFICATEFILE/ETC/PKI/TLS/CERTS/SLAPD.PEMTLSCERTIFICATEKEYFILE/ETC/PKI/TLS/CERTS/SLAPD.PEM3, Replace admin password # ROOTPW secret# rootpw {crypt}ijfyncsnctbygrootpw {SSHA}WMZ+MLF6BG 9hshse/zven2bdveqmiafs

Change the configuration file to turn on SSL authentication

Vim/etc/sysconfig/ldapslapd_ldaps=yes

Update LDAP configuration file

vim/etc/openldap/ldap.conf## "dc=my-domain,dc=com" requires you to do the same configuration (change domain)

Creating initialization data

vim/root/base.ldif## "dc=my-domain,dc=com" requires you to do the same configuration (change domain) # #startdn: DC=MY-DOMAIN,DC=COMDC: My-domainobjectclass:dcobjectobjectclass:organizationalunitou:my-domain.comdn:ou=people,dc=my-domain,dc=comou: peopleobjectclass:organizationalunitdn:ou=groups,dc=my-domain,dc=comou:groupsobjectclass:organizationalunit## End

RM-RF/ETC/OPENLDAP/SLAPD.D/*SLAPADD-V-N 2-l/root/root.ldif

Chown-r Ldap:ldap/var/lib/ldapchown-r Ldap:ldap/etc/openldap/slapd.d

Test configuration initialization

Rm-rf/etc/openldap/slapd.d/*slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.dchown-r ldap:ldap/etc/ Openldap/slapd.d

Boot Start Item

Chkconfig--level 235 slapd onservice SLAPD start

To test the LDAP situation:

Ldapsearch-x-zz-h localhost# #ps:-zz to start the encryption authentication, because the certificate is a self-signed problem, so will be an error (generally not verified certificates, such as information): Ldap_start_tls:connect error (11 ) Additional Info:tls Error-8172:peer ' s certificate issuer have been marked as not trusted by the USER.L Dapsearch-x-H Ldaps://localhost

Search results are as follows:

# extended ldif## ldapv3# base <dc=my-domain,dc=com> (default) with scope subtree# filter: (objectclass=*) # Requesti ng:all## My-domain.comdn:dc=my-domain,dc=comdc:my-domainobjectclass:dcobjectobjectclass:organizationalunitou: my-domain.com# people, my-domain.comdn:ou=people,dc=my-domain,dc=comou:peopleobjectclass:organizationalunit# Groups, my-domain.comdn:ou=groups,dc=my-domain,dc=comou:groupsobjectclass:organizationalunit# search Resultsearch : 3result:0 success# numresponses:4# Numentries:3

Configuring host Aliases

VIM/ETC/NSSWITCH.CONFHOSTS:LDAP Files DNS

Installing Phpldapadmin

Add Epel Source

RPM-IVH http://mirrors.ukfast.co.uk/sites/dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Installing Phpldapadmin

Yum install-y phpldapadminallow access from your network

Configure the configuration file for Apache ' s phpldapadmin

Vim/etc/httpd/conf.d/phpldapadmin.conf (automatically created) Order Deny,allowdeny from Allallow from 127.0.0.1Allow from:: 1Allow from 1 92.168.0#ps needs to be configured to do this

Disable automatic Logon

vim/etc/phpldapadmin/config.php# (line 398)//$servers->setvalue (' login ', ' attr ', ' uid ');

Open Apache Server

Service httpd Restart

Access Related:

Http://webserver/ldapadmin User name: cn=manager,dc=my-domain,dc=com password: You use Sldappass generated password

You can take action to observe the Tail-f/var/log/slapd/slapd.log log. Then there is another LDAP Web management tool.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/3F/EF/wKiom1PM17fwWP0jAAIC4yw1v4g502.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiom1pm17fwwp0jaaic4yw1v4g502.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/3F/F0/wKioL1PM2NKCjtj4AAEXUJ20Puc727.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiol1pm2nkcjtj4aaexuj20puc727.jpg "/>

Where the data has been added. No more demonstrations.

Installing Ldap-lam

Why ldapldapadmin a similar management-side tool, we'll just do a simple demo here:

Download the ldap-account-manager-4.6.rc1.tar.bz2 package and I will upload the attachment

Cd/usr/local/src

Tar XF ldap-account-manager-4.6.rc1.tar.bz2

MV Ldap-account-manager-4.6.rc1/usr/local/lam

Then add a line to the previous/etc/phpldapadmin/config.php

Vim/etc/httpd/conf.d/phpldapadmin.conf

Alias/lam/usr/local/src/lam

Then web-side access

User name: Manager password Ibid.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/3F/EF/wKiom1PM19zxnH0vAADeBNDa-6Y535.jpg "style=" float: none; "title=" 3.jpg "alt=" Wkiom1pm19zxnh0vaadebnda-6y535.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/3F/F0/wKioL1PM2PbQx5ahAAH8xYV0fts137.jpg "style=" float: none; "title=" 4.jpg "alt=" Wkiol1pm2pbqx5ahaah8xyv0fts137.jpg "/>

Lam will default to the default configuration structure, and when you first visit, you are prompted to initialize the data. That is, and the interface of the users,groups and other controls.

In fact, Lam is more receptive to beginners than phpldapadmin.

But if you figure out the LDAP-related architectural concepts, you'll find that the tree structure configuration looks obvious.

LDAP-related architecture concepts (tree most important): http://407711169.blog.51cto.com/6616996/1439623

This article is from the "Tofu Blog" blog, make sure to keep this source http://407711169.blog.51cto.com/6616996/1440993

Cent OS 6.3 Yum mode installation Openldap,phppldapadmin,lam