LDAP Quick Build Step Edition

Tag:ldap    Fortress machine     build configuration    

Step version: ================================== server Settings =======================================yum install -y  openldap openldap-servers openldap-clients openldap-develcp /usr/share/ Openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf && cp /usr/share/ openldap-servers/db_config.example /var/lib/ldap/db_config      sed - ri  ' s/(suffix.*) "dc=my-domain,dc=com"/\1 "dc=youyuan,dc=com"/g '  /etc/openldap/slapd.conf & & sed -ri  ' s/(rootdn.*) "cn=manager,dc=my-domain,dc=com"/\1 "cn=admin,dc=youyuan,dc=com"/g '  /etc/openldap/slapd.conf && sed -ri  ' s/#  (rootpw.*) secret/\112345678/g '  /etc/openldap/slapd.confsed -i  '/local7.*/a\ #by  openldap\nlocal4.*           /var/log/ldap.log '  /etc/rsyslog.conf &&  Service rsyslog restartservice&nbsP;slapd start && rm -rf /etc/openldap/slapd.d/* && slaptest  -f /etc/openldap/slapd.conf -f /etc/openldap/slapd.d && chown -r  ldap:ldap /etc/openldap/slapd.d/* && service slapd restartyum -y  install migrationtools && sed -i  ' s/padl/youyuan/g '  /usr/share/ migrationtools/migrate_common.ph/usr/share/migrationtools/migrate_base.pl >/tmp/base.ldif ;;  /usr/share/migrationtools/migrate_passwd.pl /etc/passwd >/tmp/passwd.ldif ;;  /usr/share/migrationtools/migrate_group.pl /etc/group >/tmp/group.ldifldapadd -x  -d  "Cn=admin,dc=youyuan,dc=com"  -w 12345678 -f /tmp/base.ldifldapadd -x -d   "Cn=admin,dc=youyuan,dc=com"  -w 12345678 -f /tmp/passwd.ldifldapadd -x -d   "Cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/group.ldifservice slapd restart===================== Start setting Sudoer==============cp /usr/share/doc/sudo-1.8.6p3/schema. openldap /etc/openldap/schema/sudo.schema && echo  "include/etc/openldap/schema/ Sudo.schema " >> /etc/openldap/slapd.confrm -rf /etc/openldap/slapd.d/* ;   slaptest -f /etc/openldap/slapd.conf -f /etc/openldap/slapd.d; chown -r  ldap:ldap /etc/openldap/slapd.d/*;service slapd restartcat >>/www/sudo.ldif <<eofdn: ou=sudoers,dc=youyuan,dc=comobjectclass: topobjectclass: organizationalunitou:  Sudoersdn: cn=defaults,ou=Sudoers,dc=youyuan,dc=comobjectClass: topobjectClass:  Sudorolecn: defaultssudooption: !visiblepwsudooption: always_set_homesudooption: env_ Resetsudooption: requirettydn: cn=wangyl,ou=sudoers,dc=youyuan,dc=comobjeCtclass: topobjectclass: sudorolecn: wangylsudocommand: allsudohost: allsudooption:  !authenticatesudoRunAsUser: ALLsudoUser: wangyleofldapadd -x -D  "cn=admin,dc= Youyuan,dc=com " -w 12345678 -f /www/sudo.ldif=====================end Settings sudoer============= = Install jumpserver database configuration: create database jumpserver charset= ' UTF8 ';grant all on  jumpserver.* to  ' jumpserver ' @ ' 192.168.% '  identified by  ' youyuanops '; server configuration : 192.168.3.146 [/var/lib/ldap] 2014-12-22 12:06:42[email protected]/0 # yum  -y install xz gcc automake autoconf192.168.3.146 [~] 2014-12-22  13:04:23[email protected]/0 # tar -xvf python-2.7.6.tar.xz192.168.3.146 [~]  2014-12-22 13:04:23[email protected]/0 # cd python-2.7.6192.168.3.146 [~/ Python-2.7.6] 2014-12-22 13:05:06[email protected]/0 # ./configure && make && make  install[email protected]/0 # mv /usr/bin/python /usr/bin/python.bak[email  protected]/0 # ln -s /usr/local/bin/python /usr/bin/python[email protected]/0  # yum search setuptools[email protected]/0 # yum install  python-setuptools.noarch[email protected]/0 # yum install  python-pip.noarch192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:15:34[email  Protected]/0 # wget --no-check-certificate https://bootstrap.pypa.io/ez_setup.py -o  - | python[email protected]/0 # wget --no-check-certificate https:// pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e[email  Protected]/0 # tar -zxvf pip-1.5.6.tar.gz[email protected]/0 # cd pip-1.5.6[email protected]/0 # python setup.py  install[email protected]/0 # cd /opt/jumpserver/scripts[email protected]/0 #  pip2.7 install -r requirements.txt -i http://pypi.douban.com/ simple192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:21:08[email protected]/0  # cat requirements.txtpexpect==3.3sphinx-me==0.3django==1.7.1python-ldap==2.4.18paramiko== 1.15.1pycrypto==2.6.1ecdsa>=0.11mysql-python==1.2.5192.168.3.146 [/opt/jumpserver/scripts]  2014-12-22 13:21:20[email protected]/0  #192 .168.3.146 [/opt/jumpserver/scripts]  2014-12-22 13:22:03[email protected]/0 # pip2.7 listdjango  (1.7.1) ecdsa  ( 0.11) mysql-python  (1.2.5) paramiko  (1.15.1) pexpect  (3.3) pip  (1.5.6) pycrypto  (2.6.1) python-ldap  (2.4.18) setuptools  (8.2.1) Sphinx-me  (0.3) wsgiref  (0.1.2) 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:07[email  protected]/0  #配置文件:192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:34[email  protected]/0 # cat jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port =  3306user = jumpserverpassword = youyuanopsdb = jumpserver[jumpserver]key  = 88aaaf7ffe3c6c04ldap_host = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc= Comadmin_cn = cn=admin,dc=youyuan,dc=comadmin_pass = vnlqncjpnbieteoca2h3web_socket_host  = 172.10.10.9:3000192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:38[email  protected]/0  #最后变为: 192.168.3.146 [~] 2014-12-22 13:49:12[email protected]/4 #  cat /opt/jumpserver/jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port =  3306user = jumpserveRpassword = youyuanopsdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host  = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc=comadmin_cn = cn=admin,dc= youyuan,dc=comadmin_pass = 12345678 (Do not change the error) web_socket_host = 172.10.10.9:3000192.168.3.146  [~] 2014-12-22 13:49:15[email protected]/4  #修改logs目录权限 [email protected]/0  # chmod 777 logsdjango sync db  to Database 192.168.3.146 [/opt/jumpserver/webroot/ autosa] 2014-12-22 13:27:29[email protected]/0 # python manage.py  Syncdboperations to perform:synchronize unmigrated apps: assets, usermanageapply  all migrations: admin, contenttypes, auth, sessionssynchronizing apps  without migrations:creating tables ... Creating table usermanage_groupcreating table usermanage_user_groupcreating table usermanage_usercreating table usermanage_logscreating table  Usermanage_pidcreating table assets_idccreating table assets_assetscreating table  assets_assetsuserinstalling custom sql ... Installing indexes ... Running migrations:applying contenttypes.0001_initial... okapplying auth.0001_initial ...  okapplying admin.0001_initial... okapplying sessions.0001_initial... okyou have  installed django ' S auth system, and don ' t have anysuperusers  Defined. would you like to create one now?  (yes/no):  no192.168.3.146 [/opt /jumpserver/webroot/autosa] 2014-12-22 13:27:50[email protected]/0  #运行两个窗口: 192.168.3.146  [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:28:44[email protected]/0 #  python manage.py runserver 0.0.0.0:81performing system checks. system check identified no issues  (0 silenced). december 22, 2014 - 13:28:59django version 1.7.1, using settings  ' Autosa.settings ' starting development server at http://0.0.0.0:81/quit the  Server with control-c. [email protected]/1 # cd /opt/jumpserver/webroot/autosa/192.168.3.146 [/opt/ jumpserver/webroot/autosa] 2014-12-22 13:29:51[email protected]/1 # lsassets  autosa __init__.py log_handler.py manage.py static templates usermanage  websocket192.168.3.146 [/opt/jumpserver/webroot/autosa] 2014-12-22 13:29:52[email  Protected]/1 # pwd/opt/jumpserver/webroot/autosa192.168.3.146 [/opt/jumpserver/webroot/autosa]  2014-12-22 13:29:53[email protected]/1 # python log_handler.py Open: http://192.168.3.146:81/install/Success: Installation successful user name and password: http://192.168.3.146:81adminadmin installation Nodejs, function real-time refresh [EMAIL&NBSP;PROTECTED]/2  # wget http://nodejs.org/dist/v0.10.34/node-v0.10.34.tar.gz[email protected]/2 #  tar -zxvf node-v0.10.34.tar.gz192.168.3.146 [~/node-v0.10.34] 2014-12-22  14:12:30[email protected]/0 # cd node-v0.10.34/;. /configure --prefix=/opt/node/ && make && make  Install related configuration 192.168.3.146 [/opt/node/bin] 2014-12-22 14:13:46[email protected]/0 #  touch /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:16[email  protected]/0 # vim /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin]  2014-12-22 14:16:36[email protected]/0 # vim /etc/profile.d/node.sh192.168.3.146  [/opt/node/bin] 2014-12-22 14:16:39[email protected]/0 # source /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:47[email protected]/0  #[email protected]/0 # cat /etc/profile.d/node.shexport path= $PATH:/opt/node/ bin192.168.3.146 [/opt/node/bin] 2014-12-22 14:17:23[email protected]/0  #安装项目依赖module , or use the downloaded 192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket] 2014-12-22 14:18:25[email  protected]/0 # pwd/opt/jumpserver/webroot/autosa/websocket192.168.3.146 [/opt/jumpserver/ Webroot/autosa/websocket] 2014-12-22 14:18:27[email protected]/0 # ll Total Dosage  8- Rw-r--r-- 1 root root 2832 12 Month  22 07:40 index.js-rw-r--r-- 1  root root 219 12 Month  22 07:40 package.json192.168.3.146 [/opt/jumpserver /webroot/autosa/websocket] 2014-12-22 14:18:28[email protected]/0 # cat  package.json{"name":  "Web-sockEt "," Version ": " 0.0.1 "," description ": " My first realtime server "," dependencies ":  {"Express":  "~4.10.1", "Socket.io":  "~1.2.0", "Node-tail":  "0.0.4", "tail":  "~0.4.0"}} 192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket] 2014-12-22 14:18:33[email  protected]/0 # npm install192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket]  2014-12-22 14:19:17 Test Start Websocket[email protected]/0 # node index.jslistening on  *:3000 let users log in Jumpserver automatically run the system # cd /opt/jumpserver/scripts# vim jumpserver.sh...if  [  $USER  ==  ' Guanghongwei '  ];then #  modify special user, do not exit ...# cp  after end jumpserver.sh /etc/profile.d/normal operation Jumpserver system # cd /opt/jumpserver/# ./runserver# Description: If you want to end the system #./stopserver Script: 192.168.3.146&NBSP;[/OPT/JUMPSERVER]&NBSP;2014-12-22&NBSP;14:23:36[EMAIL&NBSP;PROTECTED]/1  # cat runserver#!/bin/bashmAnage_file= "./webroot/autosa/manage.py" log_handler_file= "./webroot/autosa/log_handler.py" websocket_file= "./ Webroot/autosa/websocket/index.js "which node &> /dev/nullif [ $? !=  ' 0 '  ];thenecho  ' please define the node.js binary file  ' node '  in  the path. " exitfinode  $websocket _file &if [ -f  $manage _file -a -e  $manage _ file ] && [ -f  $log _handler_file -a -e  $log _handler_file  ];then$manage_file runserver 0.0.0.0:80 &> logs/access.log & $log _handler_ file &> logs/handler.log &elseecho  "manage.py or log_handler.py  Isn ' t exist or executable. " fi192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:38stopserver[email protected]/1 #  cat stopserver#!/bin/bashpids=$ (ps axu | grep -e  ' (manage.py|log_handler|index.js) ' | grep -v  ' grep '  | awk  ' { &NBSP;PRINT&NBSP;$2&NBSP, for pid in  $pids;d okill -15  $piddone 192.168.3.146 [/ opt/jumpserver] 2014-12-22 14:23:41[email protected]/1  #WEB具体操作:/http laoguang.blog.51cto.com/6013350/1576502=========================== Client Section ======================================= ===== Install the LDAP client and complete the client settings. yum -y install openldap openldap-clientsecho  "Session required pam_ mkhomedir.so skel=/etc/skel umask=0077 " >> /etc/pam.d/system-authauthconfig -- Enableldap --enableldapauth --enablemkhomedir --ldapserver=192.168.3.65 --ldapbasedn= "dc= youyuan,dc=com " --update connection TestUser test ssh [email protected]   from Jumpserver If the connection succeeds, continue with the client sudoer setting echo -e  "Uri ldap://192.168.3.65\nsudoers_base ou=sudoers,dc=youyuan, Dc=com " > /etc/sudo-ldap.conf echo  "Sudoers: files ldap"  >>  /etc/nsswitch.conf check Egrep  -v  "(^#|^$)"  /etc/sudo-ldap.confgrep -i sudo /etc/nsswitch.conf  test sudo#  ssh [email protected]# sudo su   successful If you do not prompt for a password. ============================== problems encountered ==================================[email protected]/0 # yum  search setuptoolsThere was a problem importing one of the  Python modulesrequired to run yum. the error leading to this  problem was:   No module named yumPlease install a  Package which provides this module, orverify that the module is  installed correctly. It ' S&NBSP;POSSIBLE&NBSP;THAT&NBSP;THE&NBSP;ABOVE&NBSP;MODULE&NBSP;DOESN ' t match thecurrent  Version of python, which is:2.7.6  (default, dec 26 2014, 14:06:44)  [GCC 4.4.7  20120313  (red hat 4.4.7-11)]if you cannot solve this problem  yourself, please go to the yum faq at:  http://yum.baseurl.org/ WIKI/FAQ&NBSP;&NBSP;192.168.3.65&NBSP;[~]&NBSP;2014-12-26&NBSP;14:22:21 FIX: Python is not available after upgrading Yum: cat /usr/bin/ yum#!/usr/bin/python2.6==============[email protected]/0 # vim jumpserver.conf # coding:utf-8[db]host = 127.0.0.1port = 3306user = rootpassword =  redhatdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap:// 127.0.0.1:389ldap_base_dn = dc=yolu,dc=comadmin_cn = cn=admin,dc=yolu,dc=comadmin_pass  = VNLqNCjpNBIetEoCA2h3web_socket_host = 172.10.10.9:3000===================python  MANAGE.PY&NBSP;SYNCDB problem; importerror: lIbmysqlclient.so.18: cannot open shared object file: no such file  or directory Solution: ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/ libmysqlclient.so.18 problem:django.db.utils.operationalerror:  (1045,  "access denied for  user  ' jumpserver ' @ ' 192.168.3.65 '   (using password: yes) ") Solution: mysql -uroot - p12345678 -h127.1grant all on *.* to  ' jumpserver ' 192.168.% '; set password  for  ' jumpserver ' @ ' 192.168.% '  = password (' youyuanops '); grant all on *.* to o  ' jumpserver ' @ ' localhost ';set password for  ' Jumpserver ' @ ' localhost '  = password (' youyuanops ');  flush privileges;

LDAP Quick Build Step Edition