Centos7下安裝OpenLDAP+Phpldapadmin及主主同步
一、環境介紹及初始化準備
- server1:172.16.138.87 openldap01
- server2:172.16.138.88 openldap02
配置yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo yum clean all yum makecache
關閉selinux和防火牆
systemctl stop firewalld.service systemctl disable firewalld.service sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0
二、安裝OpenLDAP(如下操做兩臺主機上執行)
yum install openssl-devel gcc libtool-ltdl-devel -y yum install openldap-servers openldap-clients -y
三、配置OpenLDAP(如下操做兩臺主機上執行)
OpenLDAP配置比較複雜牽涉到的內容比較多,接下來咱們一步一步對其相關的配置進行介紹。php
注意:從OpenLDAP2.4.23版本開始全部配置數據都保存在/etc/openldap/slapd.d/中,建議再也不使用slapd.conf做爲配置文件。html
3.一、配置管理員密碼
命令:slappasswd slapdpasswd:123456 {SSHA}KLfXV8ipw55AY0bwcZGDZX7JQENgUaWs
經過slappasswd命令對管理員密碼進行加密,上述加密後的字段保存下,等會咱們在配置文件中會使用到。linux
3.二、建立密碼
cat << EOF | ldapadd -Y EXTERNAL -H ldapi:/// dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}l9gQmGTK9TsC7SUQpVOpm/aimoYYdPd3 EOF
3.三、導入經常使用的schema文件:
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/dyngroup.ldif
3.四、設置域名
cat << EOF | ldapadd -Y EXTERNAL -H ldapi:// dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" read by dn.base="cn=Manager,dc=suixingpay,dc=com" read by * none dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=suixingpay,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=Manager,dc=suixingpay,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}KLfXV8ipw55AY0bwcZGDZX7JQENgUaWs EOF
3.五、添加用戶
dn: uid=zhaikun,ou=People,dc=suixingpay,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: zhaikun cn: zhaikun sn: user userPassword: {SSHA}g0UwZPzG0CFez6YkzPW6XZrawSQBcGda uidNumber: 1101 gidNumber: 500 mail: zhai_kun@suixingpay.com title: user homeDirectory: /home/zhaikun dn: cn=systemadmin,ou=Group,dc=suixingpay,dc=com objectClass: posixGroup cn: systemadmin gidNumber: 1100 memberUid: systemadmin
ldapadd -x -D cn=Manager,dc=suixingpay,dc=com -w123456 -f user.ldif
3.六、配置OpenLDAP日誌
修改日誌配置文件 /etc/rsyslog.conf local4.* /var/log/ldap.log
重啓rsyslog
systemctl restart rsyslog
配置日誌
cat << EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
add: olcLoglevel
olcLogLevel: -1
EOF
修改級別
cat << EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
replace: olcLoglevel
olcLoglevel: 256
EOF
systemctl restart slapd
四、配置雙主複製(如下操做兩臺主機上執行)
4.一、配置LDAP主程序,增長syncprov module
[root@openldap01 ~]# vim mod_syncprov.ldif dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: syncprov.la
[root@openldap01 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config"
[root@openldap01 ~]# vim syncprov.ldif
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
[root@openldap01 ~]#ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
4.二、配置LDAP消費者vim
[root@openldap01 ~]# vim master01.ldif # create new dn: cn=config changetype: modify replace: olcServerID # specify uniq ID number on each server olcServerID: 0 #server2上替換爲1 dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://172.16.138.88:389/ #主2上替換爲172.16.138.87:389 bindmethod=simple binddn="cn=Manager,dc=suixingpay,dc=com" credentials=suixingpay #明文密碼,也能夠加密 searchbase="dc=suixingpay,dc=com" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00 - add: olcMirrorMode olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
[root@openldap01 ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f master01.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" modifying entry "olcDatabase={2}hdb,cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
配置LDAP客戶端也綁定LDAP消費者api
[root@test1 ~]# authconfig --ldapserver=172.16.138.87,172.16.138.88 --update
五、PhpLDAPAdmin安裝
5.一、安裝
yum install phpldapadmin -y yum install httpd php php-bcmath php-gd php-mbstring php-xml php-ldap -y systemctl restart httpd && systemctl enable httpd
5.二、配置httpd
vim /etc/httpd/conf/httpd.conf #添加index.php <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> #新增(支持phph) AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps #修改ServerName ServerName ldapserver.suixingpay.com #新增ldapadmin 條目 <Directory /usr/share/phpldapadmin/htdocs> <IfModule mod_authz_core.c> # Apache 2.4 Require all granted </IfModule> </Directory> #添加alias Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs systemctl restart httpd
5.3配置OpenLDAPserver
vim /usr/share/phpldapadmin/config/config.php $servers->newServer('ldap_pla'); $servers->setValue('server','name','LDAP Server'); $servers->setValue('server','host','172.16.138.87'); $servers->setValue('server','port',389); $servers->setValue('server','base',array('dc=suixingpay,dc=com')); $servers->setValue('login','auth_type','cookie'); $servers->setValue('login','bind_id',''); $servers->setValue('login','bind_pass',''); $servers->setValue('server','tls',false);
5.四、打開PhpLADPAdmincookie
六、測試同步
####server01 添加jaxzhai用戶 [root@openldap01 ~]# ldapadd -x -D "cn=Manager,dc=suixingpay,dc=com" -W -f ldapuser.ldif Enter LDAP Password: adding new entry "uid=jaxzhai,ou=People,dc=suixingpay,dc=com" [root@openldap01 ~]# ####server02 查看是否同步 root@openldap02 ~]# ldapsearch -x -b "dc=suixingpay,dc=com" -H ldap://127.0.0.1| grep jaxzhai # jaxzhai, People, suixingpay.com dn: uid=jaxzhai,ou=People,dc=suixingpay,dc=com uid: jaxzhai cn: jaxzhai homeDirectory: /home/jaxzhai [root@openldap02 ~]# ####server02 刪除jaxzhai用戶 [root@openldap02 ~]# ldapdelete -x -D "cn=Manager,dc=suixingpay,dc=com" -W -h172.16.138.88 "uid=jaxzhai,ou=People,dc=suixingpay,dc=com" Enter LDAP Password: [root@openldap02 ~]# ####server01 查看是否同步 [root@openldap01 ~]# ldapsearch -x -b "dc=suixingpay,dc=com" -H ldap://127.0.0.1| grep jaxzhai [root@openldap01 ~]#
相關文章
- 1. mongodb的安裝以及主從同步
- 2. Centos 7 下安裝LDAP 雙主同步
- 3. docker下centos7安裝postgresql搭建主從同步(pglogical)
- 4. linux(centos7)下設置mysql主從同步
- 5. CentOS7 DNS主從同步
- 6. Centos7 DNS主從同步
- 7. MySQL主從同步與主主同步
- 8. mysql:主從同步與主主同步
- 9. MySQL 5.7.18的安裝及主從複製(主從同步)
- 10. Linux下安裝MySQL及MySQL主從同步配置
- 更多相關文章...
- • jQuery Mobile 主題 - jQuery Mobile 教程
- • SQL 主機 - SQL 教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
