LDAP--centos7 部署ldap（源码）

前言

LDAP一般指轻型目录访问协议，基本概念这里就不介绍了，网上有很多相关的介绍。 公司内部服务很多，如gitlab、wiki、jira等，如果每个服务创建一个账户，维护起来很不方便，一般通过ldap来解决这种场景。

1、安装依赖

yum install *ltdl* gcc gcc-c++ -y

2、安装BDB

tar -zxvf db-5.1.29.tar.gz
cd db-5.1.29/build_unix/
../dist/configure --prefix=/data/berkeleydb-5.1.29
make && make install

3、更新lib库

echo "/data/berkeleydb-5.1.29/lib/" > /etc/ld.so.conf
ldconfig -v

4、安装OpenLDAP

tar -zxvf openldap-2.4.44.tgz
cd openldap-2.4.44
./configure  \
--prefix=/data/openldap-2.4.44  \
--enable-syslog  \
--enable-modules  \
--enable-debug  \
--with-tls  CPPFLAGS=-I/data/berkeleydb-5.1.29/include/  LDFLAGS=-L/data/berkeleydb-5.1.29/lib/
make depend 
make
make install

5、设置可执行命令

ln -s /data/openldap-2.4.44/bin/* /usr/local/bin/
ln -s /data/openldap-2.4.44/sbin/* /usr/local/sbin/

6、配置rootdn密码

# 设置为123456
cd /data/openldap-2.4.44/
slappasswd

密码串：   {SSHA}ZBIzcb0WtUUJU1zogxZsooNPCprcR2kO

7、修改配置文件slapd.conf

cd /data/openldap-2.4.44/etc/openldap/
vim slapd.conf
#添加模块
include /data/openldap-2.4.44/etc/openldap/schema/core.schema
include /data/openldap-2.4.44/etc/openldap/schema/collective.schema
include /data/openldap-2.4.44/etc/openldap/schema/corba.schema
include /data/openldap-2.4.44/etc/openldap/schema/cosine.schema
include /data/openldap-2.4.44/etc/openldap/schema/duaconf.schema
include /data/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
include /data/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
include /data/openldap-2.4.44/etc/openldap/schema/java.schema
include /data/openldap-2.4.44/etc/openldap/schema/misc.schema
include /data/openldap-2.4.44/etc/openldap/schema/nis.schema
include /data/openldap-2.4.44/etc/openldap/schema/openldap.schema
include /data/openldap-2.4.44/etc/openldap/schema/pmi.schema
include /data/openldap-2.4.44/etc/openldap/schema/ppolicy.schema

8、初始化OpenLADP(optional)

cd /data/openldap-2.4.44/var/openldap-data/
mv DB_CONFIG.example DB_CONFIG

9、启动OpenLADP

#直接在后台工作
/data/openldap-2.4.44/libexec/slapd
#在前端工作，输出debug信息
/data/openldap-2.4.44/libexec/slapd -d 256

1、安装http和PHP

yum -y remove php*
yum install httpd php php-bcmath php-gd php-mbstring php-xml php-ldap php-zip  php-gmp php-json -y

2、安装lam

tar jxf ldap-account-manager-7.3.tar.bz2
mv ldap-account-manager-7.3 ldap
mv ldap /var/www/html/
#修改配置
cd /var/www/html/ldap/config/
cp config.cfg.sample config.cfg
cp unix.conf.sample lam.conf
sed -i "s/dc=my-domain,dc=com/dc=jueceshu,dc=com/g" lam.conf
sed -i "s/cn=Manager/cn=admin/g" lam.conf 
sed -i "s/dc=yourdomain,dc=org/dc=jueceshu,dc=com/g" lam.conf
chown -R apache.apache /var/www/html/ldap/

3、启动http

systemctl start httpd
systemctl enable httpd

4、访问

http://192.168.3.173/ldap/templates/login.php
密码为： 123456

5、创建ldap用户

vim ning.ldif
dn: uid=ning,ou=People,dc=jueceshu,dc=com
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
givenName: ning
sn: ning
displayName: ning
uid: ning
homeDirectory: /home/ning
loginShell: /bin/bash
mail: xingning@treesmob.com
cn: ning
uidNumber: 10003
gidNumber: 10000
userPassword: {SSHA}5BVwoIY5sKgjrTGneWZnpY2jW1AMHhKs
#密码创建和ldap的一样
vim group.ldif
dn: cn=xing,ou=Group,dc=jueceshu,dc=com
objectclass: top
objectClass: posixGroup
description: xing
cn: xing
gidNumber: 10000
memberUid: ceshi
#创建用户
ldapadd -x -D "cn=admin,dc=jueceshu,dc=com" -W -f group.ldif
ldapadd -x -D "cn=admin,dc=jueceshu,dc=com" -W -f ning.ldif

创建成功

把用户添加到xing组中去

6、还有一种是创建唯一组的方法（一个用户对应一个组）

vim user.ldif
dn: uid=ceshi,ou=People,dc=jueceshu,dc=com
objectClass: posixAccount
objectClass: top 
objectClass: inetOrgPerson
givenName: ceshi
sn: ceshi
displayName: ceshi
uid: ceshi
homeDirectory: /home/ceshi
loginShell: /bin/bash
mail: xingning@treesmob.com
cn: ceshi
uidNumber: 10002
gidNumber: 10000
userPassword: {SSHA}5BVwoIY5sKgjrTGneWZnpY2jW1AMHhKs
dn: cn=ceshi,ou=Group,dc=jueceshu,dc=com
objectclass: top 
objectClass: groupOfUniqueNames
description: ceshi
cn: ceshi
uniquemember: uid=ceshi,ou=People,dc=jueceshu,dc=com

三、连接wiki与jira

1、jira、wiki关联时选择方式

2、Jira、wiki连接ldap目录配置

高级设置默认即可