搭建搭到想吐
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
yum
-
y install php php
-
mysql php
-
gd libjpeg
*
php
-
imap php
-
ldap php
-
odbc php
-
pear php
-
xml php
-
xmlrpc php
-
mbstring php
-
mcrypt php
-
bcmath php
-
mhash libmcrypt libmcrypt
-
devel php
-
fpm
yum
-
y install http
yum
-
y install openldap openldap
-
servers openldap
-
clients openldap
-
devel compat
-
openldap db4 db4
-
utils
1.
创建slapd.conf配置文件
cat slapd.conf|grep
-
v
"#"
include
/
etc
/
openldap
/
schema
/
corba.schema
include
/
etc
/
openldap
/
schema
/
core.schema
include
/
etc
/
openldap
/
schema
/
cosine.schema
include
/
etc
/
openldap
/
schema
/
duaconf.schema
include
/
etc
/
openldap
/
schema
/
dyngroup.schema
include
/
etc
/
openldap
/
schema
/
inetorgperson.schema
include
/
etc
/
openldap
/
schema
/
java.schema
include
/
etc
/
openldap
/
schema
/
misc.schema
include
/
etc
/
openldap
/
schema
/
nis.schema
include
/
etc
/
openldap
/
schema
/
openldap.schema
include
/
etc
/
openldap
/
schema
/
ppolicy.schema
include
/
etc
/
openldap
/
schema
/
collective.schema
allow bind_v2
pidfile
/
var
/
run
/
openldap
/
slapd.pid
argsfile
/
var
/
run
/
openldap
/
slapd.args
loglevel
1
TLSCACertificatePath
/
etc
/
openldap
/
certs
TLSCertificateFile
"\"OpenLDAP Server\""
TLSCertificateKeyFile
/
etc
/
openldap
/
certs
/
password
database config
access to
*
by dn.exact
=
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by
*
none
database monitor
access to
*
by dn.exact
=
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read
by dn.exact
=
"cn=Manager,dc=my-domain,dc=com"
read
by
*
none
database bdb
suffix
"dc=test,dc=com"
checkpoint
1024
15
rootdn
"cn=admin,dc=test,dc=com"
rootpw admin
directory
/
var
/
lib
/
ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
2.
启动
/
usr
/
sbin
/
slapd
-
f slapd.conf
web界面操作
3.
版本 phpldapadmin
-
1.2
.
3
cat phpldapadmin.conf
#
# Web-based tool for managing LDAP servers
#
Alias
/
phpldapadmin
/
usr
/
share
/
phpldapadmin
/
htdocs
Alias
/
ldapadmin
/
usr
/
share
/
phpldapadmin
/
htdocs
<Directory
/
usr
/
share
/
phpldapadmin
/
htdocs>
Order Allow,Deny
Allow
from
all
Allow
from
127.0
.
0.1
Allow
from
::
1
<
/
Directory>
4.ldapadmin
web界面建立ou
碰到PLA灰色,做下面的操作
vim base.ldif
dn: dc
=
test,dc
=
com
objectClass: dcObject
objectClass: organization
dc: test
o: Corporation
description: d Corporation
ldapadd
-
f base.ldif
-
x
-
D cn
=
admin,dc
=
test,dc
=
com
-
W
5.
用命令建立系统cn,web界面也可以
vim zxy.ldif
# zxy, people, example.com
dn: uid
=
zxy,ou
=
people,dc
=
example,dc
=
com
uid: zxy
cn: zxy
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:
111111
shadowLastChange:
14323
shadowMax:
99999
shadowWarning:
7
loginShell:
/
bin
/
bash
uidNumber:
1005
gidNumber:
1005
homeDirectory:
/
home
/
zxy
ldapadd
-
f base.ldif
-
x
-
D cn
=
admin,dc
=
test,dc
=
com
-
W
ldapadd
-
x
-
D "cn
=
root,dc
=
example,dc
=
com"
-
W
-
f zxy.ldif
Ldapsearch
-
x –b “dc
=
example,dc
=
com"
注意事项是一些映射关系的对于,比如ldap的userid对应于一些系统不同字段。
|
最后ldapadmin config.php 要改。真是坑。
应该有用吧。心累。
本文转自 liqius 51CTO博客,原文链接:http://blog.51cto.com/szgb17/1940636,如需转载请自行联系原作者