Objective
LDAP (Lightweight Directory Access Protocol) is a Lightweight Directory Access protocol based on the X.500 standard, which, like Nis,dns, belongs to the name service in the UNIX operating system (naming Service). This article describes how to build an LDAP service on the Ubuntu operating system.
First step: Modify hostname
127.0.0.1 localhost127.0.1.1 ldap.ldapdomain.com alternative192.168.5.180 ldap.ldapdomain.com
Note: when installing OpenLDAP in Debain, Debian will prompt for the LDAP Admin user to set a password, and then automatically create a default database, which uses a default base DN, by default, Debian will make Use the local domain name as the base DN, for example, if my domain name is ldapdomain.com, then Debian will use dc=ldapdomain,dc=com
as my default base DN
Step Two: Install, configure the software
sudo apt-get install-y slapd ldap-utils
Note:
SLAPD:OPENLDAP Service-Side program components
SLAPD: Daemon
Slapdn
Slapadd
Slapcat: Export LDAP database file to. ldif format
......
......
LDAP-UTILS:OPENLDAP command-Line toolset (Ldapsearch, ldapmodify, Ldapadd,......)
Configure/etc/ldap/ldap.conf, add base and URI. Here the base is dc=ldapdomain,dc=com URI for ldap://192.168.5.180:389
BASE Dc=ldapdomain,dc=comuri ldap://192.168.5.180:389
Reconfigure the SLAPD with the following command (skip this step if the default configuration satisfies the requirement)
Dpkg-reconfigure SLAPD
Note: reconfigure content, including Basedn,admin administrator password, back-end Database selection (HDB,BDB), whether to delete the old database, whether to allow LDAPV2 protocol
Install the LDAP management side software for PHP:
Apt-get install-y Phpldapadmin
Modify the corresponding configuration file/etc/phpldapadmin/config.php to make the following changes:
(1) $servers->setvalue (' server '). ' Host ', ' 127.0.0.1 ') #修改为某个内网可访问的IP地址
(2) $servers->setvalue (' server '). ' base ', Array ('dc=example,dc=com')) #修改为baseDN, modified here to dc=ldapdomain,dc=com
(3) $servers->setvalue (' login ', ' bind_id ', ' Cn=admin,dc=example,dc=com') #修改为baseDN下的admin, CN=ADMIN,DC =ldapdomain,dc=com
(4) $config->custom->appearance[' hide_template_warning ') = false #false修改为true
Firewall Release Apache2:
UFW allow ' Apache ' UFW allow ' Apache full ' UFW allow ' Apache Secure '
After that, restart the service:
/etc/init.d/apache2 restart
Test whether the page is accessible through Curl http://<IP-Address>/phpldapadmin, and if successful, the effect of accessing through the browser is as follows:
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/95/A1/wKioL1kX01Hzyf-sAAGHG1wfRwU264.png-wh_500x0-wm_ 3-wmp_4-s_1306869954.png "title=" Image.png "alt=" Wkiol1kx01hzyf-saaghg1wfrwu264.png-wh_50 "/>
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/95/A1/wKiom1kX1ATgtRFzAAEazvo4PWo992.png-wh_500x0-wm_ 3-wmp_4-s_4058962384.png "title=" Image.png "alt=" Wkiom1kx1atgtrfzaaeazvo4pwo992.png-wh_50 "/>
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/95/A1/wKiom1kX1DuAMWQZAAGqu5MPeck927.png-wh_500x0-wm_ 3-wmp_4-s_3209501464.png "title=" Image.png "alt=" Wkiom1kx1duamwqzaagqu5mpeck927.png-wh_50 "/>
Step three:LDAP firewall UFW configuration
Add the TCP port 389 (LDAP communication port), and the TCP port 636 (ldaps communication port), where the server side IP address is 192.168.5.180:
UFW allow proto TCP from all to 192.168.5.180 port 389UFW allow proto TCP from any to 192.168.5.180 port 636
Fourth Step: configuration Check, add data
The LDAP configuration is made up of cn=config's tree-shaped structure, which can be ldapseach to find out which dn the tree is in:
Query by SASL EXTERNAL authentication method: Ldapsearch-q-lll-y external-h ldapi:///-B cn=config dn:
Note:
-Q:SASL Certified Model (relative to-X simple Authentication)
-LLL: Show results in LDIF format; Ignore annotations; Ignore version
-y EXTERNAL: Using SASL's EXTERNAL authentication method
-h ldapi:///: connecting localhost
-B cn=config DN: Querying the DN of all Cn=config branches
Query the contents of LDAP BaseDN with simple authentication: ldapsearch-x-lll-h ldap:///-B dc=ldapdomain, dc=comldapsearch-x-lll-h ldap:///-B DC=LDAPD Omain, dc=com dn: #only return DN objectldapsearch-x-lll-h 192.168.5.180-p 389-b dc=ldapdomain, Dc=comldapsearch -x-lll-h 192.168.5.180-p 389-b dc=ldapdomain, dc=com dn: #only return DN objectldapsearch-x-lll-h 192.168.5.180 -P 389-b dc=ldapdomain,dc=com objectclass=* #匹配objectClass
Create a new structure, save it as an LDIF file, and add it to the database:
VI structure.ldif
The contents are as follows:
Dn:ou=people,dc=ldapdomain,dc=comobjectclass:organizationalunitou:peopledn:ou=group,dc=ldapdomain,dc= ComobjectClass:organizationalUnitou:group
Note: in Structure.ldif, two entries are added, all of them belong to the OrganizationalUnit object, one property is people, and the other property is group
Use the Ldapadd command to import LDIF into the database:
Ldapadd-x-D cn=admin,dc=ldapsearch,dc=com-w-F structure.ldif
Note:
-D cn=admin,dc=ldapsearch,dc=com: Because you want to write to the database, you need to use the Admin user's permission to operate
-W: Prompt for Admin user's password on the command line
-F: The path of the LDIF file that needs to be imported
Once the import is complete, you can see from the command that the corresponding content already exists in the LDAP database:
[Email protected]:~# ldapsearch-x-lll-h 192.168.5.180-p 389-b dc=ldapdomain,dc=com objectclass=*dn:dc=ldapdomain,dc= Comobjectclass:topobjectclass:dcobjectobjectclass:organizationo:ldapdomain.comdc:ldapdomaindn:cn=admin,dc= Ldapdomain,dc=comobjectclass:simplesecurityobjectobjectclass:organizationalrolecn:admindescription:ldap Administratordn:ou=people,dc=ldapdomain,dc=comobjectclass:organizationalunitou:peopledn:ou=group,dc=ldapdomain , Dc=comobjectclass:organizationalunitou:group
The next article will cover more detailed OPENLDAP configuration management and user management
This article is from the "Technical Achievement Dream" blog, please be sure to keep this source http://jiangche00.blog.51cto.com/4377920/1925454
Installation and configuration of OpenLDAP under Ubuntu system