在CentOS 6.5上安装OpenLDAP并配置LDAP方式用户登录

在CentOS 6.5上安装OpenLDAP并配置LDAP方式用户登录

1.安装PHP和apache
如果没有EPEL的源需要安装下
yum install epel-release
若没有下载下来，就创建/etc/yum.repo.d/epel.repo

--------------------------------------------------------------------------------
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.Fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

--------------------------------------------------------------------------------

phpldapadmin依赖apache和php

yum install php httpd
配置httpd.conf

2.安装OpenLDAP
yum install *openldap* openldap openldap-servers openldap-clients
配置OpenLDAP，配置文件/etc/openldap/slapd.conf
该文件默认没有，从/usr/share/openldap-servers/slapd.conf.obsolete拷贝一份到该位置
owner为ldap:ldap

--------------------------------------------------------------------------------
database monitor
access to *
        by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=Manager,dc=iflyyun,dc=cn" read
        by * none
database        bdb
suffix          "dc=iflyyun,dc=cn"
checkpoint      1024 15
rootdn          "cn=Manager,dc=iflyyun,dc=cn"

--------------------------------------------------------------------------------
配置/etc/openldap/ldap.conf

--------------------------------------------------------------------------------
BASE    dc=iflyyun,dc=cn
URI    ldap://bja-pro0002.Hadoop.cpcc.iflyyun.cn

--------------------------------------------------------------------------------

配置ldap管理员用户密码
sldappasswd（注意不要用ldappasswd，否则会报GSSAPI错误）
输入密码，获得{SSHA}ph+VRzfWSeamboy0itVlazrJrxzVHh80格式的密码再修改/etc/openldap/slapd.conf
直接使用明文密码，使用加密密码有点问题
配置apache识别index.php
修改/etc/httpd/conf/httpd.conf
找到下面这一行，添加index.php
DirectoryIndex index.html index.html.var index.php
修改/etc/httpd/conf.d/php.conf
测试OpenLDAP配置文件是否正确：
slaptest -u -f /etc/openldap/slapd.conf

3.安装phpldapadmin
yum install phpldapadmin
配置/etc/phpldapadmin/config.ini

--------------------------------------------------------------------------------
$servers->setValue('server','host','192.168.51.211');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=iflyyun,dc=cn'));
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','cn=Manager,dc=iflyyun,dc=cn');

$servers->setValue('login','attr','dn');（397行，这行取消注释）
// $servers->setValue('login','attr','uid');（将这行注释掉，否则登录会报错）

--------------------------------------------------------------------------------
修改/etc/httpd/conf.d/phpldapadmin.conf，允许从其他机器访问

--------------------------------------------------------------------------------
<Directory /usr/share/phpldapadmin/htdocs>
  Order Deny,Allow
  Allow from all
</Directory>

--------------------------------------------------------------------------------

4.phpldapadmin配置
删除/etc/openldap/lapd.d/目录下的所有文件
创建LDAP根目录
ldapadd -x -D"cn=Manager,dc=iflyyun,dc=cn" -f base.ldif -W
base.ldif

--------------------------------------------------------------------------------

dn: dc=iflyyun,dc=cn
o: ldap
objectclass: dcObject
objectclass: organization