Install OpenLDAP on CentOS 6.5 and configure LDAP for user logon. centosopenldap

Source: Internet
Author: User
Tags openldap metalink

Install OpenLDAP on CentOS 6.5 and configure LDAP for user logon. centosopenldap
1. to install PHP and apache, if there is no EPEL source, install yum install epel-release. If not, create/etc/yum. repo. d/epel. repo [epel]
Name = Extra Packages for Enterprise Linux 6-$ basearch
# Baseurl = http://download.fedoraproject.org/pub/epel/6/?basearch
Using list = https://mirrors.fedoraproject.org/metalink? Epel-6 & arch = $ basearch
Failovermethod = priority
Enabled = 1
Gpgcheck = 1
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[Epel-debuginfo]
Name = Extra Packages for Enterprise Linux 6-$ basearch-Debug
# Baseurl = http://download.fedoraproject.org/pub/epel/6/$basearch/debug
Using list = https://mirrors.fedoraproject.org/metalink? Epel-debug-6 & arch = $ basearch
Failovermethod = priority
Enabled = 0
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Gpgcheck = 1

[Epel-source]
Name = Extra Packages for Enterprise Linux 6-$ basearch-Source
# Baseurl = http://download.fedoraproject.org/pub/epel/6/SRPMS
Using list = https://mirrors.fedoraproject.org/metalink? Epel-source-6 & arch = $ basearch
Failovermethod = priority
Enabled = 0
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Gpgcheck = 1phpldapadmin depends on apache and php
Yum install php httpd configure httpd. conf
2. Install OpenLDAPYum install * openldap-servers openldap-clients configure OpenLDAP and the configuration file/etc/openldap/slapd. conf file does not exist by default, from/usr/share/openldap-servers/slapd. conf. copy an obsolete file to this location. The owner is ldap: ldapdatabase monitor.
Access *
By dn. exact = "gidNumber = 0 + uidNumber = 0, cn = peercred, cn = external, cn = auth" read
By dn. exact = "cn = Manager, dc = iflyyun, dc = cn" read
By * nonedatabase bdb
Suffix "dc = iflyyun, dc = cn"
Checkpoint 1024 15
Rootdn "cn = Manager, dc = iflyyun, dc = cn" configuration/etc/openldap/ldap. confBASE dc = iflyyun, dc = cn
URI ldap: // bja-pro0002.hadoop.cpcc.iflyyun.cn configure ldap administrator user password sldappasswd (Be sure not to use ldappasswd, otherwise GSSAPI error will be reported)Enter the password to obtain the password in the format of {SSHA} ph + VRzfWSeamboy0itVlazrJrxzVHh80, and then modify/etc/openldap/slapd. conf.Directly use the plaintext password. If the encrypted password is incorrect, configure apache to identify index. php and modify/etc/httpd/conf/httpd. conf to find the following line and add index. phpDirectoryIndex index.html. var.Index. phpModify/etc/httpd/conf. d/php. conf to test whether the OpenLDAP configuration file is correct: slaptest-u-f/etc/openldap/slapd. conf
3. Install phpldapadminYum install phpldapadmin configuration/etc/phpldapadmin/config. ini $ servers-> setValue ('server', 'host', '192. 168.51.211 ');
$ Servers-> setValue ('server', 'Port', 389 );
$ Servers-> setValue ('server', 'base', array ('DC = iflyyun, dc = cn '));
$ Servers-> setValue ('login', 'auth _ type', 'cooker ');
$ Servers-> setValue ('login', 'Bind _ id', 'cn = Manager, dc = iflyyun, dc = cn ');
$ Servers-> setValue ('login', 'attr', 'dn'); (row 397, this line uncomment)
// $ Servers-> setValue ('login', 'attr', 'uid'); (comment out this line; otherwise, an error is reported during logon) Modify/etc/httpd/conf. d/phpldapadmin. conf, which allows access from other machines to <Directory/usr/share/phpldapadmin/htdocs>
Order Deny, Allow
Allow from all
</Directory>
4. Configure phpldapadminDelete/etc/openldap/lapd. d/create the LDAP root directory ldapadd-x-D "cn = Manager, dc = iflyyun, dc = cn"-f base. ldif-Wbase. ldifdn: dc = iflyyun, dc = cn
O: ldap
Objectclass: dcObject
Objectclass: Create administrator user in organization # Manager, iflyyun.cn
Dn: cn = Manager, dc = iflyyun, dc = cn
ObjectClass: simpleSecurityObject
ObjectClass: organizationalRole
Cn: Manager
Description: LDAP administrator
5. LDAP client ConfigurationInstall the required software yum install nss-pam-ldapd pam_ldap openldap-clients. The configuration files to be modified include:/Etc/sysconfig/authconfig,/etc/pam. d/system-auth,/etc/openldap/ldap. conf,/etc/nssswitch. confModify/etc/sysconfig/authconfigIPADOMAINJOINED = no
USEMKHOMEDIR = yes
USEPAMACCESS = no
CACHECREDENTIALS = yes
USESSSDAUTH = no
USESHADOW = yes
USEWINBIND = no
USEDB = noFORCELEGACY = no
USEFPRINTD = yes
FORCESMARTCARD = no
PASSWDALGORITHM = yes
USELDAPAUTH = yes
USEPASSWDQC = no
IPAV2NONTP = no
USELOCAUTHORIZE = yes
USECRACKLIB = yes
USEIPAV2 = no
USEWINBINDAUTH = no
USESMARTCARD = no
USELDAP = yes
USENIS = no
USEKERBEROS = no
USESYSNETAUTH = yes
USESSSD = no
USEHESIOD = noModify/etc/pam. d/system-auth# % PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
Auth required pam_env.so
Auth sufficient pam_fprintd.so
Auth sufficient pam_ldap.so
Auth sufficient pam_unix.so nullok try_first_pass
Auth requisite pam_succeed_if.so uid >=500 quiet
Auth required pam_deny.so

Account required pam_unix.so
Account sufficient pam_localuser.so
Account sufficient pam_succeed_if.so uid <500 quiet
Account required pam_permit.so
Account required pam_ldap.so

Password requisite pam_cracklib.so try_first_pass retry = 3 type =
Password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
Password sufficient pam_ldap.so use_authtok md5
Password required pam_deny.so

Session optional pam_keyinit.so revoke
Session required pam_limits.so
Session [success = 1 default = ignore] pam_succeed_if.so service in crond quiet use_uid
Session required pam_unix.so
Session required pam_mkhomedir.so skel =/etc/skel/umask = 0022
Session optional pam_ldap.soModify/etc/openldap/ldap. conf#
# LDAP ults
#

# See ldap. conf (5) for details
# This file shoshould be world readable but not world writable.

# BASE dc = example, dc = com
# URI ldap: // ldap.example.com ldap: // ldap-master.example.com: 666

# SIZELIMIT 12
# TIMELIMIT 15
# DEREF never

TLS_CACERTDIR/etc/openldap/cacerts

BASE dc = iflyyun, dc = cn
URI ldap: // hfa-pro0002.hadoop.cpcc.iflyyun.cn
Modify/etc/nssswitch. conf#
#/Etc/nsswitch. conf
#
# An example Name Service Switch config file. This file shocould be
# Sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND = return]' means that the search for
# Entry shoshould stop if the search in the previous entry turned
# Up nothing. Note that if the search failed due to some other reason
# (Like no NIS server responding) then the search continues with
# Next entry.
#
# Valid entries include:
#
# Nisplus Use NIS + (NIS version 3)
# Nis Use NIS (NIS version 2), also called YP
# Dns Use DNS (Domain Name Service)
# Files Use the local files
# Db Use the local database (. db) files
# Compat Use NIS on compat mode
# Hesiod Use Hesiod for user lookups
# [NOTFOUND = return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# Looked up first in the databases
#
# Example:
# Passwd: db files nisplus nis
# Shadow: db files nisplus nis
# Group: db files nisplus nis

Passwd: files ldap
Shadow: files ldap
Group: files ldap


# Hosts: db files nisplus nis dns
Hosts: files dns

# Example-obey only what nisplus tells us...
# Services: nisplus [NOTFOUND = return] files
# Networks: nisplus [NOTFOUND = return] files
# Protocols: nisplus [NOTFOUND = return] files
# Rpc: nisplus [NOTFOUND = return] files
# Ethers: nisplus [NOTFOUND = return] files
# Netmasks: nisplus [NOTFOUND = return] files

Bootparams: nisplus [NOTFOUND = return] files

Ethers: files
Netmasks: files
Networks: files
Protocols: files
Rpc: files
Services: files

Netgroup: nisplus

Publickey: nisplus

Automount: files nisplus
Aliases: files nisplus enable name cache service nscd restart
ReferenceHttp://www.centoscn.com/image-text/config/2013/0819/1367.htmlhttp://bbs.linuxtone.org/home.php? Mod = space & uid = 12643 & do = blog & id = 3438 http://www.ibm.com/developerworks/cn/linux/l-openldap/#listing18https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-quickstart.htmlhttp://54im.com/openldap/centos-6-yum-install-openldap-phpldapadmin-tls-%E5%8F%8C%E4%B8%BB%E9%85%8D%E7%BD% AE .html

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.