1.yum更新安装必要软件
yum -y install epel-release
yum makecache fast
yum -y install openssl openssl-devel openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools
mkdir -p /var/lib/ldap
chown -R ldap:ldap /var/lib/ldap
2关闭firewall和selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld
reboot
3.启动openldap
systemctl start slapd && systemctl enable slapd
netstat -lnpt |grep 389
4.初始化openldap内容
配置LDAP管理员密码(测试密码:123456)
[root@ops-ldap-pre-ns-172-20-9-117 ~]# slappasswd
New password:
Re-enter new password:
{SSHA}A1VkHmjND85o1Mqt6TTwIzCCJEVxTHge //加密后的密码,添加的时候需要记录
cd /etc/openldap/
vi chrootpw.ldif
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}tfnidHuQTkllu0lcB/pQX6pN2hWi8dvB ##此为刚才加密后的密码串
#:wq 保存退出
执行: ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
chroottpw.ldif文件中每行中间不能有空行
导入Schema
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/collective.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/corba.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/core.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/duaconf.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/dyngroup.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/java.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/openldap.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/pmi.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/ppolicy.ldif
修改配置文件(备份)
cp /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif.bak
sed -i 's#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=hzins,dc=com#g' /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
cp /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif.bak
sed -i 's#cn=Manager,dc=my-domain,dc=com#cn=Manager,dc=hzins,dc=com#g' /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
将默认配置的my-domain更换成需要更换的hzins
配置LdAP的DN
vi chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=hzins,dc=com" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=hzins,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=hzins,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}tfnidHuQTkllu0lcB/pQX6pN2hWi8dvB ##这填写上面设置的密码串
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=hzins,dc=com" write by anonymous auth by self write by * none
olcAccess: {2}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=hzins,dc=com" write by * read
#wq 保存退出
ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
导入Base domain
vi basedomain.ldif
dn: dc=hzins,dc=com
dc: hzins
objectClass: top
objectClass: domain
dn: ou=dev,dc=hzins,dc=com
ou: dev
objectClass: top
objectClass: organizationalUnit
dn: ou=test,dc=hzins,dc=com
ou: test
objectClass: top
objectClass: organizationalUnit
#wq! 保存退出
ldapadd -x -D cn=Manager,dc=hzins,dc=com -W -f basedomain.ldif
输入管理员密码
5.部署HTTPD
yum -y install httpd
mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak
sed -i "s/#ServerName www.example.com:80/ServerName www.hzins.com:80/g" /etc/httpd/conf/httpd.conf
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
sed -i '151s/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
sed -i '164s/DirectoryIndex index.html/DirectoryIndex index.html index.cgi index.php/g' /etc/httpd/conf/httpd.conf
systemctl start httpd
systemctl enable httpd
echo "Apache is OK" >> /var/www/html/index.html
curl -I http://www.hzins.com/
6.安装PHP
yum -y install php php-mbstring php-pear
cp /etc/php.ini /etc/php.ini.bak
sed -i '878s#;date.timezone =#date.timezone = "Asia/Shanghai"#g' /etc/php.ini
systemctl restart httpd
cat > /var/www/html/index.php << EOF
<?php
phpinfo()
?>
EOF
7.安装phpLDAP admin
yum --enablerepo=epel -y install phpldapadmin
cp /etc/phpldapadmin/config.php /etc/phpldapadmin/config.php.bak
vi /etc/phpldapadmin/config.php
#将第397和398行
// $servers->setValue('login','attr','dn');
$servers->setValue('login','attr','uid');
改为如下
$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');
vi /etc/httpd/conf.d/phpldapadmin.conf
#添加如下内容
#
# Web-based tool for managing LDAP servers
#
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs
<Directory /usr/share/phpldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
Require ip 192.168.0.0/8
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
### :wq 保存
chown -R apache.apache /usr/share/phpldapadmin
systemctl restart httpd.service
最后访问
http://192.168.199.130/ldapadmin/
输入上面建立的管理员用户名及密码
用户名:cn=Manager,dc=hzins,dc=com
密码: 123456