1, First, need to install the configuration OpenLDAP:
Yum install OpenLDAP openldap-servers openldap-clients openldap-devel compat-openldap
Cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.conf
Keep only slapd.conf cert Schem slapd.d 4 files in the/openldap directory
Cd/etc/openldap
Create Administrator Password:
[Email protected] openldap]# SLAPPASSWD
New Password:
Re-enter new password:
{SSHA}CM5GJRD3IDG2P13B+F1GPFGH3PFP6HWH (this is copied to the configuration file slapd.conf)
Vim slapd.conf
Modify the configuration:
Suffix "dc=my-domain,dc=com"
Checkpoint 1024 15
RootDN "Cn=manager,dc=my-domain,dc=com"
Switch
Suffix "dc=www,dc=example,dc=com"
Checkpoint 1024 15
RootDN "Cn=manager,dc=www,dc=example,dc=com"
ROOTPW {SSHA}CM5GJRD3IDG2P13B+F1GPFGH3PFP6HWH
Finish, check the configuration file
[Email protected] openldap]# slaptest-f slapd.conf
56E182F3 bdb_db_open:warning-no db_config file found in Directory/var/lib/ldap: (2). (see here, show db_config not found)
Expect poor performance for suffix "dc=my-domain,dc=com".
56E182F3 bdb_db_open:database "dc=my-domain,dc=com": Db_open (/VAR/LIB/LDAP/ID2ENTRY.BDB) failed:no such file or Directory (2).
56e182f3 Backend_startup_one (type=bdb, suffix= "dc=my-domain,dc=com"): Bi_db_open failed! (2)
Slap_startup failed (test would succeed using the-u switch)
Workaround: Cp/usr/share/openldap-servers/db_config.example/var/lib/ldap/db_config
At the same time to modify the permissions of the/var/lib/ldap/, the LDAP will be launched in the following generated some files, or error
Chown-r Ldap.ldap/var/lib/ldap
Continue checking the configuration file
[Email protected] openldap]# slaptest-f slapd.conf
56E183C1 bdb_db_open:database "dc=my-domain,dc=com": Db_open (/VAR/LIB/LDAP/ID2ENTRY.BDB) failed:no such file or Directory (2).
56e183c1 Backend_startup_one (type=bdb, suffix= "dc=my-domain,dc=com"): Bi_db_open failed! (2) (this file needs to be SLAPD boot, it will be generated so now no need to tube)
Slap_startup failed (test would succeed using The-u switch) (this file will not be generated until it is started by the login SLAPD)
Of course, you can use the plus-u view.
[Email protected] openldap]# slaptest-f slapd.conf-u
Config file testing succeeded
Delete the file under Slapd.d, regenerate it, or you will get an error when it starts.
RM-RF slapd.d/*,
Slapd.d This directory can not be deleted, or the next step will be error
[Email protected] openldap]# slaptest-f slapd.conf-f slapd.d-u
Config file testing succeeded
Also modify the owner of the SLAPD.D
Chown-r Ldap.ldap Slapd.d
Next start slapd, haha not easy ah
[[Email protected] openldap]# service SLAPD start
Starting SLAPD: [OK]
Next we need to create the user and import the user into LDAP.
Useradd User1;useradd User2;useradd User3
Also create a password for the user (do not forget this step, otherwise it is white busy)
echo "Password" | passwd--stdin User1
echo "Password" | passwd--stdin User2
echo "Password" | passwd--stdin User3
Install and configure the Migration tool
[email protected] openldap]# Yum install migrationtools-y
[Email protected] openldap]# cd/usr/share/migrationtools/
[Email protected] migrationtools]# VI migrate_common.ph
# Default DNS Domain
$DEFAULT _mail_domain = "www.example.com";
72
# Default Base
$DEFAULT _base = "dc=www,dc=example,dc=com";
The main concept:
DN: Unique distinguished Name
DC: The area in which it belongs
OU: Affiliated Organizations
Cn/uid: Full name/login ID
Run script migrate_base.pl, which creates the root entries and creates low-level organizational units for Hosts, Networks, group, and people, designated as BASE.LDIF files, where we only have 3 of these
[Email protected] migrationtools]#/migrate_base.pl >base.ldif
[[email protected] migrationtools] #cat base.ldif (you can take a look at the generated content of this file)
Next create the user and group database files
[Email protected] migrationtools]# grep ^user/etc/passwd >user
[Email protected] migrationtools]#./migrate_passwd.pl user./user.ldif
[Email protected] migrationtools]# grep ^user/etc/group >group
[[email protected] migrationtools]#./migrate_group.pl Group./group.ldif
[email protected] migrationtools]# ll base.ldif user.ldif group.ldif
Migrating system users to the LDAP database
Ldapadd-d "cn=manager,dc=www,dc=example,dc=com"-w-x-f/usr/share/migrationtools/base.ldif
Enter LDAP Password:
Adding new entry "dc=www,dc=example,dc=com"
Adding new entry "ou=people,dc=www,dc=example,dc=com"
Adding new entry "ou=group,dc=www,dc=example,dc=com"
Ldapadd-d "cn=manager,dc=www,dc=example,dc=com"-w-x-f/usr/share/migrationtools/user.ldif
Enter LDAP Password:
Adding new entry "uid=user1,ou=people,dc=www,dc=example,dc=com"
Adding new entry "uid=user2,ou=people,dc=www,dc=example,dc=com"
Adding new entry "uid=user3,ou=people,dc=www,dc=example,dc=com"
Ldapadd-d "cn=manager,dc=www,dc=example,dc=com"-w-x-f/usr/share/migrationtools/group.ldif
Enter LDAP Password:
Adding new entry "cn=user1,ou=people,dc=www,dc=example,dc=com"
Adding new entry "cn=user2,ou=people,dc=www,dc=example,dc=com"
Adding new entry "cn=user3,ou=people,dc=www,dc=example,dc=com"
If an error occurs:
Ldap_bind:invalid credentials (49)
It means that you have either given the wrong "cn=" entry or given the wrong password
Enter LDAP Password: (Enter the password you just set up), and the correct one will show:
View imported Users: Ldapsearch-x-B "dc=www,dc=example,dc=com"
Write down the contents of this DN
# user1, people (please note this, not group, don't get it wrong), www.ulink.com
Dn:uid=user1,ou=people,dc=www,dc=ulink,dc=com
Next in the Web page to add users, in fact, can now be added to the server before the user to delete (for security purposes) figure two input password and account is empty, cannot lose
DN Input What you just wrote down.
Please follow my settings below, I tried to change a, error (caused me to re-get 5, 6 times)
Phpldapadmin Installation
Yum Installation apache+php Environment
Yum install httpd php php-bcmath php-gd php-mbstring php-xml php-ldap
Yum installation Phpldapadmin
Yum Install Phpldapadmin #要有epel源
Modify the configuration file to increase
Vi/etc/httpd/conf/httpd.conf
ServerName www.ulink.com
Alias/phpldapadmin/usr/share/phpldapadmin/htdocs
Alias/ldapadmin/usr/share/phpldapadmin/htdocs
<Directory/usr/share/phpldapadmin/htdocs>
Order Deny,allow
Deny from all
Allow from 127.0.0.1 192.168.10.0/24
Allow from:: 1
</Directory>
Modifying the Phpldapadmin configuration file
1
2
3
4[[email protected] ~]# vi/etc/phpldapadmin/config.php
# line 397:uncomment, line 398:make it comment
$servers->setvalue (' login ', ' attr ', ' dn ');
$servers->setvalue (' login ', ' attr ', ' uid ');
Enter the IP or domain name/ldapadmin to access, fill in the LDAP administrator's password, and then add the user inside, to the user to take effect, also need to go to Redmine LDAP user authentication down configuration
Check for installed versions
#检查是否安装了低版本的SVN
[Email protected]/]# Rpm-qa Subversion
#卸载旧版本SVN
[email protected] modules]# Yum Remove subversion
Install SVN
[email protected] modules]# Yum install httpd httpd-devel Subversion mod_dav_svn mod_auth_mysql
Confirm that the SVN module is installed
[Email protected]/]# Cd/etc/httpd/modules
[[email protected] modules]# ls | grep SVN
Mod_authz_svn.so
Mod_dav_svn.so
Verifying the installation
Verify that the SVN version information is installed
[Email protected] modules]# Svnserve--version
Svnserve, Version 1.6.11 (r934486)
Code base Creation
SVN repository is also required after the installation
[Email protected] modules]# mkdir-p/home/user/svn/project1
[Email protected] modules]# svnadmin Create/home/user/svn/project1
After executing the above command, the project library is created automatically, the View folder/home/user/svn/project1 discovery contains Conf, db,format,hooks, locks, README.txt and other files, stating that an SVN library has been established.
Configuring the Code base
Go to the folder created above conf, configure
[Email protected] modules]# cd/home/user/svn/project1/conf
User Password passwd configuration
[Email protected] password]# cd/home/user/svn/project1/conf
[Email protected] conf]# VI passwd
Modify passwd to the following:
[Users]
# Harry = Harryssecret
# sally = Sallyssecret
hw=123456
Permissions Control Authz Configuration
[Email protected] conf]# VI Authz
The goal is to set which users can access which directories, append the following to the Authz file:
#设置 [/] represents all resources in the root directory
[/]
Hw=rw
Service svnserve.conf Configuration
[Email protected] conf]# VI svnserve.conf
Append the following content:
[General]
#匿名访问的权限, can be read,write,none, default is read
Anon-access=none
#使授权用户有写权限
Auth-access=write
#密码数据库的路径
password-db=passwd
#访问控制文件
Authz-db=authz
#认证命名空间, Subversion is displayed in the authentication prompt and is used as a keyword in the credential cache
realm=/home/user/svn/
Configuring firewall ports
[Email protected] conf]# Vi/etc/sysconfig/iptables
Add the following content:
-A input-m state--state new-m tcp-p TCP--dport 3690-j ACCEPT
Restart firewall after saving
[Email protected] conf]# service iptables restart
Start SVN
Svnserve-d-r/home/user/svn/
Test
The SVN service is started and the connection is tested using the client.
Client Connection Address: svn://192.168.10.254
Username/password: hw/123456
Tests the creation of folders and other operations.
We now combine Svn+ldap
Create multiple projects under the SVN directory
# svnadmin Create Project2
# svnadmin Create Project3
# svnadmin Create Project4
# svnadmin Create Project5
# ls
Project1 project2 project3 Project4 project5
# Create a authz.conf file as a configuration file for Project rights control. (For configuration syntax, refer to: http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html)
# VI Authz.conf
authz.conf Code
1.[groups]
2.ADMIN=HW
3.
4.[/]
5.@admin =RW
6.*=
7.#*=r
8.
9.
Ten.[project1:/]
Hw=r.
After the completion of the above, to be used, subsequent use of Apache integration.
Now for Apache, do configuration
Edit httpd.conf, join
#这里如果写成/SVN, access times wrong
Forbidden
You don't have permission to access/svn/on the this server.
<Location/svn/>
DAV SVN
Svnlistparentpath on
svnparentpath/home/user/svn/
# AUTHUSERFILE/HOME/USER/SVN/CONF/PASSWD
Authzsvnaccessfile/home/user/svn/authz.conf
# Other authentication methods (e.g., password file) can be used in case LDAP cannot find an account
Authzldapauthoritative off
# OpenLDAP's Managed account
Authldapbinddn "Cn=manager,dc=www,dc=ulink,dc=com"
Authldapbindpassword ****** (Administrator password for LDAP)
Authbasicprovider LDAP
# Certified Data Source: The UID of all child entity under "ou=rd,dc=cq,dc=feinno,dc=com" as the authenticated user name
Authldapurl "Ldap://192.168.10.254:389/ou=people,dc=www,dc=ulink,dc=com?uid?sub? (objectclass=*) "
#这个uid如果写成cn, when accessing ip/svn/, a verification interface pops up and the verification is not successful.
# HTTP Basic Authentication
AuthType Basic
AuthName "OK"
Require Valid-user
# Set directory permissions, implement list of all project catalogs
Options Indexes FollowSymLinks
Order Allow,deny
Allow from all
</Location>
Another problem is that you cannot generate a library file directly in the SVN directory, or you will get an error in LDAP authentication
[Wed Mar 16 18:02:55 2016] [ERROR] [Client 192.168.10.200] (20014) Internal error:can ' t open file '/home/user/svn/project1/format ': No such file or directory, referer:http://192.168.10.25 4/svn/
[Wed Mar 16 18:02:55 2016] [ERROR] [Client 192.168.10.200] Could not fetch resource information. [#0], referer:http://192.168.10.254/svn/
I met these three questions (remember to check the httpd error log, very useful), in addition to the Web page access is such a ip/svn/, enter your LDAP account and password on the line
, note the page cache
LDAP users change their passwords themselves
OPENLDAP 2.4 Version System authentication Unable to change password, error message:
Openldap:ldap Password Information Update failed:insufficient access
Tail/var/log/securce
Passwd:pam_unix (passwd:chauthtok): User "Test" does not exist IN/ETC/PASSWD
Solution:
Add in sldap.conf:
Access to Attrs=userpassword
by self Write
by Anonymous Auth
by dn.base= "Cn=manager,dc=www,dc=ulink,dc=com" write
by * None
Access to *
by self Write
by dn.base= "Cn=manager,dc=www,dc=ulink,dc=com" write
by * Read
The above line is the most important addition to the database config before, otherwise it will not take effect.
And then execute
rm-rf/etc/openldap/slapd.d/*
Slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.d
Chown-r LDAP:LDAP/ETC/OPENLDAP/SLAPD.D
Service SLAPD Restart
Editing a configuration file vim/etc/phpldapadmin/config.php
This is set as the DN login mode, if the UID login mode, the user can change the password, but the LDAP administrator cannot log on
This can login, but change the password will be error (can change the password)
The right way:
If you want to re-import the user need to delete all files under/var/lib/ldap except Db_config in the
SLDAP.D three LDIF (USER.LDIF,BASC.LDIF,GROUP.LDIF) after all files are deleted
Regenerate the file under SLDAP.D slaptest-f/etc/openldap/slapd.conf-f/etc/openldap/slapd.d
After you restart the Sqlap file
The user who re-imports takes effect
This article is from the "Learn Linux" blog, so be sure to keep this source http://10265013.blog.51cto.com/10255013/1752676
Ldap+phpldapadmin+svn