禅道+gitlab+svn密码统一认证
OpenLDAP+phpLDAPadmin 统一鉴权认证
OpenLDAP 安装与配置
-
使用yum安装OpenLDAP
1
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools使用命令
slapd -VV可以查看OpenLDAP版本。 -
配置OpenLDAP
-
设置OpenLDAP的管理员密码
slappasswd -s [password]设置完后保存密码 -
修改olcDatabase={2}hdb.ldif文件
vim /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}hdb.ldif1
2
3
4
5olcSuffix: dc=teracloud2,dc=cn
olcRootDN: cn=admin,dc=teracloud2,dc=cn
olcRootPW: password其中cn=admin中的admin表示OpenLDAP管理员的用户名,dc为ldap的服务器域名,导出而olcRootPW表示OpenLDAP管理员的密码。
-
修改olcDatabase={1}monitor.ldif文件
vim /etc/openldap/slapd.d/cn=config/olcDatabase\=\{1\}monitor.ldif1
2
3olcAccess: {0}to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth” read by dn.base=”cn=admin,dc=teracloud2,dc=cn” read by * none验证OpenLDAP的基本配置是否正确,使用如下命令
slaptest -u -
OpenLDAP服务 启动
1
2
3
4
5
6
7
8//开机启动ldap
systemctl enable slapd
//启动ldap
systemctl start slapd
//查看ldap的状态
systemctl status slapd -
配置OpenLDAP数据库
OpenLDAP默认使用的数据库是BerkeleyDB,现在来开始配置OpenLDAP数据库,使用如下命令
1
2
3
4
5
6
7cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap -R /var/lib/ldap
chmod 700 -R /var/lib/ldap
ll /var/lib/ldap/- 导入基本Schema
导入基本Schema,使用如下命令
1
2
3
4
5ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
如果这一步导入失败,一般都是密码输入错误,密码要输上面配置的加密前的密码
-
创建基本的用户节点,数据库管理员
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19dn: dc=teracloud2,dc=cn
objectClass: top
objectClass: dcObject
objectclass: organization
o: Example Inc.
dc: teracloud2
dn: ou=Users,dc=teracloud2,dc=cn
objectClass: organizationalUnit
ou: Users
dn: ou=group,dc=teracloud2,dc=cn
objectClass: organizationalUnit
ou: group
dn: cn=admin,dc=teracloud2,dc=cn
objectClass: organizationalRole
cn: admin
description: Directory Administratorldapadd -x -D cn=admin,dc=teracloud2,dc=cn-W -f basedomain.ldif -
配置日志
vim log.ldif1
2
3
4dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: 32ldapmodify -Y EXTERNAL -H ldapi:/// -f log.ldif SASL/EXTERNAL authentication started1
2
3
4
5
6mkdir -p /var/log/slapd
chown ldap:ldap /var/log/slapd/
echo "local4.* /var/log/slapd/slapd.log" >> /etc/rsyslog.conf
systemctl restart rsyslog
systemctl restart slapd
tail -n 4 /var/log/slapd/slapd.log
-
phpLDAPadmin安装
-
yum安装apache+php环境
yum install httpd php php-bcmath php-gd php-mbstring php-xml php-ldapyum install phpldapadmin -
配置phpLDAPadmin
vi /etc/httpd/conf.d/phpldapadmin.conf1
2
3
4
5
6
7Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs
<Directory /usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Allow from all
</Directory>vi /etc/httpd/conf/httpd.conf1
2
3
4
5
6
7
8
9
10[root@cdh-server1 ~]# vi /etc/httpd/conf/httpd.conf
102 #<Directory />
103 # AllowOverride none
104 # Require all denied
105 #</Directory>
106
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
</Directory> -
修改/etc/phpldapadmin/config.php配置用DN登录
vi /etc/phpldapadmin/config.php1
2$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid'); -
服务启动
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24启动
service httpd start
停止
service httpd stop
重启
systemctl restart httpd
查看状态
service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-10-22 19:00:33 CST; 7s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 22571 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─22571 /usr/sbin/httpd -DFOREGROUND
├─22572 /usr/sbin/httpd -DFOREGROUND
├─22574 /usr/sbin/httpd -DFOREGROUND
├─22575 /usr/sbin/httpd -DFOREGROUND
├─22576 /usr/sbin/httpd -DFOREGROUND
└─22577 /usr/sbin/httpd -DFOREGROUND
本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!