Shulou(Shulou.com)06/01 Report--

This article mainly explains the "LDAP Account Manager deployment tutorial", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn the "LDAP Account Manager deployment tutorial" bar!

Part one: install and configure LAMP

1. Configure CentOS7

1. Turn on SSH

Systemctl enable sshd

2. Install rz

Yum-y install lrzsz

After uploading the file, be sure to use the-be parameter (where-b is-binary uploads in binary mode,-e is-escape forces all control characters of escape), otherwise the uploaded file is incomplete.

Rz-be

3. Install wget

Yum-y install wget

4. Close SELINUX

Vi / etc/sysconfig/selinux

Modify the scarlet letter below

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing-SELinux security policy is enforced.

# permissive-SELinux prints warnings instead of enforcing.

# disabled-No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

# targeted-Targeted processes are protected

# minimum-Modification of targeted policy. Only selected processes are protected.

# mls-Multi Level Security protection.

SELINUXTYPE=targeted

5. Turn off the firewall

Systemctl disable firewalld

Removed symlink / etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed symlink / etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

II. Apache

1. Install Apache

Yum-y install httpd httpd-devel

Installation path: / etc/httpd

Configuration file: / etc/httpd/conf/httpd.conf

Module path: / usr/lib64/httpd/modules/

Web directory: / var/www/html

2. Configure httpd to replace the server name with your own environment

Vi / etc/httpd/conf/httpd.conf

# change users and groups

User www

Group www

# add file names that can only be accessed using directory names

DirectoryIndex index.html index.php

# server's response header (Security)

ServerTokens Prod

# keepalive is ON

KeepAlive On

3. Create a corresponding permission account

Groupadd www

Useradd www-g www-s / sbin/nologin-M

4. Start and activate services

Systemctl start httpd

Systemctl enable httpd

III. PHP

1. Installation

Do not use yum install php-fpm installation, otherwise the installation is the old version of PHP in the source. It is best to install it with compilation.

(1) install the necessary components first

Yum-y install gcc gcc-c++ libxml2 libxml2-devel bzip2 bzip2-devel libmcrypt libmcrypt-devel openssl openssl-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel perl perl-devel psmisc.x86_64 recode recode-devel libtidy libtidy-devel

Where the version of libxml2 must be greater than 2.7.0

Note that libmcrypt and libmcrypt-devel are no longer supported by any source, so install them separately

Download libmcrypt-2.5.7.tar.gz

Mkdir / home/software

Cd / home/software

Wget ftp://mcrypt.hellug.gr/pub/crypto/mcrypt/libmcrypt/libmcrypt-2.5.7.tar.gz

Decompression

Tar zxf libmcrypt-2.5.7.tar.gz

Cd libmcrypt-2.5.7

Install with. / configure and make & & make install

Install components separately for the LDAP feature

Yum install-y openldap openldap-devel

(2) download php after that

Cd / home/software

Wget http://cn.php.net/distributions/php-7.2.5.tar.gz

Tar-xvf php-7.2.5.tar.gz

Cd php-7.2.5

. / configure\

-- prefix=/usr/local/php\

-- with-config-file-path=/etc\

-- with-apxs2=/usr/bin/apxs\

-- enable-fpm\

-- with-fpm-user=www\

-- with-fpm-group=www\

-- enable-inline-optimization\

-- disable-debug\

-- disable-rpath\

-- enable-shared\

-- enable-soap\

-- with-libxml-dir\

-- with-xmlrpc\

-- with-openssl\

-- with-mhash\

-- with-pcre-regex\

-- with-sqlite3\

-- with-zlib\

-- enable-bcmath\

-- with-iconv\

-- with-bz2\

-- enable-calendar\

-- with-curl\

-- with-cdb\

-- enable-dom\

-- enable-exif\

-- enable-fileinfo\

-- enable-filter\

-- with-pcre-dir\

-- enable-ftp\

-- with-gd\

-- with-openssl-dir\

-- with-jpeg-dir\

-- with-png-dir\

-- with-zlib-dir\

-- with-freetype-dir\

-- with-gettext\

-- with-gmp\

-- with-mhash\

-- enable-json\

-- enable-mbstring\

-- enable-mbregex\

-- enable-mbregex-backtrack\

-- with-libmbfl\

-- with-onig\

-- enable-pdo\

-- with-mysqli=mysqlnd\

-- with-pdo-mysql=mysqlnd\

-- with-pdo-sqlite\

-- with-readline\

-- enable-session\

-- enable-shmop\

-- enable-simplexml\

-- enable-sockets\

-- enable-sysvmsg\

-- enable-sysvsem\

-- enable-sysvshm\

-- enable-wddx\

-- with-xsl\

-- enable-zip\

-- enable-mysqlnd-compression-support\

-- with-pear\

-- enable-opcache\

-- with-libdir=lib64\

-- with-ldap

Then you may get the error 1:configure: error: Don't know how to define struct flock on this system, set-- enable-opcache=no

Solution: first step, yum groupinstall "Development Tools"

Step 2, 32-bit system

Ln-s / usr/local/MySQL/lib/libmysqlclient.so / usr/lib/

Ln-s / usr/local/mysql/lib/libmysqlclient.so.18 / usr/lib/libmysqlclient.so.18

64-bit system

Ln-s / usr/local/mysql/lib/libmysqlclient.so / usr/lib64/

Ln-s / usr/local/mysql/lib/libmysqlclient.so.18 / usr/lib64/libmysqlclient.so.18

Step 3, add a line / usr/local/lib to / etc/ld.so.conf.d/local.conf

Vi / etc/ld.so.conf.d/local.conf

Ldconfig-v

Error 2:cURL version 7.10.5 or later is required to compile php with cURL support

Solution: yum-y install curl-devel

(3) the final compilation time of PHP:make & & make install is very long, which takes about 10-15 minutes on the Xeon E7 virtual machine.

Modify / etc/profile after completion

Vi / etc/profile

Add the following 2 lines at the end of the document

PATH=$PATH:/usr/local/php/bin

Export PATH

Make the above changes effective immediately

. / etc/profile or source / etc/profile

(4) configure PHP-fpm

① copies the configuration and startup files to the appropriate directory

Cp / home/software/php-7.2.5/php.ini-production / etc/php.ini

Cp / usr/local/php/etc/php-fpm.conf.default / usr/local/php/etc/php-fpm.conf

Cp / usr/local/php/etc/php-fpm.d/www.conf.default / usr/local/php/etc/php-fpm.d/www.conf

Cp / home/software/php-7.2.5/sapi/fpm/init.d.php-fpm / etc/init.d/php-fpm

Chmod + x / etc/init.d/php-fpm

② modifies PHP account

Vi / usr/local/php/etc/php-fpm.d/www.conf

User = www # changed to a non-ROOT account with permission to PHP

Group = www # ditto

Www account must have Apache permission, web directory permission and PHP permission, otherwise 403,404 errors will occur. Or write a more privileged account here.

The User www Group www in the / etc/httpd/conf/httpd.conf file of the previous Apache must be the same as the account used by PHP

③ opens the error echo of PHP

Display_errors = On

⑤ configures Apache to make PHP effective

Vi / etc/httpd/conf/httpd.conf

Add the following line after AddType application*

AddType application/x-httpd-php .php .phtml

Add index.php to DirectoryIndex index.html

DirectoryIndex index.php index.html index.htm

Make sure that the httd.conf file contains the following fields

LoadModule php7_module / usr/lib64/httpd/modules/libphp7.so

Restart httpd

Systemctl restart httpd

2. Start:

/ etc/init.d/php-fpm start

Restart

/ etc/init.d/php-fpm restart

If there is an error during reboot: ERROR: unable to bind listening socket for address' 127.0.0.1 Address already in use 9000mm:

Then:

[root@webserver ~] # netstat-lntup | grep 9000

[root@webserver ~] # killall php-fpm

3. Set boot:

Add a line / usr/local/php/sbin/php-fpm to / etc/rc.d/rc.local to start PHP7

Vi / etc/rc.d/rc.local

Note that CentOS7 does not execute / etc/rc.d/rc.local by default, and requires the permission to modify chmod + x / etc/rc.d/rc.local command.

Part II: install and configure LDAP Account Manager

Cd / home/software

Tar xvfj ldap-account-manager-6.3.tar.bz2

Cd ldap-account-manager-6.3

. / configure-- with-httpd-user=www-- with-httpd-group=www-- with-web-root=/var/www/html/lam

Make install

Chown www:www / var/www/html/lam/-R

Cd / usr/local/lam/etc

Cp config.cfg.sample config.cfg

Chown www:www config.cfg

If you do not use the above command, the following error will occur.

Enter http://IP/lam to access the LAM home page

You will be prompted that there is no configuration file, then click on the upper right corner of the home page: LAM configuration

To configure the global settings first, click: Edit general settings

Enter the Master password default password: lam

In the general setting, only change: session timeout 240

The following log is modified according to your own needs.

After confirmation, you will continue to modify the server configuration file.

Click on the upper right corner of the home page: LAM configuration, and then click: Edit server profiles Click: Manage server profiles

Create a server profile:

Fill in "Profile management"-"Add profile"

Configuration file name: *

Profile password: *

Template: windows_samba4

Click "Add"

Enter the Master password default password: lam

Go to the Manage server profiles page

General Settings Tab

Server Settin

Server address: ldap://192.168.1.160 # server IP or domain name

Activate TLS:no

Tree suffix: dc= # full DC

LDAP search restrictions:-

Display name: Nt-DC1 # is displayed on the login page

Servers that follow referrals: uncheck

Paging result: check

Referential integrity overlay: check

Language setting

Default language: simplified Chinese (China)

Time zone: Asia/Shanghai

Tool Settings-Hidden tool

Server information: uncheck # display in the upper right corner after login

Check the rest.

Safety setting

Login method: fixed list # fixed list means that only the following user can log in to this system

List of legitimate users: CN=LAM,CN=Users,DC=*,DC=**

Account Type Tab

Activate account type-user # delete Groups and Hosts, leaving only Users

LDAP suffix: ou= organizational structure, which OU does dc=*,dc=** # extract users from?

Attribute list: # cn;#sAMAccountName;#mobile;#mail;#userAccountControl;#pwdLastSet;#lastLogon # list displayed in the user tab after login

Custom tag: # leave blank, here modify the name of the user tab

Additional LDAP filter expression: # leave it blank, because there is a LDAP suffix, it will not be written here

Hide: uncheck

Module Tab

Unchanged by default

Module Settin

Windows

Domain: *

The rest are set according to the following figure

After saving, enter http://IP/lam to access the LAM home page.

Problem: login display No default profile set. Please set it in the server profile configuration.

Solution: if the config.cfg configuration is wrong, just change the value of default: to *.

Vi / usr/local/lam/etc/config.cfg

Then re-enter http://IP/lam to access the LAM home page

Enter the password for the DN account LAM

This is the page after login, only the user tab

Click the wrench icon in the upper right table to modify the

Maximum list entry: 1000

Change the GID number to the group name: uncheck

Show account status: check

Modify any user information randomly, indicating that the modification is successful. OK

Thank you for reading, the above is the content of the deployment tutorial of LDAP Account Manager, after the study of this article, I believe you have a deeper understanding of the deployment tutorial of LDAP Account Manager, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.