LDAP Quick Build Step Edition

Source: Internet
Author: User
Tags ldap openldap rsyslog

Tag:ldap    Fortress machine     build configuration    

Step version: ================================== server Settings =======================================yum install -y  openldap openldap-servers openldap-clients openldap-develcp /usr/share/ Openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf && cp /usr/share/ openldap-servers/db_config.example /var/lib/ldap/db_config      sed - ri  ' s/(suffix.*) "dc=my-domain,dc=com"/\1 "dc=youyuan,dc=com"/g '  /etc/openldap/slapd.conf & & sed -ri  ' s/(rootdn.*) "cn=manager,dc=my-domain,dc=com"/\1 "cn=admin,dc=youyuan,dc=com"/g '  /etc/openldap/slapd.conf && sed -ri  ' s/#  (rootpw.*) secret/\112345678/g '  /etc/openldap/slapd.confsed -i  '/local7.*/a\ #by  openldap\nlocal4.*           /var/log/ldap.log '  /etc/rsyslog.conf &&  Service rsyslog restartservice&nbsP;slapd start && rm -rf /etc/openldap/slapd.d/* && slaptest  -f /etc/openldap/slapd.conf -f /etc/openldap/slapd.d && chown -r  ldap:ldap /etc/openldap/slapd.d/* && service slapd restartyum -y  install migrationtools && sed -i  ' s/padl/youyuan/g '  /usr/share/ migrationtools/migrate_common.ph/usr/share/migrationtools/migrate_base.pl >/tmp/base.ldif ;;  /usr/share/migrationtools/migrate_passwd.pl /etc/passwd >/tmp/passwd.ldif ;;  /usr/share/migrationtools/migrate_group.pl /etc/group >/tmp/group.ldifldapadd -x  -d  "Cn=admin,dc=youyuan,dc=com"  -w 12345678 -f /tmp/base.ldifldapadd -x -d   "Cn=admin,dc=youyuan,dc=com"  -w 12345678 -f /tmp/passwd.ldifldapadd -x -d   "Cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/group.ldifservice slapd restart===================== Start setting Sudoer==============cp /usr/share/doc/sudo-1.8.6p3/schema. openldap /etc/openldap/schema/sudo.schema && echo  "include/etc/openldap/schema/ Sudo.schema " >> /etc/openldap/slapd.confrm -rf /etc/openldap/slapd.d/* ;   slaptest -f /etc/openldap/slapd.conf -f /etc/openldap/slapd.d; chown -r  ldap:ldap /etc/openldap/slapd.d/*;service slapd restartcat >>/www/sudo.ldif <<eofdn: ou=sudoers,dc=youyuan,dc=comobjectclass: topobjectclass: organizationalunitou:  Sudoersdn: cn=defaults,ou=Sudoers,dc=youyuan,dc=comobjectClass: topobjectClass:  Sudorolecn: defaultssudooption: !visiblepwsudooption: always_set_homesudooption: env_ Resetsudooption: requirettydn: cn=wangyl,ou=sudoers,dc=youyuan,dc=comobjeCtclass: topobjectclass: sudorolecn: wangylsudocommand: allsudohost: allsudooption:  !authenticatesudoRunAsUser: ALLsudoUser: wangyleofldapadd -x -D  "cn=admin,dc= Youyuan,dc=com " -w 12345678 -f /www/sudo.ldif=====================end Settings sudoer============= = Install jumpserver database configuration: create database jumpserver charset= ' UTF8 ';grant all on  jumpserver.* to  ' jumpserver ' @ ' 192.168.% '  identified by  ' youyuanops '; server configuration : 192.168.3.146 [/var/lib/ldap] 2014-12-22 12:06:42[email protected]/0 # yum  -y install xz gcc automake autoconf192.168.3.146 [~] 2014-12-22  13:04:23[email protected]/0 # tar -xvf python-2.7.6.tar.xz192.168.3.146 [~]  2014-12-22 13:04:23[email protected]/0 # cd python-2.7.6192.168.3.146 [~/ Python-2.7.6] 2014-12-22 13:05:06[email protected]/0 # ./configure && make && make  install[email protected]/0 # mv /usr/bin/python /usr/bin/python.bak[email  protected]/0 # ln -s /usr/local/bin/python /usr/bin/python[email protected]/0  # yum search setuptools[email protected]/0 # yum install  python-setuptools.noarch[email protected]/0 # yum install  python-pip.noarch192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:15:34[email  Protected]/0 # wget --no-check-certificate https://bootstrap.pypa.io/ez_setup.py -o  - | python[email protected]/0 # wget --no-check-certificate https:// pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e[email  Protected]/0 # tar -zxvf pip-1.5.6.tar.gz[email protected]/0 # cd pip-1.5.6[email protected]/0 # python setup.py  install[email protected]/0 # cd /opt/jumpserver/scripts[email protected]/0 #  pip2.7 install -r requirements.txt -i http://pypi.douban.com/ simple192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:21:08[email protected]/0  # cat requirements.txtpexpect==3.3sphinx-me==0.3django==1.7.1python-ldap==2.4.18paramiko== 1.15.1pycrypto==2.6.1ecdsa>=0.11mysql-python==1.2.5192.168.3.146 [/opt/jumpserver/scripts]  2014-12-22 13:21:20[email protected]/0  #192 .168.3.146 [/opt/jumpserver/scripts]  2014-12-22 13:22:03[email protected]/0 # pip2.7 listdjango  (1.7.1) ecdsa  ( 0.11) mysql-python  (1.2.5) paramiko  (1.15.1) pexpect  (3.3) pip  (1.5.6) pycrypto  (2.6.1) python-ldap  (2.4.18) setuptools  (8.2.1) Sphinx-me  (0.3) wsgiref  (0.1.2) 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:07[email  protected]/0  #配置文件:192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:34[email  protected]/0 # cat jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port =  3306user = jumpserverpassword = youyuanopsdb = jumpserver[jumpserver]key  = 88aaaf7ffe3c6c04ldap_host = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc= Comadmin_cn = cn=admin,dc=youyuan,dc=comadmin_pass = vnlqncjpnbieteoca2h3web_socket_host  = 172.10.10.9:3000192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:38[email  protected]/0  #最后变为: 192.168.3.146 [~] 2014-12-22 13:49:12[email protected]/4 #  cat /opt/jumpserver/jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port =  3306user = jumpserveRpassword = youyuanopsdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host  = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc=comadmin_cn = cn=admin,dc= youyuan,dc=comadmin_pass = 12345678 (Do not change the error) web_socket_host = 172.10.10.9:3000192.168.3.146  [~] 2014-12-22 13:49:15[email protected]/4  #修改logs目录权限 [email protected]/0  # chmod 777 logsdjango sync db  to Database 192.168.3.146 [/opt/jumpserver/webroot/ autosa] 2014-12-22 13:27:29[email protected]/0 # python manage.py  Syncdboperations to perform:synchronize unmigrated apps: assets, usermanageapply  all migrations: admin, contenttypes, auth, sessionssynchronizing apps  without migrations:creating tables ... Creating table usermanage_groupcreating table usermanage_user_groupcreating table usermanage_usercreating table usermanage_logscreating table  Usermanage_pidcreating table assets_idccreating table assets_assetscreating table  assets_assetsuserinstalling custom sql ... Installing indexes ... Running migrations:applying contenttypes.0001_initial... okapplying auth.0001_initial ...  okapplying admin.0001_initial... okapplying sessions.0001_initial... okyou have  installed django ' S auth system, and don ' t have anysuperusers  Defined. would you like to create one now?  (yes/no):  no192.168.3.146 [/opt /jumpserver/webroot/autosa] 2014-12-22 13:27:50[email protected]/0  #运行两个窗口: 192.168.3.146  [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:28:44[email protected]/0 #  python manage.py runserver 0.0.0.0:81performing system checks. system check identified no issues  (0 silenced). december 22, 2014 - 13:28:59django version 1.7.1, using settings  ' Autosa.settings ' starting development server at http://0.0.0.0:81/quit the  Server with control-c. [email protected]/1 # cd /opt/jumpserver/webroot/autosa/192.168.3.146 [/opt/ jumpserver/webroot/autosa] 2014-12-22 13:29:51[email protected]/1 # lsassets  autosa __init__.py log_handler.py manage.py static templates usermanage  websocket192.168.3.146 [/opt/jumpserver/webroot/autosa] 2014-12-22 13:29:52[email  Protected]/1 # pwd/opt/jumpserver/webroot/autosa192.168.3.146 [/opt/jumpserver/webroot/autosa]  2014-12-22 13:29:53[email protected]/1 # python log_handler.py Open: http://192.168.3.146:81/install/Success: Installation successful user name and password: http://192.168.3.146:81adminadmin installation Nodejs, function real-time refresh [EMAIL&NBSP;PROTECTED]/2  # wget http://nodejs.org/dist/v0.10.34/node-v0.10.34.tar.gz[email protected]/2 #  tar -zxvf node-v0.10.34.tar.gz192.168.3.146 [~/node-v0.10.34] 2014-12-22  14:12:30[email protected]/0 # cd node-v0.10.34/;. /configure --prefix=/opt/node/ && make && make  Install related configuration 192.168.3.146 [/opt/node/bin] 2014-12-22 14:13:46[email protected]/0 #  touch /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:16[email  protected]/0 # vim /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin]  2014-12-22 14:16:36[email protected]/0 # vim /etc/profile.d/node.sh192.168.3.146  [/opt/node/bin] 2014-12-22 14:16:39[email protected]/0 # source /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:47[email protected]/0  #[email protected]/0 # cat /etc/profile.d/node.shexport path= $PATH:/opt/node/ bin192.168.3.146 [/opt/node/bin] 2014-12-22 14:17:23[email protected]/0  #安装项目依赖module , or use the downloaded 192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket] 2014-12-22 14:18:25[email  protected]/0 # pwd/opt/jumpserver/webroot/autosa/websocket192.168.3.146 [/opt/jumpserver/ Webroot/autosa/websocket] 2014-12-22 14:18:27[email protected]/0 # ll Total Dosage  8- Rw-r--r-- 1 root root 2832 12 Month  22 07:40 index.js-rw-r--r-- 1  root root 219 12 Month  22 07:40 package.json192.168.3.146 [/opt/jumpserver /webroot/autosa/websocket] 2014-12-22 14:18:28[email protected]/0 # cat  package.json{"name":  "Web-sockEt "," Version ": " 0.0.1 "," description ": " My first realtime server "," dependencies ":  {"Express":  "~4.10.1", "Socket.io":  "~1.2.0", "Node-tail":  "0.0.4", "tail":  "~0.4.0"}} 192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket] 2014-12-22 14:18:33[email  protected]/0 # npm install192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket]  2014-12-22 14:19:17 Test Start Websocket[email protected]/0 # node index.jslistening on  *:3000 let users log in Jumpserver automatically run the system # cd /opt/jumpserver/scripts# vim jumpserver.sh...if  [  $USER  ==  ' Guanghongwei '  ];then #  modify special user, do not exit ...# cp  after end jumpserver.sh /etc/profile.d/normal operation Jumpserver system # cd /opt/jumpserver/# ./runserver# Description: If you want to end the system #./stopserver Script: 192.168.3.146&NBSP;[/OPT/JUMPSERVER]&NBSP;2014-12-22&NBSP;14:23:36[EMAIL&NBSP;PROTECTED]/1  # cat runserver#!/bin/bashmAnage_file= "./webroot/autosa/manage.py" log_handler_file= "./webroot/autosa/log_handler.py" websocket_file= "./ Webroot/autosa/websocket/index.js "which node &> /dev/nullif [ $? !=  ' 0 '  ];thenecho  ' please define the node.js binary file  ' node '  in  the path. " exitfinode  $websocket _file &if [ -f  $manage _file -a -e  $manage _ file ] && [ -f  $log _handler_file -a -e  $log _handler_file  ];then$manage_file runserver 0.0.0.0:80 &> logs/access.log & $log _handler_ file &> logs/handler.log &elseecho  "manage.py or log_handler.py  Isn ' t exist or executable. " fi192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:38stopserver[email protected]/1 #  cat stopserver#!/bin/bashpids=$ (ps axu | grep -e  ' (manage.py|log_handler|index.js) ' | grep -v  ' grep '  | awk  ' { &NBSP;PRINT&NBSP;$2&NBSP, for pid in  $pids;d okill -15  $piddone 192.168.3.146 [/ opt/jumpserver] 2014-12-22 14:23:41[email protected]/1  #WEB具体操作:/http laoguang.blog.51cto.com/6013350/1576502=========================== Client Section ======================================= ===== Install the LDAP client and complete the client settings. yum -y install openldap openldap-clientsecho  "Session required pam_ mkhomedir.so skel=/etc/skel umask=0077 " >> /etc/pam.d/system-authauthconfig -- Enableldap --enableldapauth --enablemkhomedir --ldapserver=192.168.3.65 --ldapbasedn= "dc= youyuan,dc=com " --update connection TestUser test ssh [email protected]   from Jumpserver If the connection succeeds, continue with the client sudoer setting echo -e  "Uri ldap://192.168.3.65\nsudoers_base ou=sudoers,dc=youyuan, Dc=com " > /etc/sudo-ldap.conf echo  "Sudoers: files ldap"  >>  /etc/nsswitch.conf check Egrep  -v  "(^#|^$)"  /etc/sudo-ldap.confgrep -i sudo /etc/nsswitch.conf  test sudo#  ssh [email protected]# sudo su   successful If you do not prompt for a password. ============================== problems encountered ==================================[email protected]/0 # yum  search setuptoolsThere was a problem importing one of the  Python modulesrequired to run yum. the error leading to this  problem was:   No module named yumPlease install a  Package which provides this module, orverify that the module is  installed correctly. It ' S&NBSP;POSSIBLE&NBSP;THAT&NBSP;THE&NBSP;ABOVE&NBSP;MODULE&NBSP;DOESN ' t match thecurrent  Version of python, which is:2.7.6  (default, dec 26 2014, 14:06:44)  [GCC 4.4.7  20120313  (red hat 4.4.7-11)]if you cannot solve this problem  yourself, please go to the yum faq at:  http://yum.baseurl.org/ WIKI/FAQ&NBSP;&NBSP;192.168.3.65&NBSP;[~]&NBSP;2014-12-26&NBSP;14:22:21 FIX: Python is not available after upgrading Yum: cat /usr/bin/ yum#!/usr/bin/python2.6==============[email protected]/0 # vim jumpserver.conf # coding:utf-8[db]host = 127.0.0.1port = 3306user = rootpassword =  redhatdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap:// 127.0.0.1:389ldap_base_dn = dc=yolu,dc=comadmin_cn = cn=admin,dc=yolu,dc=comadmin_pass  = VNLqNCjpNBIetEoCA2h3web_socket_host = 172.10.10.9:3000===================python  MANAGE.PY&NBSP;SYNCDB problem; importerror: lIbmysqlclient.so.18: cannot open shared object file: no such file  or directory Solution: ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/ libmysqlclient.so.18 problem:django.db.utils.operationalerror:  (1045,  "access denied for  user  ' jumpserver ' @ ' 192.168.3.65 '   (using password: yes) ") Solution: mysql -uroot - p12345678 -h127.1grant all on *.* to  ' jumpserver ' 192.168.% '; set password  for  ' jumpserver ' @ ' 192.168.% '  = password (' youyuanops '); grant all on *.* to o  ' jumpserver ' @ ' localhost ';set password for  ' Jumpserver ' @ ' localhost '  = password (' youyuanops ');  flush privileges;


LDAP Quick Build Step Edition

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.