1. Install LDAP server and client, Migrationtools Toolkit
Yum Install -y openldap-servers openldap-clients migrationtools
2. Set OPENLDAP Administrator password
slappasswd
123456 123456
The encrypted password string is returned and the string is saved.
{Ssha} Gpezywuxyejxetnjc7ukxydxoercf3hb
3. Change the OPENLDAP configuration
See which files are installed
RPM-QL OpenLDAP
RPM-QL openldap-servers
Modify Configuration
Vim/etc/openldap/slapd.d/cn\=config\/olcdatabase\={2}hdb.ldif
Olcsuffix dc=mypaas,dc= comolcrootdncn =manager,dc=mypaas,dc= com #管理账号的用户名olcrootpw{SSHA}GPEZYWUXYEJXETNJC7UKXYDXOERCF3HB #管理账号的用户名
4. Change monitoring and certification configuration
Vim/etc/openldap/slapd.d/cn\=config\/olcdatabase\={1}monitor.ldif
Olcaccess: {0}to * by dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=extern Al,cn=auth " dn.base= " cn=manager,dc=mypaas,dc=com " Read by * none
Same as Olcrootdn in Cn\=config\/olcdatabase\={2}hdb.ldif file
5. Set DB Cache
CP /usr/share/openldap-servers/db_config.example/var/lib/ldap/db_configchown -R ldap:ldap/var/lib/ldap/
6. Test configuration file
ConfigFile testing successed at the end of the show was successful.
7. Start OpenLDAP and Boot
Systemctl start Slapd.servicesystemctl Enable Slapd.service
8. Import templates
ls /etc/openldap/schema/*
III. installation of Web Management Services
1. Install HTTPD server
Yum Install httpd-y
2. Modify the configuration file httpd.conf
Find allowoverride row, modify none to all
<directory/> allowoverride all Require all denied</Directory>
If you want to modify the port number, modify the Listen 801 line
3. Start the service, test the page
systemctl start Httpd.servicesystemctl enable Httpd.servicecurl http: // 127.0.0.1/
4, Installation Phpldapadmin
Yum Install Phpldapadmin (if the package is not found, reset the yum source) Yum localinstall http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
5. Modify the configuration file
vim/etc/phpldapadmin/config.php
Find and cancel the comments for the following lines:
$servers->setvalue (' Server ', ' Host ', '127.0. 0.1'), $servers->setvalue (' Server ', ' Port ',389); $servers->setvalue (' Server ', ' base ', Array ('dc=mypaas,dc=com')); # array Plus openldap config file set in olcsuffix$servers->setvalue ('login', ' Auth_type ', ' Session '); $ Servers->setvalue ('login
To comment out this line
# $servers->setvalue ('login', ' attr ', ' uid ');
6. Modify the access profile to allow any IP access
Vim/etc/httpd/conf.d/phpldapadmin.conf
Add a line of instructions to allow this IP segment to access
Require IP 192.168.0 #指定可访问的ip段 ( No access to this management tool is not required )
7. Create the base directory
Add base.ldif files under the/etc/openldap directory
cd/etc/openldap/
Vim Base.ldif
dn:dc=mypaas,dc=Como:ldapobjectclass:dcObjectobjectclass:organizationdc:mypaas
1. Create 1 admin accounts
[Email protected] ~]# vim test.ldif dn:dc=mypaas,dc=com
Objectclass:dcobject
Objectclass:organization
O:sys. Inc
Dc:mypaas
Dn:cn=manager,dc=mypaas,dc=com
Objectclass:organizationalrole
Cn:manager
"cn=manager,dc=mypaas,dc=com"-w-f test.ldif
Validation
'dc=mypaas,dc=com'(objectclass=*)'
2. Create 1 employees with departmental attributes edit ldif file
[[email protected] ~]# vim test2.ldifdn:ou=it,dc=mypaas,dc=com
ou:it
objectclass:organizationalunit
Dn:cn=test1, ou=it,dc=mypaas,dc=com
Ou:it
cn:test1
sn:t1
Objectclass:inetorgperson
ObjectClass: Organizationalperson
# In fact, this is to create 1 departments "It", and then in the "it" department to create 1 employees, in fact, two commands.
Insert Database
"cn=manager,dc=mypaas,dc=com"-w-f test2.ldif
Validation
'dc=mypaas,dc=com'(objectclass=*)'
8. Restart HTTPD Service
Systemctl Restart Httpd.service
9. Access the Web management side
Access http://ip/phpldapadmin Login user name: cn=manager,dc=mypaas,dc=com
Iv. Frequently Asked Questions
1. httpd Cannot start
Check the logs with Systemctl status httpd first
1. If the port number is conflicting, modify the httpd.conf port number
2, Prompt no permissions: Check SELinux, whether the firewall is shut down or properly configured firewall
2, phpldapadmin user name password prompt error
Check if the parameters in the/etc/phpldapadmin/config.php are configured correctly
3. Phpldapadmin when creating sub-entries, the template cannot be selected
Do not import OpenLDAP schema file, execute the command under [section 1.8] to try
LDAP next day-yum install LDAP + phpldapadmin