phpldapadmin具体设置时时app平台注册网站
1.得以兑现的功效
在CentOS6.5上安装OpenLDAP并配备LDAP方式客商登入
1.设置PHP和apache 如果未有EPEL的源须要设置下 yum install epel-release 若未有下载下来,就创设/etc/yum.repo.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
phpldapadmin依赖apache和php
yum install php httpd 配置httpd.conf
2.安装OpenLDAP yum install *openldap* openldap openldap-servers
openldap-clients 配置OpenLDAP,配置文件/etc/openldap/slapd.conf
该文件暗中认可未有,从/usr/share/openldap-servers/slapd.conf.obsolete拷贝生龙活虎份到该岗位
owner为ldap:ldap
database monitor
access to *
by dn.exact="gidNumber=0 uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=Manager,dc=iflyyun,dc=cn" read
by * none database bdb
suffix "dc=iflyyun,dc=cn"
checkpoint 1024 15
rootdn "cn=Manager,dc=iflyyun,dc=cn"
配置/etc/openldap/ldap.conf
BASE dc=iflyyun,dc=cn
URI ldap://bja-pro0002.hadoop.cpcc.iflyyun.cn
布置ldap助理馆员顾客密码
sldappasswd(注意不要用ldappasswd,不然会报GSSAPI错误卡塔 尔(英语:State of Qatar)
输入密码,获得{SSHA}ph VRzfWSeamboy0itVlazrJrxzVHh80格式的密码再修改/etc/openldap/slapd.conf
直接动用公开密码,使用加密密码有一点点难题 配置apache识别index.php
校正/etc/httpd/conf/httpd.conf 找到下边那意气风发行,加多index.php
DirectoryIndex index.html index.html.var index.php
改良/etc/httpd/conf.d/php.conf 测量检验OpenLDAP配置文件是否科学: slaptest
-u -f /etc/openldap/slapd.conf
3.安装phpldapadmin yum install phpldapadmin
配置/etc/phpldapadmin/config.ini
$servers->setValue('server','host','192.168.51.211');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=iflyyun,dc=cn'));
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','cn=Manager,dc=iflyyun,dc=cn');
$servers->setValue('login','attr','dn');(397行,那行撤除注释卡塔 尔(阿拉伯语:قطر
//
$servers->setValue('login','attr','uid');(将那行注释掉,不然登陆会报错卡塔尔
纠正/etc/httpd/conf.d/phpldapadmin.conf,允许从任何机器访谈
Order Deny,Allow
Allow from all
4.phpldapadmin配置 删除/etc/openldap/lapd.d/目录下的持有文件 成立LDAP根目录 ldapadd -x -D"cn=Manager,dc=iflyyun,dc=cn" -f base.ldif -W base.ldif
dn: dc=iflyyun,dc=cn
o: ldap
objectclass: dcObject
objectclass: organization
开创管理员客商 # Manager, iflyyun.cn
dn: cn=Manager,dc=iflyyun,dc=cn
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: Manager
description: LDAP administrator
5.LDAP客户端配置 安装必备软件 yum install nss-pam-ldapd pam_ldap
openldap-clients 需求校勘的安排文件有:
/etc/sysconfig/authconfig、/etc/pam.d/system-auth、/etc/openldap/ldap.conf、/etc/nssswitch.conf
修改/etc/sysconfig/authconfig
IPADOMAINJOINED=no
USEMKHOMEDIR=yes
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
USEDB=no FORCELEGACY=no
USEFPRINTD=yes
FORCESMARTCARD=no
PASSWDALGORITHM=yes
USELDAPAUTH=yes
USEPASSWDQC=no
IPAV2NONTP=no
USELOCAUTHORIZE=yes
USECRACKLIB=yes
USEIPAV2=no
USEWINBINDAUTH=no
USESMARTCARD=no
USELDAP=yes
USENIS=no
USEKERBEROS=no
USESYSNETAUTH=yes
USESSSD=no
USEHESIOD=no
修改/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
account required pam_ldap.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok md5
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session optional pam_ldap.so
修改/etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
BASE dc=iflyyun,dc=cn
URI ldap://hfa-pro0002.hadoop.cpcc.iflyyun.cn
修改/etc/nssswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
开启名称缓存服务 service nscd restart
1.设置PHP和apache 若无EPEL的源需求设置下 yum install epel-release 若没有下载下来,就创办/e...
四、配置服务开机运营
chkconfig slapd on # ldap服务(5.4为ldap卡塔 尔(阿拉伯语:قطر今后成为了slapd
chkconfig rsyslog on #rsyslog服务(日志)5.4为syslog
chkconfig rpcbind on #启动rpcbind服务5.4为portmap 111端口
$servers->setValue('login','attr','dn');
$servers->setValue('login','attr','uid');
少年老成、yum安装相关软件及策画条件
yum -y install openldap* db4 migrationtools
service iptables stop
service NetworkManager stop
chkconfig iptables off
chkconfig NetworkManager off
这里为了有援助关闭了防火墙,实际生育景况请小心!
#隐藏 objectClass,sn,cn,uid属性
五、安装phpldapadmin
yum -y install epel-release
yum -y install httpd php php-bcmath php-gd php-mbstring php-xml php-ldap
yum -y install phpldapadmin
vim /etc/httpd/conf.d/phpldapadmin.conf
增多上自个儿需求拜望web端的网段,作者在这里边是去除了Deny from all,增加了Allow from all,实验阶段方便而已,实际分娩条件如故要留意!
vi /etc/phpldapadmin/config.php
修改前:
// $servers->setValue('login','attr','dn');
$servers->setValue('login','attr','uid');
修改后:
$servers->setValue('login','attr','dn');
//$servers->setValue('login','attr','uid');
封存退出
service httpd restart
2.失效功效
三、编辑配置文件slapd.conf
database bdb
suffix "dc=example,dc=com" #变动成自身的域名,比如:dc=test,dc=com#
rootdn "cn=Manager,dc=example,dc=com" #改动管理员名称及域名,举例:cn=admin,dc=test,dc=com#
rootpw此处所写的就是上一步所发出的加密密码#定义LDAP根助理馆员的密码(刚毅提出使用加密的密码卡塔尔国rootpw与加密密码之间最好用按TAB键分隔
剔除原先配置
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap.ldap slapd.d/
service slapd restart
cd /etc/openldap
vi base.ldif 内容如下:
将dc=test,dc=com矫正为投机实际要用的,然后施行
ldapadd -f base.ldif -x -D cn=admin,dc=test,dc=com –w [此处填写ldap管理员admin密码]
接下来重启服务
service slapd restart
登入分界面LOGO隐瞒掉 #在/usr/share/phpldapadmin/htdocs/welcome.php里面修正注释掉第16行新闻就足以了
二、配置openldap
cd /var/lib/ldap
slapd(必要求进行该命令,以调换相关配置文件卡塔 尔(阿拉伯语:قطر
chown ldap:ldap /var/lib/ldap/*
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
service slapd restart
有关slapd.conf该配置文件,不经常安装收尾后大概未有,须要编写制定导入 --->> 下载地址
然后将slapd.conf放置/etc/openldap下
转换管理员密码,而且保留好
slappasswd –h {SSHA} –s redhat(此处的redhat正是密码,能够自由退换卡塔 尔(英语:State of Qatar)
转移的结果注意保存好!
一、需求
1.属性掩没
六、访问测量检验
开荒浏览器输入
用户名:cn=admin,dc=test,dc=om
密码:填写从前安装的密码(写原版的书文,不要填写加密后的密码卡塔尔
2.属性顺序展现
#严重警报:开启客商只可以开到本身的规规矩矩,就无法采取UID登入了
属性掩瞒设置 #原则性217行 找到这一条数据 => $config->custom->appearance['hide_attrs'] = array();
二、功效完成
关闭无名氏登入开关
#$servers->setValue('login','anon_bind',true);
3.行使UID能够登录
客户能够选取账户(自个儿的名字卡塔尔国登陆WEB分界面
#false改为true
#例子:
使用名字能够登陆 #定位414行 找到这一条数据 => #$servers->setValue('login','fallback_dn',false); false改为true
);
部门>客户名>登入密码
4.隐身登入后LOGO标记
隐瞒页眉页脚 #查找关键字minimalMode 找到这一条数据 => $config->custom->appearance['minimalMode'] = true; false改为true
#在文件夹里面页面详细的情况.jpg能够看来功能
$config->custom->appearance['attr_display_order'] = array(
#确认保证这两行不被疏解掉
#现实时间友好安装
5.潜伏侧边开关
超时时间
$servers->setValue('login','timeout',30);
'givenName',
'sn',
'cn',
'uid',
'uidNumber',
'userPassword'
#例子:
$config->custom->appearance['hide_attrs']
= array('objectClass','sn','cn','uid');
只体现客户名,部门(因为是单OU设计为了做区分卡塔尔国,登陆密码
属性顺序显示 #原则性265行 找到这一条数据 => $config->custom->appearance['attr_display_order'] = array();
#在安插文件中(/etc/phpldapadmin/config.php卡塔尔国做如下订正
本文由时时app平台注册网站发布于时时app平台注册网站,转载请注明出处:phpldapadmin具体设置时时app平台注册网站
关键词: