Liunx service usage (ldap refreshing Access Protocol)

Ldap is very technical and requires a lot of contact. I have learned about uplooking and should not be surprised to hear all the words uplooking appear. I have summarized all my knowledge at 1.1, no plagiarism was made.

Centralized management of ldap refreshing access protocol users

Software centrally managed by users

Openldap nis Network Information Service. Its CS structure is troublesome. one dinecloud windows AD

-------------------------------------------------

Open l dap is a protocol. As long as the program supports this protocol, the data in it can be imported in AD)

His predecessor is that dap has a fatal weakness that does not support TCP/IP.

Ldap advantages

1. He is an agreement.

2. This Protocol is supported across platforms.

3. It is faster to read more, write less, and read less)

Ldap is only restricted to authentication.

The ldap data storage structure is a tree structure designed based on domain names.

Com

|

Uplooking

|

China, USA

|

Beijing State

Ldp has its own terms such:

Dc ---------- location field component in the ground)

Ou ---------- the organizational unit is equivalent to a container that can store objects.

Dn ----------- difference name)

Attribute-attributes of an object

All attributes become attribute classes.

All objects are grouped into object classes.

Attribute classes are used to describe object classes.

What to use in the living environment

1. clients need to log on to the campus networks of Internet cafes and universities.

Ldap -------- Client

Two or three services: ftp maill sshd requires authentication. You can verify three of them on a public server.

---- Ftp

Ldap ---- maill,

---- Sshd

--------------------------------------------

Configure openldop

[Root @ xu chroot] # yum install openldap-servers

Openldap protocol package

Openldap-servers Server

[Root @ xu chroot] # ls/etc/openldap/----------- configuration file

Cacerts/ldap. conf slapd. conf

DB_CONFIG.example schema/

Ldap. conf ------------- if you are a client, This is the configuration file of the client.

Slapd. conf ------------- this is the serVer configuration file.

Schema/-------------- this folder contains all schema template files, which can help us survive object classes and attribute classes.

There is an nis. schema that can meet all our needs.

Vim nis. schema

Define the attribute description of the tianshu directory structure

49 attributetype (1.3.6.1.1.1.1.2 NAME 'gecos'

50 DESC 'the GECOS field; The common name'

51 EQUALITY caseIgnoreIA5Match

52 SUBSTR caseIgnoreIA5SubstringsMatch

53 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)

161 objectclass (1.3.6.1.1.1.2.0 NAME 'posixaccount'

162 DESC 'your action of an account with POSIX bubutes'

163 SUP top AUXILIARY

164 MUST (cn $ uid $ uidNumber $ gidNumber $ homeDirectory) ------------- I use these attributes to describe the posixAccount object

165 MAY (userPassword $ loginShell $ gecos $ description ))

166

[Root @ www openldap] # cd/etc/openldap/

[Root @ xu openldap] # vim slapd. conf

5 include/etc/openldap/schema/core. schema ------------ define a template

6 include/etc/openldap/schema/cosine. schema

7 include/etc/openldap/schema/inetorgperson. schema

8 include/etc/openldap/schema/nis. schema

85 database bdb ---- meaning of database developed by Bo Keli

86 suffix dc = bj, dc = uplooking, dc = com "---------------- define the dc Region

87 rootdn) "cn = admin, dc = bj, dc = uplooking, bc = com"

Rootpw 123 -------------------- use two tabs to separate the passwords)

Dn is the difference.

Zhang San cn = Zhang San ou = it dc = bj dc = uplooking

Cn = zhangsan ou = ka dc = bj dc = uplooking

97 directory/var/lib/ldap ------------- ldap databases are all here

100 index objectClass eq, pres ----------------- indexes are used for ldap optimization.

101 index ou, cn, mail, surname, givenname eq, pres, sub

102 index uidNumber, gidNumber, loginShell eq, pres

103 index uid, memberUid eq, pres, sub

104 index nisMapName, nisMapEntry eq, pres, sub

[Root @ xu openldap] # cp DB_CONFIG.example/var/lib/ldap/DB_CONFIG

[Root @ xu openldap] # ls/var/lib/ldap/------ after the server is restarted, the database must have the DB_CONFIG file.

[Root @ localhost ~] # Chown ldap/var/lib/ldap/DB_CONFIG ------ this is required

[Root @ xu openldap] # service ldap restart service

Generate data files

Useradd ldap1 SET Password

Useradd ldap2 SET Password

Useradd ldap3 SET Password

[Root @ xu openldap] # grep ldap [1-3]/etc/passwd>/tmp/users.txt -------------- extract user and group information

[Root @ xu openldap] # grep ldap [1-3]/etc/group>/tmp/groups.txt -------------- extract user and group information

[Root @ xu migration] # cd/usr/share/openldap/migration/------------ the items here can help us claim database files

Vim migrate_common.ph

71 $ DEFAULT_MAIL_DOMAIN = "bj.uplooking.com"; ------ this is the same as that on the server.

72

73 # Default base

74 $ DEFAULT_BASE = "dc = bj, dc = uplooking, dc = com ";

75

[Root @ xu migration] #./migrate_base.pl>/tmp/uplooling. ldif ----------------- ld I Information in f format claims that ou generates the ldap Master File

It is in the ldap format.

The first part is the most important grading Area

1 dn: dc = bj, dc = uplooking, dc = com

2 dc: bj

3 objectClass: top

4 objectClass: domain

5

36 dn: ou = People, dc = bj, dc = uplooking, dc = com

37 ou: People

38 objectClass: top

39 objectClass: organizationalUnit

40

41 dn: ou = Group, dc = bj, dc = uplooking, dc = com

42 ou: Group

43 objectClass: top

44 objectClass: organizationalUnit

45

The ou has an object, and the value in the object has not been returned.

Generate database data with Exported Files

[Root @ xu migration] #./migrate_passwd.pl/tmp/users.txt>/tmp/users. ldif ---------- all the content here is just a user's information

[Root @ xu migration] #./migrate_group.pl/tmp/groups.txt>/tmp/groups. ldif ------------------------- group information

Import to database

The password is admin.

Ldapadd-x-D "cn = admin, dc = bj, dc = uplooking, dc = com"-w 123-f/tmp/uplooling. ldif ------ import the domain

Ldapadd-x-D "cn = admin, dc = bj, dc = uplooking, dc = com"-w 123-f/tmp/groups. ldif ---------- import user information

Ldapadd-x-D "cn = admin, dc = bj, dc = uplooking, dc = com"-w 123-f/tmp/users. ldif --------- import user information

U

Information file. Note that uplooking. ldif must be imported first.

-X simple verification

-D id

-W indicates the password.

Ldapsearch-x-w 123-h 127.0.0.1-D "cn = admin, dc = bj, dc = uplooking, dc = com"-B "dc = bj, dc = uplooking, dc = com "----- check

Ssh 192.168.1.113-X without adding X, only commands plus X can be used to enable graphics

The client uses the system -- manage -- verify user information to set ldap

[Root @ xu migration] # system-config-authentication ---- configure ldap

Login test su-test1

------------------------------------------------------------

Add a conversion method each time

[Root @ xu openldap] # cd/usr/share/openldap/migration/

Use ldapadd

Ldappsearch is too troublesome

Use user management tools

WEB

PhpLDAPadmin

LAM

---------------------------

PhpLDAPadmin

Yum install php-ldap ----------- ldap and php connection package

[Root @ xu Desktop] # tar-xvf phpldapadmin-1.2.0.4.tgz ---- unzip

[Root @ xu ldap] # Music phpldapadmin-1.2.0.4/var/www/html/ldap

[Root @ xu ldap] # service httpd restart'

Login

Firefox http: // localhost/ldap

[Root @ xu ldap] # cd/var/www/html/ldap/config/

[Root @ xu config] # cp config. php. example config. php --- modify the configuration file

---------------------------

Integration of apache and ldap

[Root @ xu Desktop] # yum install mod_authz_ldap

[Root @ xu Desktop] # vim/etc/httpd/conf/httpd. conf

[Root @ xu Desktop] # ls/etc/httpd/modules/mod_authz_ldap.so added this module

Vim/etc/httpd/conf. d/authz_ldap.conf ------------------------ configuration file

5

6 LoadModule authz_ldap_module modules/mod_authz_ldap.so

7

8 <IfModule mod_authz_ldap.c>

9 <Directory "/var/www/html/">

10 AuthzLDAPMethod ldap

11 AuthzLDAPServer 192.168.1.113

12 authzldapuserbase ou = people, dc = bj, dc = uplooking, dc = com

13 AuthzLDAPUserKey uid

14 AuthzLDAPUserScope base

15 AuthType basic

16 authname "test"

17 require valid-user

18 </directory>

19

20 # <Location/private>

21 # AuthzLDAPEngine on

Service httpd restart service

This article is from the "history_xcy" blog, please be sure to keep this http://historys.blog.51cto.com/7903899/1296711