LDAP (Lightweight Directory Access Service), by configuring this service, we can also manage users under Linux in the form of a directory, just like ad under Windows, which is easy for us to manage. Next we will configure the OpenLDAP service. This article runs the environment: CentOS 5. Software Requirements: db-4.7.25.tar.gz (http://www.oracle.com/technology/global/cn/software/products/berkeley-db/ index.html) openldap-stable-20090411.tgz (http://www.openldap.org/software/download/ ) phpldapadmin-0.9.8.5.tar.gz (Http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page) in addition, Run phpldapadmin need Apache and PHP support, about Apache and PHP installation, you can refer to my other article: Linux Server Deployment Series one of the-apache guoxuemin.blog.51cto.com/379574/168534)
1.
installation
OpenLDAP
1
) Installation
BerkeleyDB# tar zxvf db-4.7.25.tar.gz# CD db-4.7.25/build_unix#: /dist/configure# make# make install# vi/etc/ld.so.conf Add a statement:/usr/local/berkeleydb.4.7/lib#/sbin/ldconfig
2
) Installation
OpenLDAP# tar zxvf openldap-stable-20090411.tgz# CD openldap-2.4.16# env cppflags= "-i/usr/local/berkeleydb.4.7/include" LDFLA Gs= "-l/usr/local/berkeleydb.4.7/lib"./configure--prefix=/usr/local/openldap--enable-ldbm# make depend# make# make I Nstall
3
) Check the installation resultsOnce installed, some. schema files are automatically generated, and we can use the command: # Ll/usr/local/openldap/etc/openldap/schema/*.schema to view, for example:
2.
Configuration
OpenLDAPOpenLDAP configuration files are mainly slapd.conf and ldap.conf, manually installed, stored under/USR/LOCAL/OPENLDAP/ETC/OPENLDAP, such as:
1
) configuration
slapd.conf
fileThere are two main areas that need to be modified, one is to add all./schema (by default, only include/usr/local/openldap/etc/openldap/schema/core.schema this record), such as: Another place is shown in , change the suffix entry to its own directory suffix, set RootDN, and note that the root administrator set up here is Admin openldap, not the same as the root administrator of the Linux system.
2
) Start
OpenLDAPUse the following command to start openldap:#/USR/LOCAL/OPENLDAP/LIBEXEC/SLAPD
3
) Encrypt the Administrator passwordUsing the command slappasswd to modify the administrator password, the default administrator password is clear text and will be saved in an encrypted manner when modified with SLAPPASSWD.
4
) Modify the client configuration documentFor example, modify the red box to set the start of the directory.
5
) input InformationGeneral information input methods have three kinds: manual input, using. ldif file format input, using script input. Here we choose the more convenient type--using the. ldif file format input. First Use the VI init.ldif command to create a init.ldif file with the following content: Then use the command/usr/local/openldap/bin/ldapadd-x-w-d "CN=ROOT,DC=GUOXUEMIN,DC=CN"- F init.ldif Import the content, such as:
3.
Configuration
Openldapadmin
1
) Installation
Openldapadmin# The installation of the tar zxvf phpldapadmin-0.9.8.5.tar.gz# mv Phpldapadmin-0.9.8.5/usr/local/phpldapadminopenldapadmin is simple and only needs to be decompressed, Then move to the appropriate directory to do so.
2
) configuration
http.conf
file# vi/usr/local/apache/conf/httpd.conf adds the content shown above to create a virtual directory and set up user authentication. Set the password for user admin, such as:
3
) configuration
PhpldapadminBy default Phpldapadmin comes with a sample configuration file Config.php.example, we can modify the file slightly, we can use it. # cd/usr/local/phpldapadmin/config# CP config.php.example config.php# VI config.php Move 274 */* to 283 rows, then modify 276-282 rows of parameters, with As follows: then block the following lines of content, such as: In addition, there are two things to modify, such as: Save the configuration file, and restart the Apache service, you can use the browser input: Http://IP address or computer name/phpldapadmin/access. such as: note, to use phpldapadmin, need to have GetText package support, in PHP compile also need to compile LDAP also, otherwise, will appear the error message: If similar information appears, then only need to install GetText package, and recompile the installation of PHP can be , GetText Package Installation: # tar zxvf gettext-0.16.1.tar.gz# cd gettext-0.16.1#./configure--prefix=/usr/local/gettext# make# make Install the compilation of PHP such as:
4
)
Phpldapadmin
ApplicationClick on the left panel login, we can log in through the OPENLDAP administrator root, such as: Log in, you can see the OpenLDAP interface, the left panel with the Windows ad has an OU, there are user information. If we want to create user information, you can click on the "Create new entry Here" on the left panel, then select the account type on the right panel as needed and follow the wizard step-by-step setup. Graphical user interface Everyone is very familiar with, here I will not be introduced. Of course, we can also import through LDIF, click on the left panel of import can be imported LDIF file. Click Export on the left panel to export the existing data as an LDIF file.
4.
Configuration
LDAP
LogModify the LDAP configuration file slapd.conf, add an item loglevel 1, such as: # vi/usr/local/openldap/etc/openldap/slapd.conf and then modify the System Log profile: # vi/etc/ Syslog.conf adds the following line: local4.*/usr/local/openldap/var/log/ldap.log uses the command service syslog restart to restart the syslog, The system will automatically generate the log file Ldap.log. OK, now that we've set up, we can manage the account information in the form of a directory, but this service is free, so it's less functional than Windows AD. This article only describes the installation and basic configuration of OpenLDAP, for the advanced application of OPENLDAP will be described in the following articles, thank you for your attention.
This article is from the "Tonyguo de blog" Knowledge: "blog, be sure to keep this source http://tonyguo.blog.51cto.com/379574/182432
The seven-OPENLDAP of Linux Server Deployment series
