前言

LDAP一般指轻型目录访问协议,基本概念这里就不介绍了,网上有很多相关的介绍。 公司内部服务很多,如gitlab、wiki、jira等,如果每个服务创建一个账户,维护起来很不方便,一般通过ldap来解决这种场景。

1、安装依赖

  1. yum install *ltdl* gcc gcc-c++ -y

2、安装BDB

  1. tar -zxvf db-5.1.29.tar.gz
  2. cd db-5.1.29/build_unix/
  3. ../dist/configure --prefix=/data/berkeleydb-5.1.29
  4. make && make install

3、更新lib库

  1. echo "/data/berkeleydb-5.1.29/lib/" > /etc/ld.so.conf
  2. ldconfig -v

4、安装OpenLDAP

  1. tar -zxvf openldap-2.4.44.tgz
  2. cd openldap-2.4.44
  3. ./configure  \
  4. --prefix=/data/openldap-2.4.44  \
  5. --enable-syslog  \
  6. --enable-modules  \
  7. --enable-debug  \
  8. --with-tls  CPPFLAGS=-I/data/berkeleydb-5.1.29/include/  LDFLAGS=-L/data/berkeleydb-5.1.29/lib/
  10. make depend 
  11. make
  12. make install

5、设置可执行命令

  1. ln -s /data/openldap-2.4.44/bin/* /usr/local/bin/
  2. ln -s /data/openldap-2.4.44/sbin/* /usr/local/sbin/

6、配置rootdn密码

  1. # 设置为123456
  2. cd /data/openldap-2.4.44/
  3. slappasswd

LDAP--centos7 部署ldap(源码) - 图1

  1. 密码串:   {SSHA}ZBIzcb0WtUUJU1zogxZsooNPCprcR2kO

7、修改配置文件slapd.conf

  1. cd /data/openldap-2.4.44/etc/openldap/
  2. vim slapd.conf
  3. #添加模块
  4. include /data/openldap-2.4.44/etc/openldap/schema/core.schema
  5. include /data/openldap-2.4.44/etc/openldap/schema/collective.schema
  6. include /data/openldap-2.4.44/etc/openldap/schema/corba.schema
  7. include /data/openldap-2.4.44/etc/openldap/schema/cosine.schema
  8. include /data/openldap-2.4.44/etc/openldap/schema/duaconf.schema
  9. include /data/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
  10. include /data/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
  11. include /data/openldap-2.4.44/etc/openldap/schema/java.schema
  12. include /data/openldap-2.4.44/etc/openldap/schema/misc.schema
  13. include /data/openldap-2.4.44/etc/openldap/schema/nis.schema
  14. include /data/openldap-2.4.44/etc/openldap/schema/openldap.schema
  15. include /data/openldap-2.4.44/etc/openldap/schema/pmi.schema
  16. include /data/openldap-2.4.44/etc/openldap/schema/ppolicy.schema

LDAP--centos7 部署ldap(源码) - 图2

LDAP--centos7 部署ldap(源码) - 图3

8、初始化OpenLADP(optional)

  1. cd /data/openldap-2.4.44/var/openldap-data/
  2. mv DB_CONFIG.example DB_CONFIG

9、启动OpenLADP

  1. #直接在后台工作
  2. /data/openldap-2.4.44/libexec/slapd
  4. #在前端工作,输出debug信息
  5. /data/openldap-2.4.44/libexec/slapd -d 256

1、安装http和PHP

  1. yum -y remove php*
  2. yum install httpd php php-bcmath php-gd php-mbstring php-xml php-ldap php-zip  php-gmp php-json -y

2、安装lam

  1. tar jxf ldap-account-manager-7.3.tar.bz2
  2. mv ldap-account-manager-7.3 ldap
  3. mv ldap /var/www/html/
  5. #修改配置
  6. cd /var/www/html/ldap/config/
  7. cp config.cfg.sample config.cfg
  8. cp unix.conf.sample lam.conf
  10. sed -i "s/dc=my-domain,dc=com/dc=jueceshu,dc=com/g" lam.conf
  11. sed -i "s/cn=Manager/cn=admin/g" lam.conf 
  12. sed -i "s/dc=yourdomain,dc=org/dc=jueceshu,dc=com/g" lam.conf
  14. chown -R apache.apache /var/www/html/ldap/

3、启动http

  1. systemctl start httpd
  2. systemctl enable httpd

4、访问

  1. http://192.168.3.173/ldap/templates/login.php
  2. 密码为: 123456

LDAP--centos7 部署ldap(源码) - 图4

5、创建ldap用户

  1. vim ning.ldif
  2. dn: uid=ning,ou=People,dc=jueceshu,dc=com
  3. objectClass: posixAccount
  4. objectClass: top
  5. objectClass: inetOrgPerson
  6. givenName: ning
  7. sn: ning
  8. displayName: ning
  9. uid: ning
  10. homeDirectory: /home/ning
  11. loginShell: /bin/bash
  12. mail: xingning@treesmob.com
  13. cn: ning
  14. uidNumber: 10003
  15. gidNumber: 10000
  16. userPassword: {SSHA}5BVwoIY5sKgjrTGneWZnpY2jW1AMHhKs
  17. #密码创建和ldap的一样
  19. vim group.ldif
  20. dn: cn=xing,ou=Group,dc=jueceshu,dc=com
  21. objectclass: top
  22. objectClass: posixGroup
  23. description: xing
  24. cn: xing
  25. gidNumber: 10000
  26. memberUid: ceshi
  29. #创建用户
  30. ldapadd -x -D "cn=admin,dc=jueceshu,dc=com" -W -f group.ldif
  31. ldapadd -x -D "cn=admin,dc=jueceshu,dc=com" -W -f ning.ldif

创建成功
LDAP--centos7 部署ldap(源码) - 图5

LDAP--centos7 部署ldap(源码) - 图6

把用户添加到xing组中去
LDAP--centos7 部署ldap(源码) - 图7

LDAP--centos7 部署ldap(源码) - 图8

LDAP--centos7 部署ldap(源码) - 图9

LDAP--centos7 部署ldap(源码) - 图10

LDAP--centos7 部署ldap(源码) - 图11

6、还有一种是创建唯一组的方法(一个用户对应一个组)

  1. vim user.ldif
  2. dn: uid=ceshi,ou=People,dc=jueceshu,dc=com
  3. objectClass: posixAccount
  4. objectClass: top 
  5. objectClass: inetOrgPerson
  6. givenName: ceshi
  7. sn: ceshi
  8. displayName: ceshi
  9. uid: ceshi
  10. homeDirectory: /home/ceshi
  11. loginShell: /bin/bash
  12. mail: xingning@treesmob.com
  13. cn: ceshi
  14. uidNumber: 10002
  15. gidNumber: 10000
  16. userPassword: {SSHA}5BVwoIY5sKgjrTGneWZnpY2jW1AMHhKs
  18. dn: cn=ceshi,ou=Group,dc=jueceshu,dc=com
  19. objectclass: top 
  20. objectClass: groupOfUniqueNames
  21. description: ceshi
  22. cn: ceshi
  23. uniquemember: uid=ceshi,ou=People,dc=jueceshu,dc=com

三、连接wiki与jira

1、jira、wiki关联时选择方式

LDAP--centos7 部署ldap(源码) - 图12

2、Jira、wiki连接ldap目录配置

LDAP--centos7 部署ldap(源码) - 图13

LDAP--centos7 部署ldap(源码) - 图14

LDAP--centos7 部署ldap(源码) - 图15

LDAP--centos7 部署ldap(源码) - 图16

LDAP--centos7 部署ldap(源码) - 图17

高级设置默认即可
LDAP--centos7 部署ldap(源码) - 图18

LDAP--centos7 部署ldap(源码) - 图19

LDAP--centos7 部署ldap(源码) - 图20

LDAP--centos7 部署ldap(源码) - 图21