“Ldap”的版本间的差异
来自Alex's wiki
(→PHPLDAPADMIN配置(因为普通用户能进来做任何事,弃用)) |
|||
(未显示1个用户的49个中间版本) | |||
第1行: | 第1行: | ||
+ | |||
+ | ==安装OpenLdap== | ||
+ | |||
[http://jianshi-dlw.iteye.com/blog/1557846 OpenLDAP学习笔记]<br /> | [http://jianshi-dlw.iteye.com/blog/1557846 OpenLDAP学习笔记]<br /> | ||
[http://kingsz1.iteye.com/blog/842406 CentOS 5.5 安装记录 - (7) LDAP安装和基本配置]<br /> | [http://kingsz1.iteye.com/blog/842406 CentOS 5.5 安装记录 - (7) LDAP安装和基本配置]<br /> | ||
+ | <big>'''[http://www.cnblogs.com/AloneSword/p/4758814.html Centos6 yum安装openldap+phpldapadmin+TLS+双主配置]'''</big><br /> | ||
+ | [http://www.07net01.com/linux/LDAPguanligongju_phpLDAPadmin_deanzhuangpeizhi_12782_1346508702.html LDAP管理工具:phpLDAPadmin 的安装配置] | ||
+ | <source lang=bash> | ||
+ | yum install openldap openldap-servers openldap-clients openldap-devel compat-openldap --setopt=protected_multilib=false | ||
+ | </source> | ||
+ | |||
+ | vi /etc/openldap/slapd.conf | ||
+ | |||
+ | |||
+ | ldapadd -D "cn=Manager,dc=openldap,dc=imback,dc=net" -W -x -f base.ldif | ||
+ | |||
+ | {SSHA}Tt7VVYAJAwrwN0IKEf14j5Lj1BXO2U9k | ||
+ | |||
+ | ==安装php-ldap扩展(这是基于LNMP里的PHP的扩展,LDAP未用到)== | ||
+ | [http://www.sijitao.net/1851.html 不重新编译为PHP增加LDAP模块的支持] | ||
+ | <source lang=bash> | ||
+ | cd /home/package/lnmp/lnmp1.2-full/src/php-5.5.25/ext/ldap | ||
+ | /usr/local/php/bin/phpize | ||
+ | cp -frp /usr/lib64/libldap* /usr/lib/ | ||
+ | ./configure -with-ldap -with-php-config=/usr/local/php/bin/php-config | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | ls -l /usr/local/php/lib/php/extensions/no-debug-non-zts-20121212/ | ||
+ | |||
+ | vi /usr/local/php/etc/php.ini | ||
+ | #然后添加 extension = "ldap.so" | ||
+ | </source> | ||
+ | |||
+ | ==phpLdapAdmin配置(因为普通用户能进来做任何事,弃用)== | ||
+ | vi /etc/httpd/conf/httpd.conf | ||
+ | <source lang=bash> | ||
+ | Listen 8011 | ||
+ | <VirtualHost *:8011> | ||
+ | ServerName openldap.imback.net | ||
+ | DocumentRoot /usr/share/phpldapadmin | ||
+ | Alias /phpldapadmin /usr/share/phpldapadmin/htdocs | ||
+ | Alias /ldapadmin /usr/share/phpldapadmin/htdocs | ||
+ | |||
+ | <Directory /usr/share/phpldapadmin/htdocs> | ||
+ | Order Deny,Allow | ||
+ | Allow from all | ||
+ | Allow from 127.0.0.1 192.168.1.0/24 | ||
+ | Allow from ::1 | ||
+ | </Directory> | ||
+ | </VirtualHost> | ||
+ | </source> | ||
+ | service httpd restart | ||
+ | |||
+ | vi /etc/phpldapadmin/config.php | ||
+ | <source lang=php> | ||
+ | $servers->setValue('server','host','127.0.0.1'); | ||
+ | $servers->setValue('server','port',389); | ||
+ | $servers->setValue('server','base',array('dc=openldap,dc=imback,dc=net')); | ||
+ | $servers->setValue('login','auth_type','cookie'); | ||
+ | $servers->setValue('login','bind_id','cn=Manager,dc=openldap,dc=imback,dc=net'); | ||
+ | $servers->setValue('login','bind_pass','xxxxxxxxxxxxxx'); | ||
+ | $servers->setValue('login','attr','dn'); | ||
+ | </source> | ||
+ | |||
+ | ==添加用户流程== | ||
+ | ===LAM系统=== | ||
+ | #打开 http://openldap.imback.net/lam 点击添加用户 | ||
+ | #个人信息里: | ||
+ | ##名字,如:成磊 | ||
+ | ##姓,如:乔 | ||
+ | #unix里: | ||
+ | ##用户名(即uid),如:qiaochenglei | ||
+ | ##全名(即cn),如:qiaochenglei | ||
+ | #点击保存 | ||
+ | #点击设置密码 | ||
+ | #点击保存 | ||
+ | |||
+ | ===phpLdapAdmin系统=== | ||
+ | #打开 http://openldap.imback.net/htdocs | ||
+ | #选中用户 如 cn=qiaochenglei,ou=People,dc=openldap,dc=imback,dc=net | ||
+ | #增加新的属性,选Password 设置一个密码 | ||
+ | ==SSP== | ||
+ | 部署self-service-password前先要配置slapd,以允许用户自己改密码:[http://linuxtec.blog.51cto.com/10426562/1707732 LDAP 用户更改自己的密码]<br /> | ||
+ | <source lang=bash> | ||
+ | #下面的控制权限的语句。 | ||
+ | access to dn.subtree="ou=People,dc=openldap,dc=imback,dc=net" attrs=userPassword,shadowLastChange | ||
+ | by dn="cn=Manager,dc=openldap,dc=imback,dc=net" write | ||
+ | by self write | ||
+ | by anonymous auth | ||
+ | by * read | ||
+ | |||
+ | </source> | ||
+ | 通过Apache8011端口: /etc/httpd/conf/httpd.conf<br /> | ||
+ | 安装位置:/home/wwwroot/self-service-password/<br /> | ||
+ | Nginx代理:/usr/local/nginx/conf/vhost/cf.qiaochenglei.cn.conf<br /> | ||
+ | http://ltb-project.org/wiki/documentation/self-service-password/latest/config_general | ||
+ | |||
+ | ==GOGS使用LDAP认证== | ||
+ | https://gogs.io/docs/features/authentication | ||
+ | ;用户过滤规则:(&(objectClass=person)(uid=%s)) |
2019年11月26日 (二) 12:45的最后版本
目录
安装OpenLdap[编辑]
OpenLDAP学习笔记
CentOS 5.5 安装记录 - (7) LDAP安装和基本配置
Centos6 yum安装openldap+phpldapadmin+TLS+双主配置
LDAP管理工具:phpLDAPadmin 的安装配置
yum install openldap openldap-servers openldap-clients openldap-devel compat-openldap --setopt=protected_multilib=false
vi /etc/openldap/slapd.conf
ldapadd -D "cn=Manager,dc=openldap,dc=imback,dc=net" -W -x -f base.ldif
{SSHA}Tt7VVYAJAwrwN0IKEf14j5Lj1BXO2U9k
安装php-ldap扩展(这是基于LNMP里的PHP的扩展,LDAP未用到)[编辑]
cd /home/package/lnmp/lnmp1.2-full/src/php-5.5.25/ext/ldap /usr/local/php/bin/phpize cp -frp /usr/lib64/libldap* /usr/lib/ ./configure -with-ldap -with-php-config=/usr/local/php/bin/php-config make make install ls -l /usr/local/php/lib/php/extensions/no-debug-non-zts-20121212/ vi /usr/local/php/etc/php.ini #然后添加 extension = "ldap.so"
phpLdapAdmin配置(因为普通用户能进来做任何事,弃用)[编辑]
vi /etc/httpd/conf/httpd.conf
Listen 8011 <VirtualHost *:8011> ServerName openldap.imback.net DocumentRoot /usr/share/phpldapadmin Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs> Order Deny,Allow Allow from all Allow from 127.0.0.1 192.168.1.0/24 Allow from ::1 </Directory> </VirtualHost>
service httpd restart
vi /etc/phpldapadmin/config.php
$servers->setValue('server','host','127.0.0.1'); $servers->setValue('server','port',389); $servers->setValue('server','base',array('dc=openldap,dc=imback,dc=net')); $servers->setValue('login','auth_type','cookie'); $servers->setValue('login','bind_id','cn=Manager,dc=openldap,dc=imback,dc=net'); $servers->setValue('login','bind_pass','xxxxxxxxxxxxxx'); $servers->setValue('login','attr','dn');
添加用户流程[编辑]
LAM系统[编辑]
- 打开 http://openldap.imback.net/lam 点击添加用户
- 个人信息里:
- 名字,如:成磊
- 姓,如:乔
- unix里:
- 用户名(即uid),如:qiaochenglei
- 全名(即cn),如:qiaochenglei
- 点击保存
- 点击设置密码
- 点击保存
phpLdapAdmin系统[编辑]
- 打开 http://openldap.imback.net/htdocs
- 选中用户 如 cn=qiaochenglei,ou=People,dc=openldap,dc=imback,dc=net
- 增加新的属性,选Password 设置一个密码
SSP[编辑]
部署self-service-password前先要配置slapd,以允许用户自己改密码:LDAP 用户更改自己的密码
#下面的控制权限的语句。 access to dn.subtree="ou=People,dc=openldap,dc=imback,dc=net" attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=openldap,dc=imback,dc=net" write by self write by anonymous auth by * read
通过Apache8011端口: /etc/httpd/conf/httpd.conf
安装位置:/home/wwwroot/self-service-password/
Nginx代理:/usr/local/nginx/conf/vhost/cf.qiaochenglei.cn.conf
http://ltb-project.org/wiki/documentation/self-service-password/latest/config_general
GOGS使用LDAP认证[编辑]
https://gogs.io/docs/features/authentication
- 用户过滤规则
- (&(objectClass=person)(uid=%s))