CentOS6.5 How to install LDAP account Manager

Source: Internet
Author: User
Tags file upload fpm ldap ldapsearch time limit openldap zend

Management system, the administrator can be encrypted to operate, enhance security. Lam supports managed account types with SAMBA2/3, UNIX address Book interfaces, and computer-required information, including NIS maps, e-mail aliases, MAC addresses, and so on.
LDAP Account Manager Powerful features

1. Using Lam, users, user groups, and computer system accounts stored in an LDAP directory can be easily and intuitively managed through a web interface.

2, the management of UNIX users, user groups, host, domain name.

3, powerful filtering and sorting function.

4, Account Number property management.

5, many constructs the attribute.

6, visual tree view mode.

7, plan to view the mode.

8, through the file upload to create an account.

9, all accounts can be exported to PDF file format.

10. Manage users, user groups, quotas, and automatically create a home directory for deleted users.

11, support LDAP+SSL encryption mode.

12, multinational language support, such as Catalan, Chinese (traditional) and so on.

Installation Requirements

1, PHP5 language environment and Perl language environment.

2, OpenLDAP2.0 or later.

3, support the CSS Web browser.

4, Apache WebServer, it is recommended to install SSL, Php-module (Php-module with LDAP, Gettext, XML, Mcrypt+mhash) and other modules.

Following the installation of the previous article, this article installs the LDAP account Manager (LAM)

1. Extend PHP LDAP

The code is as follows Copy Code
python[root@itchenyi-04 ~]# CD php-5.3.5/ext/ldap/
[Root@itchenyi-04 ldap]#/software/php/bin/phpize
Configuring for:
PHP Api version:20090626
Zend Module Api no:20090626
Zend Extension Api no:220090626
[root@itchenyi-04 ldap]#./configure--with-php-config=/software/php/bin/php-config--with-ldap=/software/openldap --with-ldap-sasl=/software/sasl2/
[Root@itchenyi-04 ldap]# make && Make install
[root@itchenyi-04 ldap]# echo-e ' nextension = ldap.so ' >> /software/php/etc/php.ini
[root@itchenyi-04 ldap]# Service php-fpm restart
Gracefully shutting down php-fpm. Done
Starting php-fpm Done


2. Install Lam (LDAP account Manager)

  code is as follows copy code
python[ root@itchenyi-04 mnt]# tar jxf ldap-account-manager-4.4.tar.bz2
[root@itchenyi-04 mnt]# CD ldap-account-manager-4.4
[root@itchenyi-04 ldap-account-manager-4.4]#./configure--with-httpd-user=www-- With-httpd-group=www--with-web-root=/data/www.itchenyi.com/lam
[root@itchenyi-04 ldap-account-manager-4.4]# Make install
LAM files installed
Make[1]: Entering directory '/mnt/ldap-account-manager-4.4 '
Make[1]: Leaving directory '/mnt/ldap-account-manager-4.4 '
HTML docs installed in/usr/local/lam/html
Cat install.sh >install
chmod a+x install


Configure it

The code is as follows Copy Code

python[root@itchenyi-04 ldap-account-manager-4.4]# cd/data/www.itchenyi.com/lam/config/
[root@itchenyi-04 config]# CP config.cfg_sample config.cfg
[root@itchenyi-04 config]# CP lam.conf_sample lam.conf

[root@itchenyi-04 config]# Cat lam.conf | Egrep-v "^#|^$"
serverurl:ldap://1.1.1.5:389
Admins:cn=manager,dc=itchenyi,dc=com
passwd: {ssha}rjbrujctxzedcbjpqdrbkdasqey= iuelea==
Treesuffix:dc=itchenyi,dc=com
Defaultlanguage:en_gb.utf8:utf-8:english (Great Britain)
ScriptPath:
Scriptserver:
scriptrights:750
Cachetimeout:5
searchlimit:0
modules:posixaccount_minuid:10000
modules:posixaccount_maxuid:30000
modules:posixaccount_minmachine:50000
modules:posixaccount_maxmachine:60000
modules:posixgroup_mingid:10000
modules:posixgroup_maxgid:20000
Modules:posixGroup_pwdHash:SSHA
Modules:posixAccount_pwdHash:SSHA
Activetypes:user,group,host,smbdomain
Types:suffix_user:ou=people,dc=itchenyi,dc=com
Types:attr_user: #uid; #givenName #sn; #uidNumber; #gidNumber
Types:modules_user:inetorgperson,posixaccount,shadowaccount,sambasamaccount
Types:suffix_group:ou=group,dc=itchenyi,dc=com
Types:attr_group: #cn; #gidNumber #memberUID; #description
Types:modules_group:posixgroup,sambagroupmapping
Types:suffix_host:ou=machines,dc=itchenyi,dc=com
Types:attr_host: #cn; #description #uidNumber; #gidNumber
Types:modules_host:account,posixaccount,sambasamaccount
Types:suffix_smbdomain:dc=itchenyi,dc=com
Types:attr_smbDomain:sambaDomainName:Domain Name;sambasid:domain SID
Types:modules_smbDomain:sambaDomain
Lampromailsubject:your Password was reset
Lampromailtext:dear @ @givenName @@ @ @sn @@,+::++::+your password is reset to: @ @newPassword @@+::++::++::+best regards+: : ++::+deskside support+::+
[root@itchenyi-04 config]# chown www:www/data/www.itchenyi.com/lam/-R

First login to remind you to create according to the preset organizational relationships in the configuration file!

Create an organizational structure

The LDAP account Manager provides a number of functions, such as a tree-like structure

LDAP Tree-like structure

Create a new group from the Web

Openldap-lam3

Create a new user, generalize to a new group

New user through Lam

View User ~

Openldap-lam5

Query for all data under the root domain:

The code is as follows Copy Code

python[root@itchenyi-04 config]#/software/openldap/bin/ldapsearch-x-B "dc=itchenyi,dc=com"-P 389-h 1.1.1.5
# extended LDIF
#
# LDAPv3
# base <dc=itchenyi,dc=com> with scope subtree
# Filter: (objectclass=*)
# Requesting:all
#

# itchenyi.com
Dn:dc=itchenyi,dc=com
Objectclass:dcobject
Objectclass:organization
O:www.itchenyi.com,blog.
Dc:itchenyi

# Manager, itchenyi.com
Dn:cn=manager,dc=itchenyi,dc=com
Objectclass:organizationalrole
Cn:manager

# people, itchenyi.com
Dn:ou=people,dc=itchenyi,dc=com
Objectclass:organizationalunit
Ou:people

# Group, itchenyi.com
Dn:ou=group,dc=itchenyi,dc=com
Objectclass:organizationalunit
Ou:group

# test-itcy, group, itchenyi.com
Dn:cn=test-itcy,ou=group,dc=itchenyi,dc=com
Objectclass:posixgroup
Description:test OpenLDAP
gidnumber:10000
Cn:test-itcy

# Itchenyi, People, itchenyi.com
Dn:cn=itchenyi,ou=people,dc=itchenyi,dc=com
Objectclass:posixaccount
Objectclass:inetorgperson
Objectclass:organizationalperson
Objectclass:person
HomeDirectory:/home/itchenyi
Loginshell:/bin/bash
Uid:itchenyi
Cn:itchenyi
uidnumber:10000
gidnumber:10000
Description:test
Sn:itchenyi
Postofficebox:itchenyi@gmail.com

# machines, itchenyi.com
Dn:ou=machines,dc=itchenyi,dc=com
Objectclass:organizationalunit
Ou:machines

# Search Result
Search:2
result:0 Success

# Numresponses:8
# numentries:7


Query SN matches data at the beginning of Itchenyi:

The code is as follows Copy Code

python[ root@itchenyi-04 config]#/software/openldap/bin/ldapsearch-x-B "dc=itchenyi,dc=com" "sn=itchenyi*"-P 389-h 1.1.1.5< br> # extended LDIF
#
# LDAPv3
# base &lt;dc=itchenyi,dc=com&gt; with scope subtree
# filter:sn=i tchenyi*
# Requesting:all
#

# Itchenyi, people, itchenyi.com
Dn:cn=itchenyi,ou=people,dc=itchenyi, dc=com
Objectclass:posixaccount
Objectclass:inetorgperson
Objectclass:organizationalperson
Objectclass:person
HomeDirectory:/home/itchenyi
Loginshell:/bin/bash
Uid:itchenyi
Cn:itchenyi
uidnumber:10000
gidnumber:10000
description:test
Sn:itchenyi
postofficebox:itchenyi@gmail.com

p># Search Result
search:2
result:0 Success

# numresponses:2
# numentries:1

 
That's it, my demand is not this, mainly to help care about my Bo friends, mainly or time limit people, otherwise you can share, learn together, hehe ~ ~ ~ ~

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.