Install OpenLDAP on CentOS 6.5 and configure LDAP for user logon. centosopenldap
1. to install PHP and apache, if there is no EPEL source, install yum install epel-release. If not, create/etc/yum. repo. d/epel. repo [epel]
Name = Extra Packages for Enterprise Linux 6-$ basearch
# Baseurl = http://download.fedoraproject.org/pub/epel/6/?basearch
Using list = https://mirrors.fedoraproject.org/metalink? Epel-6 & arch = $ basearch
Failovermethod = priority
Enabled = 1
Gpgcheck = 1
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[Epel-debuginfo]
Name = Extra Packages for Enterprise Linux 6-$ basearch-Debug
# Baseurl = http://download.fedoraproject.org/pub/epel/6/$basearch/debug
Using list = https://mirrors.fedoraproject.org/metalink? Epel-debug-6 & arch = $ basearch
Failovermethod = priority
Enabled = 0
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Gpgcheck = 1
[Epel-source]
Name = Extra Packages for Enterprise Linux 6-$ basearch-Source
# Baseurl = http://download.fedoraproject.org/pub/epel/6/SRPMS
Using list = https://mirrors.fedoraproject.org/metalink? Epel-source-6 & arch = $ basearch
Failovermethod = priority
Enabled = 0
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Gpgcheck = 1phpldapadmin depends on apache and php
Yum install php httpd configure httpd. conf
2. Install OpenLDAPYum install * openldap-servers openldap-clients configure OpenLDAP and the configuration file/etc/openldap/slapd. conf file does not exist by default, from/usr/share/openldap-servers/slapd. conf. copy an obsolete file to this location. The owner is ldap: ldapdatabase monitor.
Access *
By dn. exact = "gidNumber = 0 + uidNumber = 0, cn = peercred, cn = external, cn = auth" read
By dn. exact = "cn = Manager, dc = iflyyun, dc = cn" read
By * nonedatabase bdb
Suffix "dc = iflyyun, dc = cn"
Checkpoint 1024 15
Rootdn "cn = Manager, dc = iflyyun, dc = cn" configuration/etc/openldap/ldap. confBASE dc = iflyyun, dc = cn
URI ldap: // bja-pro0002.hadoop.cpcc.iflyyun.cn configure ldap administrator user password sldappasswd (Be sure not to use ldappasswd, otherwise GSSAPI error will be reported)Enter the password to obtain the password in the format of {SSHA} ph + VRzfWSeamboy0itVlazrJrxzVHh80, and then modify/etc/openldap/slapd. conf.Directly use the plaintext password. If the encrypted password is incorrect, configure apache to identify index. php and modify/etc/httpd/conf/httpd. conf to find the following line and add index. phpDirectoryIndex index.html. var.Index. phpModify/etc/httpd/conf. d/php. conf to test whether the OpenLDAP configuration file is correct: slaptest-u-f/etc/openldap/slapd. conf
3. Install phpldapadminYum install phpldapadmin configuration/etc/phpldapadmin/config. ini $ servers-> setValue ('server', 'host', '192. 168.51.211 ');
$ Servers-> setValue ('server', 'Port', 389 );
$ Servers-> setValue ('server', 'base', array ('DC = iflyyun, dc = cn '));
$ Servers-> setValue ('login', 'auth _ type', 'cooker ');
$ Servers-> setValue ('login', 'Bind _ id', 'cn = Manager, dc = iflyyun, dc = cn ');
$ Servers-> setValue ('login', 'attr', 'dn'); (row 397, this line uncomment)
// $ Servers-> setValue ('login', 'attr', 'uid'); (comment out this line; otherwise, an error is reported during logon) Modify/etc/httpd/conf. d/phpldapadmin. conf, which allows access from other machines to <Directory/usr/share/phpldapadmin/htdocs>
Order Deny, Allow
Allow from all
</Directory>
4. Configure phpldapadminDelete/etc/openldap/lapd. d/create the LDAP root directory ldapadd-x-D "cn = Manager, dc = iflyyun, dc = cn"-f base. ldif-Wbase. ldifdn: dc = iflyyun, dc = cn
O: ldap
Objectclass: dcObject
Objectclass: Create administrator user in organization # Manager, iflyyun.cn
Dn: cn = Manager, dc = iflyyun, dc = cn
ObjectClass: simpleSecurityObject
ObjectClass: organizationalRole
Cn: Manager
Description: LDAP administrator
5. LDAP client ConfigurationInstall the required software yum install nss-pam-ldapd pam_ldap openldap-clients. The configuration files to be modified include:/Etc/sysconfig/authconfig,/etc/pam. d/system-auth,/etc/openldap/ldap. conf,/etc/nssswitch. confModify/etc/sysconfig/authconfigIPADOMAINJOINED = no
USEMKHOMEDIR = yes
USEPAMACCESS = no
CACHECREDENTIALS = yes
USESSSDAUTH = no
USESHADOW = yes
USEWINBIND = no
USEDB = noFORCELEGACY = no
USEFPRINTD = yes
FORCESMARTCARD = no
PASSWDALGORITHM = yes
USELDAPAUTH = yes
USEPASSWDQC = no
IPAV2NONTP = no
USELOCAUTHORIZE = yes
USECRACKLIB = yes
USEIPAV2 = no
USEWINBINDAUTH = no
USESMARTCARD = no
USELDAP = yes
USENIS = no
USEKERBEROS = no
USESYSNETAUTH = yes
USESSSD = no
USEHESIOD = noModify/etc/pam. d/system-auth# % PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
Auth required pam_env.so
Auth sufficient pam_fprintd.so
Auth sufficient pam_ldap.so
Auth sufficient pam_unix.so nullok try_first_pass
Auth requisite pam_succeed_if.so uid >=500 quiet
Auth required pam_deny.so
Account required pam_unix.so
Account sufficient pam_localuser.so
Account sufficient pam_succeed_if.so uid <500 quiet
Account required pam_permit.so
Account required pam_ldap.so
Password requisite pam_cracklib.so try_first_pass retry = 3 type =
Password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
Password sufficient pam_ldap.so use_authtok md5
Password required pam_deny.so
Session optional pam_keyinit.so revoke
Session required pam_limits.so
Session [success = 1 default = ignore] pam_succeed_if.so service in crond quiet use_uid
Session required pam_unix.so
Session required pam_mkhomedir.so skel =/etc/skel/umask = 0022
Session optional pam_ldap.soModify/etc/openldap/ldap. conf#
# LDAP ults
#
# See ldap. conf (5) for details
# This file shoshould be world readable but not world writable.
# BASE dc = example, dc = com
# URI ldap: // ldap.example.com ldap: // ldap-master.example.com: 666
# SIZELIMIT 12
# TIMELIMIT 15
# DEREF never
TLS_CACERTDIR/etc/openldap/cacerts
BASE dc = iflyyun, dc = cn
URI ldap: // hfa-pro0002.hadoop.cpcc.iflyyun.cnModify/etc/nssswitch. conf#
#/Etc/nsswitch. conf
#
# An example Name Service Switch config file. This file shocould be
# Sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND = return]' means that the search for
# Entry shoshould stop if the search in the previous entry turned
# Up nothing. Note that if the search failed due to some other reason
# (Like no NIS server responding) then the search continues with
# Next entry.
#
# Valid entries include:
#
# Nisplus Use NIS + (NIS version 3)
# Nis Use NIS (NIS version 2), also called YP
# Dns Use DNS (Domain Name Service)
# Files Use the local files
# Db Use the local database (. db) files
# Compat Use NIS on compat mode
# Hesiod Use Hesiod for user lookups
# [NOTFOUND = return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# Looked up first in the databases
#
# Example:
# Passwd: db files nisplus nis
# Shadow: db files nisplus nis
# Group: db files nisplus nis
Passwd: files ldap
Shadow: files ldap
Group: files ldap
# Hosts: db files nisplus nis dns
Hosts: files dns
# Example-obey only what nisplus tells us...
# Services: nisplus [NOTFOUND = return] files
# Networks: nisplus [NOTFOUND = return] files
# Protocols: nisplus [NOTFOUND = return] files
# Rpc: nisplus [NOTFOUND = return] files
# Ethers: nisplus [NOTFOUND = return] files
# Netmasks: nisplus [NOTFOUND = return] files
Bootparams: nisplus [NOTFOUND = return] files
Ethers: files
Netmasks: files
Networks: files
Protocols: files
Rpc: files
Services: files
Netgroup: nisplus
Publickey: nisplus
Automount: files nisplus
Aliases: files nisplus enable name cache service nscd restart
ReferenceHttp://www.centoscn.com/image-text/config/2013/0819/1367.htmlhttp://bbs.linuxtone.org/home.php? Mod = space & uid = 12643 & do = blog & id = 3438 http://www.ibm.com/developerworks/cn/linux/l-openldap/#listing18https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-quickstart.htmlhttp://54im.com/openldap/centos-6-yum-install-openldap-phpldapadmin-tls-%E5%8F%8C%E4%B8%BB%E9%85%8D%E7%BD% AE .html