Install OpenLDAP on CentOS 6.5 and configure LDAP for user logon

Source: Internet
Author: User
Tags openldap metalink

Install OpenLDAP on CentOS 6.5 and configure LDAP for user logon

Install OpenLDAP on CentOS 6.5 and configure LDAP for user logon

1. install PHP and apache
If you do not have an EPEL source, install
Yum install epel-release
If the file is not downloaded, create/etc/yum. repo. d/epel. repo.

--------------------------------------------------------------------------------
[Epel]
Name = Extra Packages for Enterprise Linux 6-$ basearch
# Baseurl = http://download.fedoraproject.org/pub/epel/6/?basearch
Using list = https://mirrors.fedoraproject.org/metalink? Epel-6 & arch = $ basearch
Failovermethod = priority
Enabled = 1
Gpgcheck = 1
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[Epel-debuginfo]
Name = Extra Packages for Enterprise Linux 6-$ basearch-Debug
# Baseurl = http://download.fedoraproject.org/pub/epel/6/$basearch/debug
Using list = https://mirrors.fedoraproject.org/metalink? Epel-debug-6 & arch = $ basearch
Failovermethod = priority
Enabled = 0
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Gpgcheck = 1

[Epel-source]
Name = Extra Packages for Enterprise Linux 6-$ basearch-Source
# Baseurl = http://download.fedoraproject.org/pub/epel/6/SRPMS
Using list = https://mirrors.fedoraproject.org/metalink? Epel-source-6 & arch = $ basearch
Failovermethod = priority
Enabled = 0
Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Gpgcheck = 1

--------------------------------------------------------------------------------

Phpldapadmin depends on apache and php

Yum install php httpd
Configure httpd. conf


2. Install OpenLDAP
Yum install * openldap-servers openldap-clients
Configure OpenLDAP, configuration file/etc/openldap/slapd. conf
This file does not exist by default. Copy one copy from/usr/share/openldap-servers/slapd. conf. obsolete to this location.
The owner is ldap: ldap.

--------------------------------------------------------------------------------
Database monitor
Access *
By dn. exact = "gidNumber = 0 + uidNumber = 0, cn = peercred, cn = external, cn = auth" read
By dn. exact = "cn = Manager, dc = iflyyun, dc = cn" read
By * none
Database bdb
Suffix "dc = iflyyun, dc = cn"
Checkpoint 1024 15
Rootdn "cn = Manager, dc = iflyyun, dc = cn"

--------------------------------------------------------------------------------
Configure/etc/openldap/ldap. conf

--------------------------------------------------------------------------------
BASE dc = iflyyun, dc = cn
URI ldap: // bja-pro0002.Hadoop.cpcc.iflyyun.cn

--------------------------------------------------------------------------------

Configure the ldap administrator password
Sldappasswd (do not use ldappasswd, otherwise GSSAPI error will be reported)
Enter the password to obtain the password in the format of {SSHA} ph + VRzfWSeamboy0itVlazrJrxzVHh80, and then modify/etc/openldap/slapd. conf.
The plaintext password is used directly. It is a problem to use the encrypted password.
Configure apache to identify index. php
Modify/etc/httpd/conf/httpd. conf
Find the following line and add index. php
DirectoryIndex index.html. var index. php
Modify/etc/httpd/conf. d/php. conf
Test whether the OpenLDAP configuration file is correct:
Slaptest-u-f/etc/openldap/slapd. conf


3. Install phpldapadmin
Yum install phpldapadmin
Configure/etc/phpldapadmin/config. ini

--------------------------------------------------------------------------------
$ Servers-> setValue ('server', 'host', '192. 168.51.211 ');
$ Servers-> setValue ('server', 'Port', 389 );
$ Servers-> setValue ('server', 'base', array ('DC = iflyyun, dc = cn '));
$ Servers-> setValue ('login', 'auth _ type', 'cooker ');
$ Servers-> setValue ('login', 'Bind _ id', 'cn = Manager, dc = iflyyun, dc = cn ');


$ Servers-> setValue ('login', 'attr', 'dn'); (row 397, this line uncomment)
// $ Servers-> setValue ('login', 'attr ', 'uid'); (comment out this line; otherwise, an error is returned)

--------------------------------------------------------------------------------
Modify/etc/httpd/conf. d/phpldapadmin. conf to allow access from other machines

--------------------------------------------------------------------------------
<Directory/usr/share/phpldapadmin/htdocs>
Order Deny, Allow
Allow from all
</Directory>

--------------------------------------------------------------------------------

 

4. Configure phpldapadmin
Delete all files in the/etc/openldap/lapd. d/directory.
Create an LDAP root directory
Ldapadd-x-D "cn = Manager, dc = iflyyun, dc = cn"-f base. ldif-W
Base. ldif

--------------------------------------------------------------------------------

Dn: dc = iflyyun, dc = cn
O: ldap
Objectclass: dcObject
Objectclass: organization

--------------------------------------------------------------------------------
Create administrator user
# Manager, iflyyun.cn
Dn: cn = Manager, dc = iflyyun, dc = cn
ObjectClass: simpleSecurityObject
ObjectClass: organizationalRole
Cn: Manager
Description: LDAP administrator


5. LDAP client Configuration
Install necessary software
Yum install nss-pam-ldapd pam_ldap openldap-clients
The configuration files to be modified include:
/Etc/sysconfig/authconfig,/etc/pam. d/system-auth,/etc/openldap/ldap. conf,/etc/nssswitch. conf
Modify/etc/sysconfig/authconfig

--------------------------------------------------------------------------------
IPADOMAINJOINED = no
USEMKHOMEDIR = yes
USEPAMACCESS = no
CACHECREDENTIALS = yes
USESSSDAUTH = no
USESHADOW = yes
USEWINBIND = no
USEDB = no
FORCELEGACY = no
USEFPRINTD = yes
FORCESMARTCARD = no
PASSWDALGORITHM = yes
USELDAPAUTH = yes
USEPASSWDQC = no
IPAV2NONTP = no
USELOCAUTHORIZE = yes
USECRACKLIB = yes
USEIPAV2 = no
USEWINBINDAUTH = no
USESMARTCARD = no
USELDAP = yes
USENIS = no
USEKERBEROS = no
USESYSNETAUTH = yes
USESSSD = no
USEHESIOD = no

--------------------------------------------------------------------------------
Modify/etc/pam. d/system-auth

--------------------------------------------------------------------------------
# % PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
Auth required pam_env.so
Auth sufficient pam_fprintd.so
Auth sufficient pam_ldap.so
Auth sufficient pam_unix.so nullok try_first_pass
Auth requisite pam_succeed_if.so uid >=500 quiet
Auth required pam_deny.so

Account required pam_unix.so
Account sufficient pam_localuser.so
Account sufficient pam_succeed_if.so uid <500 quiet
Account required pam_permit.so
Account required pam_ldap.so

Password requisite pam_cracklib.so try_first_pass retry = 3 type =
Password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
Password sufficient pam_ldap.so use_authtok md5
Password required pam_deny.so

Session optional pam_keyinit.so revoke
Session required pam_limits.so
Session [success = 1 default = ignore] pam_succeed_if.so service in crond quiet use_uid
Session required pam_unix.so
Session required pam_mkhomedir.so skel =/etc/skel/umask = 0022
Session optional pam_ldap.so

--------------------------------------------------------------------------------
Modify/etc/openldap/ldap. conf

--------------------------------------------------------------------------------
#
# LDAP ults
#

# See ldap. conf (5) for details
# This file shoshould be world readable but not world writable.

# BASE dc = example, dc = com
# URI ldap: // ldap.example.com ldap: // ldap-master.example.com: 666

# SIZELIMIT 12
# TIMELIMIT 15
# DEREF never

TLS_CACERTDIR/etc/openldap/cacerts

BASE dc = iflyyun, dc = cn
URI ldap: // hfa-pro0002.hadoop.cpcc.iflyyun.cn

--------------------------------------------------------------------------------
Modify/etc/nssswitch. conf

--------------------------------------------------------------------------------
#
#/Etc/nsswitch. conf
#
# An example Name Service Switch config file. This file shocould be
# Sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND = return]' means that the search for
# Entry shoshould stop if the search in the previous entry turned
# Up nothing. Note that if the search failed due to some other reason
# (Like no NIS server responding) then the search continues with
# Next entry.
#
# Valid entries include:
#
# Nisplus Use NIS + (NIS version 3)
# Nis Use NIS (NIS version 2), also called YP
# Dns Use DNS (Domain Name Service)
# Files Use the local files
# Db Use the local database (. db) files
# Compat Use NIS on compat mode
# Hesiod Use Hesiod for user lookups
# [NOTFOUND = return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# Looked up first in the databases
#
# Example:
# Passwd: db files nisplus nis
# Shadow: db files nisplus nis
# Group: db files nisplus nis

Passwd: files ldap
Shadow: files ldap
Group: files ldap

# Hosts: db files nisplus nis dns
Hosts: files dns

# Example-obey only what nisplus tells us...
# Services: nisplus [NOTFOUND = return] files
# Networks: nisplus [NOTFOUND = return] files
# Protocols: nisplus [NOTFOUND = return] files
# Rpc: nisplus [NOTFOUND = return] files
# Ethers: nisplus [NOTFOUND = return] files
# Netmasks: nisplus [NOTFOUND = return] files

Bootparams: nisplus [NOTFOUND = return] files

Ethers: files
Netmasks: files
Networks: files
Protocols: files
Rpc: files
Services: files

Netgroup: nisplus

Publickey: nisplus

Automount: files nisplus
Aliases: files nisplus

--------------------------------------------------------------------------------
Enable name cache service
Service nscd restart

Liferay Portal configuration uses Oracle and OpenLDAP

Axigen + OpenLDAP + BerkeleyDB + ejabberd multi-domain + WeChat chat detailed configuration

Deploy OpenLDAP authentication in CentOS

Install OpenLDAP server in CentOS Linux

OpenLDAP details: click here
OpenLDAP: click here

This article permanently updates the link address:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.