OpenLDAP+LdapBrowser配置

原创

赵士杰 2023-05-06 21:56:49 博主文章分类：LDAP ©著作权

文章标签 配置管理 PHP Access Oracle RedHat 文章分类 JavaScript 前端开发

©著作权归作者所有：来自51CTO博客作者赵士杰的原创作品，请联系作者获取转载授权，否则将追究法律责任

相关软件下载：
Berkeley-Db: http://download.oracle.com/berkeley-db/db-4.5.20.tar.gz
OpenLdap: http://www.openldap.org/software/download/
http://download.bergmans.us/openldap/ PhpLdapAdmin: http://phpldapadmin.sourceforge.net/
Java LdapBrowser: http://www.ldapbrowser.com/

一、window配置
Windows 安装：
修改 slapd.conf（用一下内容替换该文件所有内容）

ucdata-path ./ucdata 

include ./schema/core.schema 

include ./schema/corba.schema 

include ./schema/cosine.schema 

include ./schema/inetorgperson.schema 

include ./schema/misc.schema 

include ./schema/openldap.schema 

include ./schema/nis.schema 

pidfile ./run/slapd.pid 

argsfile ./run/slapd.args 

access to attrs=userPassword 

 by self write 

 by anonymous auth 

 by * none 

access to * 

 by self write 

 by users read 

 by * none 

database bdb 

suffix ”dc=ahnu,dc=edu,dc=cn” 

rootdn ”cn=root,dc=ahnu,dc=edu,dc=cn” 

rootpw {MD5}hUJRb4hwFz19Hauh2qrwoQ== 

directory ./data 

index objectClass eq

第一步是要建立DN：

vi load.ldif 


dn: dc=ahnu,dc=edu,dc=cn 

dc: ahnu 

description: An Hui Normal University 

objectClass: dcObject 

objectClass: organization 

o: University

导入命令：

ldapadd -x -D "cn=root,dc=ahnu,dc=edu,dc=cn" -w zhaoshijie -f load.l 

dif 

vi qzjiao.ldif 


dn: uid=qzjiao,dc=ahnu,dc=edu,dc=cn 

objectClass: person 

objectClass: organizationalPerson 

objectClass: inetOrgPerson 

uid: qzjiao 

cn: Jiao QingZheng 

sn: qzjiao 

userPassword: 12321 

telephoneNumber: 5768972 

description: openldap admin 

displayName: Jiao QingZheng 

mail:qzjiao@mail.ahnu.edu.cn

导入命令：

ldapadd -x -D "cn=root,dc=ahnu,dc=edu,dc=cn" -w zhaoshijie -f qzjiao 

.ldif

二使用红帽配置
RedHat安装：

tar -zxvf db-4.5.20.tar.gz //根据openldap版本要求 

cd db-4.5.20/build_unix 

../dist/configure –prefix=/appsite/bdb 

make 

make install 

//修改/etc/ld.so.conf （系统动态链接库的配置文件） 

vi /etc/ld.so.conf 

 将/appsite/bdb/lib添加上 

ldconfig 


tar -zxvf openldap-xxx.tar.gz 

env CPPFLAGS=”-I/appsite/bdb/include” LDFLAGS=”-L/appsite/bdb/lib” ./configure –prefix=/appsite/openldap –enable-ldbm 

make depend 

make 

make test 

make install 


//配置slapd.conf文档 

vi slapd.conf 

include /appsite/openldap/etc/openldap/schema/core.schema #必须 

include /appsite/openldap/etc/openldap/schema/corba.schema 

include /appsite/openldap/etc/openldap/schema/cosine.schema #一般需要 

include /appsite/openldap/etc/openldap/schema/inetorgperson.schema #一般需要 

include /appsite/openldap/etc/openldap/schema/misc.schema 

include /appsite/openldap/etc/openldap/schema/openldap.schema 

include /appsite/openldap/etc/openldap/schema/nis.schema 


pidfile /appsite/openldap/var/run/slapd.pid 

argsfile /appsite/openldap/var/run/slapd.args 


loglevel 1 #设置日志级别 4095是全部记录 


access to attrs=userPassword 

 by self write 


 by anonymous auth 

access to attrs=mail 

 by dn=”cn=root,dc=ahnu,dc=edu,dc=cn” write 

 by self write 

 by anonymous auth 

access to dn.regex=”^cn=[^,]+,dc=ahnu,dc=edu,dc=cn$” 

 by self write 

 by * read 

####################################################################### 

# BDB database definitions 

####################################################################### 


database bdb 

suffix “dc=ahnu,dc=edu,dc=cn” 

rootdn “cn=root,dc=ahnu,dc=edu,dc=cn” #root 为管理员 

# Cleartext passwords, especially for the rootdn, should 

# be avoid. See slappasswd(8) and slapd.conf(5) for details. 

# Use of strong authentication encouraged. 

rootpw {MD5}hUJRb4hwFz19Hauh2qrwoQ== 

#设置root密码，用MD5加密。密码串用slappasswd -h {MD5}指令生成 

directory /appsite/openldap/var/openldap-data 

# Indices to maintain 

index objectClass eq 


vi /etc/syslog.conf #增加openldap日志 


local4.* /var/log/ldap.log 

service syslog restart #重启日志服务 

cd /appsite/openldap/libexec 

./slapd 


安全停止 

kill -INT `cat /appsite/openldap/var/run/slapd.pid`

第一步是要建立DN：

vi load.ldif 


dn: dc=ahnu,dc=edu,dc=cn 

dc: ahnu 

description: An Hui Normal University 

objectClass: dcObject 

objectClass: organization 

o: University 


./ldapadd -x -D ‘cn=root,dc=ahnu,dc=edu,dc=cn’ -W -f load.ldif 


vi qzjiao.ldif 


dn: uid=qzjiao,dc=ahnu,dc=edu,dc=cn 

objectClass: person 

objectClass: organizationalPerson 

objectClass: inetOrgPerson 

uid: qzjiao 

cn: Jiao QingZheng 

sn: qzjiao 

userPassword: 12321 

telephoneNumber: 5768972 

description: openldap admin 

displayName: Jiao QingZheng 

mail:qzjiao@mail.ahnu.edu.cn 


./ldapadd -x -D ‘cn=root,dc=ahnu,dc=edu,dc=cn’ -W -f qzjiao.ldif 


查询 

./ldapsearch -x -b ‘dc=ahnu,dc=edu,dc=cn’ 

#-b 设置查询起点 


./ldapsearch -x -LLL -h ahnu.edu.cn -b ‘dc=ahnu,dc=edu,dc=cn’ -D ‘uid=qzjiao,dc=ahnu,dc=edu,dc=cn’ -W ‘uid=qzjiao’ 


phpLDAPadmin 的安装配置 

config/config.php.example 改为 config.php 

修改config.php