Big data and rights management -ldap phpldapadmin installation (4)

table of Contents

First, install the LDAP server

       1, LDAP installation
       2, LDAP server configuration
       3, LDAP create a database
       4, LDAP service start
       5, LDAP is used

Two, phpldapadmin installation

       1, start modify http port
       2, the installation phpldapadmin
       . 3, arranged phpldapadmin (three modified)
       4, and then restart the service
       5, log

---

---

First, install the LDAP server

       1, LDAP installation

       Kerberos with the installation, as used here cdh1 as a server install openldap.

$ yum install openldap openldap-servers openldap-clients openldap-devel compat-openldap -y

       View installed version:

[yuhui@hadoop11 ~]$ rpm -qa openldap
openldap-2.4.40-16.el6.x86_64

       2, LDAP server configuration

       Update the configuration database:

[yuhui@hadoop11 ~]# rm -rf /var/lib/ldap/*
[yuhui@hadoop11 ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[yuhui@hadoop11 ~]# chown -R ldap.ldap /var/lib/ldap

       In previous versions 2.4, OpenLDAP using the slapd.conf configuration file to configure the server, and various configurations of 2.4 to start after slapd.d directory to save the segment is used, it should be noted that the location data that is stored in the directory / etc / openldap / slapd.d. Although the data file of the system is transparent format, it is recommended to use ldapadd, ldapdelete, ldapmodify commands to modify rather than direct editing.
The default configuration file is saved in /etc/openldap/slapd.d, back them up:

[yuhui@hadoop11 ~]# cp -rf /etc/openldap/slapd.d /etc/openldap/slapd.d.bak

       Add some basic configuration, and the introduction of schema openldap:

$ touch  /etc/openldap/slapd.conf

$ echo "include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema" > /etc/openldap/slapd.conf
$ echo -e "pidfile /var/run/openldap/slapd.pid\nargsfile /var/run/openldap/slapd.args" >> /etc/openldap/slapd.conf

       As follows:
       Update slapd.d

$ slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

$ chown -R ldap:ldap /etc/openldap/slapd.d && chmod -R 700 /etc/openldap/slapd.d

       2.3 LDAP service starts

启动 LDAP 服务
chkconfig --add slapd
chkconfig --level 345 slapd on
授权
chown -R ldap.ldap /var/lib/ldap/
/etc/init.d/slapd start

View status verification service port:

[yuhui@hadoop11 ~]# ps aux | grep slapd | grep -v grep
ldap     39526  0.7  0.0 533676 60120 ?        Ssl  15:03   0:00 /usr/sbin/slapd -h  ldap:/// ldapi:/// -u ldap
[yuhui@hadoop11 ~]# netstat -tunlp  | grep :389
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      39526/slapd
tcp        0      0 :::389                      :::*                        LISTEN      39526/slapd

       2.4 LDAP database created

       /Etc/openldap/slapd.d into the catalog, view

/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif 

       We can see some default configuration, for example:

olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com  
olcRootPW: secret  

       Next, the above three update the configuration, as follows:

       Establish modify.ldif files in the following directory /etc/openldap/slapd.d, reads as follows:

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=silentwolfyh,dc=com

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcRootDN
# Temporary lines to allow initial setup
olcRootDN: uid=hue,ou=people,dc=silentwolfyh,dc=com

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: hue

dn: cn=config
changetype: modify
replace: olcAuthzRegexp
olcAuthzRegexp: uid=([^,]*),cn=GSSAPI,cn=auth uid=$1,ou=people,dc=silentwolfyh,dc=com

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcAccess
# Everyone can read everything
olcAccess: {0}to dn.base="" by * read
# The ldapadm dn has full write access
olcAccess: {1}to * by dn="uid=hue,ou=people,dc=silentwolfyh,dc=com" write by * read

       Use the following command to import update the configuration:

[yuhui@hadoop11 slapd.d]# ldapmodify -Y EXTERNAL -H ldapi:/// -f modify.ldif

[yuhui@hadoop11 slapd.d]# pwd
/etc/openldap/slapd.d

       The results are as follows:

       At this time there is no database data, add data, you can manually write ldif file to import some users and groups, or use templates to generate ldif migrationtools tool. Creating setup.ldif file as follows:

dn: dc=silentwolfyh,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: silentwolfyh com
dc: silentwolfyh

dn: ou=people,dc=silentwolfyh,dc=com
objectclass: organizationalUnit
ou: people
description: Users

dn: ou=group,dc=silentwolfyh,dc=com
objectClass: organizationalUnit
ou: group

dn: uid=hue,ou=people,dc=silentwolfyh,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: LDAP admin account
uid: hue
sn: hue
uidNumber: 1001
gidNumber: 100
homeDirectory: /home/ldap
loginShell: /bin/bash

       Use the following command to import the data, the password is previously set hue.

[yuhui@hadoop11 slapd.d]# ldapadd -x -D "uid=hue,ou=people,dc=silentwolfyh,dc=com" -w hue -f setup.ldif

       2.5 LDAP is used
       to import the system user
       then you can from / etc / passwd, / etc / shadow, / etc / groups generated ldif ldap database update, which requires the use migrationtools tools.
       installation:

[yuhui@hadoop11 slapd.d]# yum install migrationtools -y

       Import the user on the current node to ldap can be selectively introduced into the specified user:

# 先添加用户
$ useradd test hive
# 查找系统上的 test、hive 等用户
$ grep -E "impala" /etc/passwd  >/opt/passwd.txt
$ /usr/share/migrationtools/migrate_passwd.pl /opt/passwd.txt /opt/passwd.ldif
$ ldapadd -x -D "uid=ldapadmin,ou=people,dc=silentwolfyh,dc=com" -w secret -f /opt/passwd.ldif

       Into user groups in ldap:

# 生成用户组的 ldif 文件，然后导入到 ldap
$ grep -E "hive" /etc/group  >/opt/group.txt
$ /usr/share/migrationtools/migrate_group.pl /opt/group.txt /opt/group.ldif
$ ldapadd -x -D "uid=hue,ou=people,dc=silentwolfyh,dc=com" -w hue -f /opt/group.ldif

       Ldap user password settings

ldappasswd -x -D 'uid=hue,ou=people,dc=silentwolfyh,dc=com' -w hue "uid=hue,ou=people,dc=silentwolfyh,dc=com" -S

       Note: This is the users and groups to write the script ladp by pl

Two, phpldapadmin installation

Reference:
http://www.pianshen.com/article/112350307/
https://blog.csdn.net/qq_21383435/article/details/83313583

       1, modify the start http port

vi /etc/httpd/conf/httpd.conf

Then restart the service

启动
[yuhui@hadoop11 ~]# service httpd start
停止
[yuhui@hadoop11 ~]# service httpd stop
重启
[yuhui@hadoop11 ~]# service httpd restart

       2, installation phpldapadmin

[yuhui@hadoop11 ~]# yum install phpldapadmin
[yuhui@hadoop11 ~]# rpm -qa | grep  phpldapadmin
phpldapadmin-1.2.3-10.el7.noarch
[yuhui@hadoop11 ~]#

       3, the configuration phpldapadmin (three modified)
       2.1 /etc/httpd/conf.d/phpldapadmin.conf configured to allow remote access to
modify the first /etc/httpd/conf.d/phpldapadmin.conf

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    Require local
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
  </IfModule>
</Directory>

       change into

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  Order Deny,Allow
  Allow from all
</Directory>

       Apache 2.2 second to modify a main configuration file httpd.conf

[yuhui@hadoop11 ~]# vi /etc/httpd/conf/httpd.conf

302 #<Directory />
303 #    AllowOverride none
304 #    Require all denied
305 #</Directory>
306  <Directory />
307     Options FollowSymLinks
308     AllowOverride None
309  </Directory>

Add comment out 302-305 306-309, last
or will be error

Forbidden
You don't have permission to access /phpldapadmin/ on this server.

3.3 modify /etc/phpldapadmin/config.php configured with the DN Log

[yuhui@hadoop11 ~]# vi /etc/phpldapadmin/config.php
$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

       4, and then restart the service

启动
[yuhui@hadoop11 ~]# service httpd start
停止
[yuhui@hadoop11 ~]# service httpd stop
重启
[yuhui@hadoop11 ~]# service httpd restart

       5, log
HTTP: // ip : Port / phpldapadmin

Account: uid = hue, ou = people , dc = silentwolfyh, dc = com
Password: hue