In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
LDAP Architecture deployment LDAP
LDAP is a lightweight directory access protocol, the English full name is Lightweight Directory Access Protocol, generally referred to as LDAP. It is based on the X.500 standard, but it is much simpler and can be customized as needed. Unlike X. 500, LDAP supports TCP/IP, which is necessary to access Internet. The core specification of LDAP is defined in RFC, and all RFC related to LDAP can be found in LDAPman RFC web pages.
Ldap environment installation
1-1 check the system environment
[root@vm0021 xuqizhang] # cat/etc/redhat-release
CentOS release 6.5 (Final)
[root@vm0021 xuqizhang] # # uname-r
2.6.32-431.el6.x86_64
[root@vm0021 xuqizhang] # # uname-m
X86_64
Configure the yum source to keep the original package of rpm
[root@vm0021 xuqizhang] # sed-iContainskeepcache0keepcache1roomg' / etc/yum.conf
[root@vm0021 xuqizhang] # grep keepcache/etc/yum.conf
Keepcache=1
Turn off selinux firewall and firewall
[root@vm0021 xuqizhang] # setenforce 0
[root@vm0021 xuqizhang] # getenforce
Permissive
[root@vm0021 xuqizhang] # / etc/init.d/iptables stop
Time synchronization
[root@vm0021 xuqizhang] # / usr/sbin/ntpdatetime.windows.com
[root@vm0021 xuqizhang] # crontab-e
# time sync
* / 5 * / usr/sbin/ntpdate time.windows.com > / dev/null 2 > & 1
Set the ldap domain name and configure host
[root@vm0021 xuqizhang] # echo "10.1.11.149 baobaotang.org" > > / etc/hosts
[root@vm0021 xuqizhang] # tail-1 / etc/hosts
10.1.11.149 baobaotang.org
[root@vm0021 xuqizhang] # pingbaobaotang.org
PING baobaotang.org (10.1.11.149) 56 (84) bytes of data.
64 bytes from baobaotang.org (10.1.11.149): icmp_seq=1 ttl=64 time=7.37 ms
64 bytes from baobaotang.org (10.1.11.149): icmp_seq=2 ttl=64 time=0.031 ms
Start installing ldap master
Openldap relies on a lot of software. We generally install functional software with yum, and custom software is installed with source code.
Pre-installation: check
[root@vm0021 xuqizhang] # rpm-qa openldap
Openldap-2.4.40-12.el6.x86_64
[root@vm0021 xuqizhang] # rpm-qa | grepopenldap
Openldap-2.4.40-12.el6.x86_64
Openldap-devel-2.4.40-12.el6.x86_64
Installation
[root@vm0021 xuqizhang] # yum-y installopenldap openldap-*-y
[root@vm0021 xuqizhang] # yum-y installnscd nss-pam-ldap nss-* pcre pcre-*
Install and check, ok if the following package appears
[root@vm0021 xuqizhang] # rpm-qa | grepopenldap
Openldap-clients-2.4.40-12.el6.x86_64
Openldap-servers-2.4.40-12.el6.x86_64
Openldap-servers-sql-2.4.40-12.el6.x86_64
Openldap-2.4.40-12.el6.x86_64
Openldap-devel-2.4.40-12.el6.x86_64
Tip: if there is an error in the above installation, it is recommended to install yum separately depending on the package.
Configure ldap master
[root@vm0021 xuqizhang] # cd / etc/openldap/
[root@vm0021 openldap] # ll
Total 20
Drwxr-xr-x. 2 root root 4096 Mar 9 16:47 certs
-rw-r- 1 root ldap 121 May 11 2016 check_password.conf
-rw-r--r-- 1 root root 280 May 11 2016 ldap.conf
Drwxr-xr-x 2 root root 4096 Mar 30 10:31 schema
Drwx- 3 ldap ldap 4096 Mar 30 10:31 slapd.d
The configuration files of centos5 and centos6 ldap have changed. The configuration files of 6 are in the slapd.d directory, and the configuration files of 5 are slapd.conf in the current directory.
[root@vm0021 openldap] # cp/usr/share/openldap-servers/slapd.conf.obsolete slapd.conf # copy template is in the current directory
[root@vm0021openldap] # slappasswd-s admin # generate password, password created by administrator
{SSHA} ZZ7RPi0ih/cr00LurQoTfse1826YbQGj
[root@vm0021 openldap] # slappasswd-s admin | sed-e "s # {SSHA} # rootpw\ t {SSHA} # g" > slapd.conf # is appended to the slapd.conf
[root@vm0021 openldap] # tail-1 slapd.conf
Rootpw {SSHA} XKdLuM/nmj43cQATC42z/CY8YTBClBHB
[root@vm0021 openldap] # cp slapd.confslapd.conf.ori
[root@vm0021 openldap] # vim slapd.conf
Database bdb # is fine by default, which specifies the database to use
Suffix "dc=baobaotang,dc=org" # modify your domain name
# checkpoint 1024 15 # Notes
Rootdn "cn=admin,dc=baobaotang,dc=org" # administrator's rootdn, uniquely marked
Ldap administrator: admin password: admin
Optimization of ldap parameters and parameters of log and cache
# # Log parameters and cat usage
[root@vm0021 openldap] # cat > > / etc/openldap/slapd.conf loglevel 296 # log level
> cachesize 1000 # number of cache records
> checkpoint 2048 10 # files reach 2048 and write back every 10 minutes
> # add end by xqz 2018-3-30
> EOF
Authority control
Delete as follows:
Vim slapd.conf
98 database config # this is written in 2.4. there is no need to delete and add new ones. 2.4 configuration, compatible with 2.3.
99 access to *
100 bydn.exact= "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn= auth" manage
101 by * none
one hundred and two
103 # enable server status monitoring (cn=monitor)
104 database monitor
105 access to *
106 bydn.exact= "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn= auth" read
107 bydn.exact= "cn=Manager,dc=my-domain,dc=com" read
108 by * none
It is OK to add the following content without adding.
96 access to *
97 by self write
98 by users read
99 by anonymous auth
1-2 configure rssyslog to record ldap service log
[root@vm0021 openldap] # cp/etc/rsyslog.conf / etc/rsyslog.conf.ori.$ (date +% F% T)
[root@vm0021 openldap] # echo'# recordldap.log by xqz 2017-03-30'> > / etc/rsyslog.conf
[root@vm0021 openldap] # echo 'local4.* / var/log/ldap.log' > > / etc/rsyslog.conf
[root@vm0021 openldap] # tail-1/etc/rsyslog.conf
Local4.* / var/log/ldap.log
[root@vm0021 openldap] # / etc/init.d/rsyslogrestart
1-3 configure the ldap database path, suggesting that the path may change in versions below 6.4
[root@vm0021 openldap] # ll/var/lib/ldap/ # database path
Total 0
[root@vm0021 openldap] # cp/usr/share/openldap-servers/DB_CONFIG.example / var/lib/ldap/DB_CONFIG
[root@vm0021 openldap] # ll / var/lib/ldap/ # database has been copied over
Total 4
-rw-r--r-- 1 root root845 Mar 30 12:13 DB_CONFIG
Access is authorized. Default is root.
[root@vm0021 openldap] # chown ldap:ldap/var/lib/ldap/DB_CONFIG
[root@vm0021 openldap] # chmod 700/var/lib/ldap/
[root@vm0021 openldap] # ls-l/var/lib/ldap/
Total 4
-rw-r--r-- 1 ldap ldap 845 Mar 30 12:13DB_CONFIG
Filter and check the files in the database
[root@vm0021 openldap] # grep-Ev "# | ^ $" / var/lib/ldap/DB_CONFIG
Set_cachesize 0 268435456 1
Set_lg_regionmax 262144
Set_lg_bsize 2097152
[root@vm0021 openldap] # slaptest-u # execute this command to prove that the database configuration is successful
Config file testing succeeded
1-4 start the ldap-master service
The startup mode of system 5.8is / etc/init.d/ldap start 6.4.The system has changed when it starts. The following is the startup mode of 6.5mm.
[root@vm0021 openldap] # / etc/init.d/slapdstart
Starting slapd: [OK]
[root@vm0021 openldap] # lsof-I: 389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Slapd 24258 ldap 7u IPv4 115368 0t0 TCP *: ldap (LISTEN)
Slapd 24258 ldap 8u IPv6 115369 0t0 TCP *: ldap (LISTEN)
[root@vm0021 openldap] # ps-ef | grep ldap
Ldap 24258 10 12:32? 00:00:01 / usr/sbin/slapd-h ldap:/// ldapi:///-u ldap
Root 24274 23605 0 12:38 pts/1 00:00:00 grep ldap
Boot self-starting, can also be put under rc.local
[root@vm0021 openldap] # chkconfig slapd on
[root@vm0021 openldap] # chkconfig-- listslapd
Slapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
View the startup log
[root@vm0021 openldap] # tail/var/log/ldap.log # if there is no log, your rsyslog server is not equipped.
Mar 30 12:32:57 vm0021 slapd [24257]: @ (#) $OpenLDAP: slapd 2.4.40
(May 10 2016 23:30:49) $# 012#011mockbuild@worker1.bsys.centos.org:
/ builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
The use of commands
[root@vm0021 openldap] # ldap # command usage
Ldapadd ldapdelete ldapmodify ldappasswd ldapurl
Ldapcompare ldapexop ldapmodrdn ldapsearch ldapwhoami
[root@vm0021 openldap] # ldapsearch-LLL-Wmuri x-H ldap://baobaotang.org-D "cn=admin,dc=baobaotang,dc=org"-b "dc=baobaotang,dc=org"(uid=*)"
Enter LDAP Password: # enter password
Ldap_bind: Invalid credentials (49) # there is a problem caused by the version
Solution:
[root@vm0021 openldap] # rm-rf/etc/openldap/slapd.d/* # Delete the default 2.4profile
[root@vm0021 openldap] # slaptest-f/etc/openldap/slapd.conf-F / etc/openldap/slapd.d/ # regenerate slapd.d
58dca609 bdb_monitor_db_open: monitoringdisabled; configure monitor database to enable
Config file testing succeeded
[root@vm0021 openldap] # / etc/init.d/slapdrestart
Stopping slapd: [OK]
Checking configuration files forslapd: [FAILED]
58dca645 ldif_read_file: Permission deniedfor "/ etc/openldap/slapd.d/cn=config.ldif" # Startup error, permission problem
Slaptest: bad configuration file!
[root@vm0021 openldap] # chown-R ldap.ldap/etc/openldap/slapd.d/ # give permission
[root@vm0021 openldap] # / etc/init.d/slapdrestart
Stopping slapd: [FAILED]
Starting slapd: [OK]
[root@vm0021 openldap] # ldapsearch-LLL-Wmuri x-H ldap://baobaotang.org-D "cn=admin,dc=baobaotang,dc=org"-b "dc=baobaotang,dc=org"(uid=*)"
Enter LDAP Password:
No such object (32) # re-query, this will prove it.
Until this problem is solved.
1-5 methods of adding data to ldap master database
Initialize data according to system users and scripts that come with ldap
Add test user test and configure user login environment
[root@vm0021 openldap] # groupadd-g 5000test
[root@vm0021 openldap] # useradd-u 5001-g5000 test
Create root entries and use openLDAP-servers native scripts to generate and import pass/group configurations
[root@vm0021 openldap] # grep test / etc/passwd > passwd.in
[root@vm0021 openldap] # grep test/etc/group > group.in
[root@vm0021 openldap] # yum installmigrationtools-y
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_base.pl > base.ldif
[root@vm0021 openldap] # vi / usr/share/migrationtools/migrate_common.ph # modify lines 71 and 74, and the result is as follows
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "baobaotang.org"
# Default base
$DEFAULT_BASE = "dc=baobaotang,dc=org"
Generate ldap data and import data by referencing scripts
Operation command:
[root@vm0021 openldap] # export LC_ALL=C
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_base.pl > base.ldif
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_base.pl passwd.in passwd.ldif
Dn: dc=baobaotang,dc=org
Dc: baobaotang
ObjectClass: top
ObjectClass: domain
Dn: ou=Hosts,dc=baobaotang,dc=org
Ou: Hosts
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Rpc,dc=baobaotang,dc=org
Ou: Rpc
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Services,dc=baobaotang,dc=org
Ou: Services
ObjectClass: top
ObjectClass: organizationalUnit
Dn:nisMapName=netgroup.byuser,dc=baobaotang,dc=org
Nismapname: netgroup.byuser
ObjectClass: top
ObjectClass: nisMap
Dn: ou=Mounts,dc=baobaotang,dc=org
Ou: Mounts
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Networks,dc=baobaotang,dc=org
Ou: Networks
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=People,dc=baobaotang,dc=org
Ou: People
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Group,dc=baobaotang,dc=org
Ou: Group
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Netgroup,dc=baobaotang,dc=org
Ou: Netgroup
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Protocols,dc=baobaotang,dc=org
Ou: Protocols
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Aliases,dc=baobaotang,dc=org
Ou: Aliases
ObjectClass: top
ObjectClass: organizationalUnit
Dn:nisMapName=netgroup.byhost,dc=baobaotang,dc=org
Nismapname: netgroup.byhost
ObjectClass: top
ObjectClass: nisMap
[root@vm0021 openldap] # ll group.inpasswd.*
-rw-r--r--. 1 root root 13 Mar 31 00:55group.in
-rw-r--r--. 1 root root 39 Mar 31 00:55passwd.in
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_base.pl group.in group.ldif
Dn: dc=baobaotang,dc=org
Dc: baobaotang
ObjectClass: top
ObjectClass: domain
Dn: ou=Hosts,dc=baobaotang,dc=org
Ou: Hosts
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Rpc,dc=baobaotang,dc=org
Ou: Rpc
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Services,dc=baobaotang,dc=org
Ou: Services
ObjectClass: top
ObjectClass: organizationalUnit
Dn:nisMapName=netgroup.byuser,dc=baobaotang,dc=org
Nismapname: netgroup.byuser
ObjectClass: top
ObjectClass: nisMap
Dn: ou=Mounts,dc=baobaotang,dc=org
Ou: Mounts
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Networks,dc=baobaotang,dc=org
Ou: Networks
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=People,dc=baobaotang,dc=org
Ou: People
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Group,dc=baobaotang,dc=org
Ou: Group
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Netgroup,dc=baobaotang,dc=org
Ou: Netgroup
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Protocols,dc=baobaotang,dc=org
Ou: Protocols
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Aliases,dc=baobaotang,dc=org
Ou: Aliases
ObjectClass: top
ObjectClass: organizationalUnit
Dn:nisMapName=netgroup.byhost,dc=baobaotang,dc=org
Nismapname: netgroup.byhost
ObjectClass: top
ObjectClass: nisMap
[root@vm0021 openldap] # ll-al * .ldif
-rw-r--r--. 1 root root 1284 Mar 31 01:09base.ldif
Import the contents of the template file using ldapadd.
Import the user LDIF file into the OpenLDAP directory tree to generate the user
[root@vm0021 openldap] # ldapadd-w admin-Xmuri H ldap://127.0.0.1-D "cn=admin,dc=baobaotang,dc=org"-f base.ldif
Adding new entry "dc=baobaotang,dc=org"
Adding new entry "ou=Hosts,dc=baobaotang,dc=org"
Adding new entry "ou=Rpc,dc=baobaotang,dc=org"
Adding new entry "ou=Services,dc=baobaotang,dc=org"
Adding new entry "nisMapName=netgroup.byuser,dc=baobaotang,dc=org"
Adding new entry "ou=Mounts,dc=baobaotang,dc=org"
Adding new entry "ou=Networks,dc=baobaotang,dc=org"
Adding new entry "ou=People,dc=baobaotang,dc=org"
Adding new entry "ou=Group,dc=baobaotang,dc=org"
Adding new entry "ou=Netgroup,dc=baobaotang,dc=org"
Adding new entry "ou=Protocols,dc=baobaotang,dc=org"
Adding new entry "ou=Aliases,dc=baobaotang,dc=org"
Adding new entry "nisMapName=netgroup.byhost,dc=baobaotang,dc=org"
[root@vm0021 openldap] # ldapadd-x-W-D "cn=Manager,dc=gdy,dc=com"-f group.ldif
Group.ldif: No such file or directory
[root@vm0021 openldap] #
[root@vm0021 openldap] # tail-n 10/etc/group > group
[root@vm0021 openldap] # cat group
Stapusr:x:156:
Stapsys:x:157:
Stapdev:x:158:
Sshd:x:74:
Tcpdump:x:72:
Slocate:x:21:
Smart:x:500:
Ldap:x:55:
Nscd:x:28:
Test:x:5000:
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_group.plgroup group.ldif
[root@vm0021 openldap] # head-n 20group.ldif
Dn:cn=stapusr,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: stapusr
UserPassword: {crypt} x
GidNumber: 156
Dn: cn=stapsys,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: stapsys
UserPassword: {crypt} x
GidNumber: 157
Dn:cn=stapdev,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: stapdev
UserPassword: {crypt} x
GidNumber: 158
[root@vm0021 openldap] # ldapadd-x-W-D "cn=Manager,dc=gdy,dc=com"-f group.ldif
Enter LDAP Password:
Ldap_bind: Invalid credentials (49)
[root@vm0021 openldap] # ldapadd-x-W-D "cn=admin,dc=baobaotang,dc=org"-f group.ldif
Enter LDAP Password:
Adding new entry "cn=stapusr,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=stapsys,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=stapdev,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=sshd,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=tcpdump,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=slocate,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=smart,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=ldap,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=nscd,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=test,ou=Group,dc=baobaotang,dc=org"
[root@vm0021 openldap] # ldapadd-x-W-D "cn=admin,dc=baobaotang,dc=org"-f passwd.ldif
Passwd.ldif: No such file or directory
[root@vm0021 openldap] # tail-n 10 / etc/passwd > passwd
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_group.pl passwd passwd.ldif
[root@vm0021 openldap] # ldapadd-x-W-D "cn=admin,dc=baobaotang,dc=org"-f passwd.ldif
Enter LDAP Password:
Adding new entry "cn=saslauth,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=postfix,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=pulse,ou=Group,dc=baobaotang,dc=org"
Adding new entry "cn=sshd,ou=Group,dc=baobaotang,dc=org"
Ldap_add: Already exists (68) # already exists, never mind
[root@vm0021 openldap] # ll-al * .ldif
-rw-r--r--. 1 root root 1284 Mar 31 01:09base.ldif
-rw-r--r--. 1 root root 1338 Mar 31 01:42group.ldif
-rw-r--r--. 1 root root 1475 Mar 31 01:48passwd.ldif
Check the cat separately.
[root@vm0021 openldap] # cat passwd.ldif
Dn: cn=saslauth,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: saslauth
UserPassword: {crypt} x
GidNumber: 498
MemberUid: 76
Dn:cn=postfix,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: postfix
UserPassword: {crypt} x
GidNumber: 89
MemberUid: 89
Dn: cn=pulse,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: pulse
UserPassword: {crypt} x
GidNumber: 497
MemberUid: 496
Dn: cn=sshd,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: sshd
UserPassword: {crypt} x
GidNumber: 74
MemberUid: 74
Dn:cn=tcpdump,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: tcpdump
UserPassword: {crypt} x
GidNumber: 72
MemberUid: 72
Dn: cn=smart,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: smart
UserPassword: {crypt} x
GidNumber: 500
MemberUid: 500
Dn: cn=ldap,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: ldap
UserPassword: {crypt} x
GidNumber: 55
MemberUid: 55
Dn: cn=nscd,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: nscd
UserPassword: {crypt} x
GidNumber: 28
MemberUid: 28
Dn: cn=nslcd,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: nslcd
UserPassword: {crypt} x
GidNumber: 65
MemberUid: 55
Dn: cn=test,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: test
UserPassword: {crypt} x
GidNumber: 5001
MemberUid: 5000
This is the operation of importing to ldap database.
Backing up ldap data
[root@vm0021 openldap] # ldapsearch-LLL-wadmin-x-H ldap://baobaotang.org-D "cn=admin,dc=baobaotang,dc=org"-b "dc=baobaotang,dc=org" > bak-ldap.ldif
[root@vm0021 openldap] # cat bak-ldap.ldif
Dn: dc=baobaotang,dc=org
Dc: baobaotang
ObjectClass: top
ObjectClass: domain
Dn: ou=Hosts,dc=baobaotang,dc=org
Ou: Hosts
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Rpc,dc=baobaotang,dc=org
Ou: Rpc
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Services,dc=baobaotang,dc=org
Ou: Services
ObjectClass: top
ObjectClass: organizationalUnit
Dn:nisMapName=netgroup.byuser,dc=baobaotang,dc=org
NisMapName: netgroup.byuser
ObjectClass: top
ObjectClass: nisMap
Dn: ou=Mounts,dc=baobaotang,dc=org
Ou: Mounts
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Networks,dc=baobaotang,dc=org
Ou: Networks
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=People,dc=baobaotang,dc=org
Ou: People
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Group,dc=baobaotang,dc=org
Ou: Group
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Netgroup,dc=baobaotang,dc=org
Ou: Netgroup
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Protocols,dc=baobaotang,dc=org
Ou: Protocols
ObjectClass: top
ObjectClass: organizationalUnit
Dn: ou=Aliases,dc=baobaotang,dc=org
Ou: Aliases
ObjectClass: top
ObjectClass: organizationalUnit
Dn:nisMapName=netgroup.byhost,dc=baobaotang,dc=org
NisMapName: netgroup.byhost
ObjectClass: top
ObjectClass: nisMap
Dn:cn=stapusr,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: stapusr
UserPassword:: e2NyeXB0fXg =
GidNumber: 156
Dn:cn=stapsys,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: stapsys
UserPassword:: e2NyeXB0fXg =
GidNumber: 157
Dn: cn=stapdev,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: stapdev
UserPassword:: e2NyeXB0fXg =
GidNumber: 158
Dn: cn=sshd,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: sshd
UserPassword:: e2NyeXB0fXg =
GidNumber: 74
Dn: cn=tcpdump,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: tcpdump
UserPassword:: e2NyeXB0fXg =
GidNumber: 72
Dn:cn=slocate,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: slocate
UserPassword:: e2NyeXB0fXg =
GidNumber: 21
Dn: cn=smart,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: smart
UserPassword:: e2NyeXB0fXg =
GidNumber: 500
Dn: cn=ldap,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: ldap
UserPassword:: e2NyeXB0fXg =
GidNumber: 55
Dn: cn=nscd,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: nscd
UserPassword:: e2NyeXB0fXg =
GidNumber: 28
Dn: cn=test,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: test
UserPassword:: e2NyeXB0fXg =
GidNumber: 5000
Dn:cn=saslauth,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: saslauth
UserPassword:: e2NyeXB0fXg =
GidNumber: 498
MemberUid: 76
Dn: cn=postfix,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: postfix
UserPassword:: e2NyeXB0fXg =
GidNumber: 89
MemberUid: 89
Dn: cn=pulse,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: pulse
UserPassword:: e2NyeXB0fXg =
GidNumber: 497
MemberUid: 496
Ldap master configure web management interface
There are many client-side management interfaces for ldap, such as bmax s structure, web structure and Cmax s structure. We will take bmax s as an example and ldap-account-manager-3.7.tar.gz will explain
This software needs to install the lamp service environment
[root@vm0021 openldap] # yum install httpdphp php-ldap php-gd-y
[root@vm0021 openldap] # rpm-qa httpd phpphp-ldap php-gd
Php-gd-5.3.3-48.el6_8.x86_64
Httpd-2.2.15-56.el6.centos.3.x86_64
Php-ldap-5.3.3-48.el6_8.x86_64
Php-5.3.3-48.el6_8.x86_64
Download ldap-account-manager-3.7.tar.gz from https://www.ldap-account-manager.org/lamcms/ official website
[root@vm0021 openldap] # cd / var/www/html/
Wget http://prdownloads.sourceforge.net/lam/ldap-account-manager-3.7.tar.gz
[root@vm0021 html] # ll
The total dosage is 8944
-rw-r--r--. 1 root root 9157357 March 31 10:47 ldap-account-manager-3.7.tar.gz
[root@vm0021 html] # tar-xfldap-account-manager-3.7.tar.gz
[root@vm0021 html] # cdldap-account-manager-3.7
[root@vm0021 ldap-account-manager-3.7] # cdconfig
[root@vm0021 config] # cp config.cfg_sampleconfig.cfg_sample.bak
[root@vm0021 config] # cp lam.conf_samplelam.conf_sample.bak
[root@vm0021 config] # sed-lam.conf_sample
[root@vm0021 config] # sed-ipositedclockmyracydomaindcThe baobaotangeg 'lam.conf_sample
[root@vm0021 config] # sed-iConclusiondclockcompositedclockorgshig 'lam.conf_sample
[root@vm0021 config] # diff lam.conf_samplelam.conf_sample.bak
13c13
< admins: cn=admin,dc=baobaotang,dc=org --- >Admins: cn=Manager,dc=my-domain,dc=com
55c55
< types: suffix_user:ou=People,dc=baobaotang,dc=org --- >Types: suffix_user:ou=People,dc=my-domain,dc=com
59c59
< types: suffix_group:ou=group,dc=baobaotang,dc=org --- >Types: suffix_group:ou=group,dc=my-domain,dc=com
63c63
< types: suffix_host:ou=machines,dc=baobaotang,dc=org --- >Types: suffix_host:ou=machines,dc=my-domain,dc=com
67c67
< types: suffix_smbDomain:dc=baobaotang,dc=org --- >Types: suffix_smbDomain: dc=my-domain,dc=com
[root@vm0021 html] # mvldap-account-manager-3.7 ldap
[root@vm0021 config] # chown-Rapache.apache / var/www/html/ldap
[root@vm0021 config] # / etc/init.d/httpdrestart
Starting httpd:httpd: apr_sockaddr_info_get () failed for vm0021
Httpd: Could not reliably determine theserver's fully qualified domain name, using 127.0.0.1 for ServerName
[OK]
[root@vm0021 config] # lsof-I: 80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Httpd 2567 root 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2572 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2573 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2574 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2575 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2576 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2577 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2578 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
Httpd 2579 apache 4U IPv6 21230 0t0 TCP *: http (LISTEN)
You can log in to the client and access http://10.1.11.149/ldap/. Study the specific usage by yourself. Of course, there are other tools.
Configure the network service for authentication through the ldap service
Install and configure the svn service (non-Apachesvn)
Enable SASL authentication mechanism for svn server [independent authentication mechanism]
Check it out.
[root@vm0021 html] # rpm-qa | grep sasl
Cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-gssapi-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-md5-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-devel-2.1.23-15.el6_6.2.x86_64
Yum installs related software packages. Check after installation, there will be a push of packages.
[root@vm0021 html] # yum install * sasl*-y
[root@vm0021 openldap] # saslauthd-v # View the list of authentication mechanisms through this command
Saslauthd 2.1.23
Authentication mechanisms: getpwentkerberos5 pam rimap shadow ldap
[root@vm0021 openldap] # grep-I mech/etc/sysconfig/saslauthd #-I ignores case, and MECH=pam adjusts the verification mechanism
# Mechanism to use when checkingpasswords. Run "saslauthd-v" to get a list
# of which mechanism your installation wascompiled with the ablity to use.
MECH=pam
# Options sent to the saslauthd. If theMECH is other than "pam" uncomment the next line.
[root@vm0021 openldap] # sed-sed replace shadow with shadow
# Options sent to the saslauthd. If theMECH is other than "pam" uncomment the next line.
[root@vm0021 openldap] # / etc/init.d/saslauthd restart
Stopping saslauthd: [FAILED]
Starting saslauthd: [OK]
[root@vm0021 openldap] # ps-ef | grep sasl
Root 29453 10 14:35? 00:00:00 / usr/sbin/saslauthd-m/var/run/saslauthd-a shadow
Root 29454 29453 0 14:35? 00:00:00 / usr/sbin/saslauthd-m/var/run/saslauthd-a shadow
Root 29455 29453 0 14:35? 00:00:00 / usr/sbin/saslauthd-m/var/run/saslauthd-a shadow
Root 29456 29453 0 14:35? 00:00:00 / usr/sbin/saslauthd-m/var/run/saslauthd-a shadow
Root 29458 29453 0 14:35? 00:00:00 / usr/sbin/saslauthd-m/var/run/saslauthd-a shadow
Root 29460 28899 0 14:35 pts/1 00:00:00 grep sasl
Command to test the authentication function of the saslauthd process
Admin is the user of the linux system, and admin is the password of the user. If OK "Success appears after execution, the authentication function has worked.
[root@vm0021 openldap] # testsaslauthd-uadmin-padmin # failed verification
0: NO "authentication failed"
[root@vm0021 openldap] # grep admin / etc/passwd # does not have this user name
[root@vm0021 openldap] # id admin
Id: admin: No such user
[root@vm0021 openldap] # useradd admin # create a local system user
[root@vm0021 openldap] # passwd admin # give a password. The password is not shown here. The password I gave is admin.
Changing password for user admin.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
Passwd: all authentication tokens updatedsuccessfully.
Verify again, successful
[root@vm0021 openldap] # testsaslauthd-uadmin-padmin #
0: OK "Success."
Verify through ldap
Man saslauthd configuration file, you will see that this file exists and is hidden, but it can be edited by vi
[root@vm0021 openldap] # ll/etc/saslauthd.conf
Ls: cannot access / etc/saslauthd.conf: Nosuch file or directory
[root@vm0021 config] # sed-iSupplsMECHANGShadowMECHANG' / etc/sysconfig/saslauthd # changed to ldap authentication mechanism
[root@vm0021 config] # / etc/init.d/saslauthdrestart
Stopping saslauthd: [OK]
Starting saslauthd: [OK]
# verify again and fail. What to do next? vi edits this file / etc/saslauthd.conf. By default, it does not exist.
[root@vm0021 config] # testsaslauthd-uadmin-padmin
0: NO "authentication failed"
It's supposed to be a success.
[root@vm0021 openldap] #
[root@vm0021 config] # cat/etc/saslauthd.conf
Ldap_servers:ldap://baobaotang.org/
Ldap_bind_dn: cn=admin,dc=baobaotang,dc=org
Ldap_bind_pw: admin
Ldap_search_base: ou=People,dc=baobaotang,dc=org
Ldap_filter: uid=%U
Ldap_password_atter:userPassword
Because no ldap user has been created before, the test with user1 is not successful because the user does not exist
Let me create a user for ldap, as follows:
[root@vm0021 openldap] # vim adduser.sh
#! / bin/bash
# Add system user
For ldap in {1... 5}; do
If id user$ {ldap} & > / dev/null;then
Echo "System account alreadyexists"
Else
Adduser user$ {ldap}
Echo user$ {ldap} | passwd-- stdinuser$ {ldap} & > / dev/null
Echo "user$ {ldap} system addfinish"
Fi
Done
[root@vm0021 openldap] # chmod + x adduser.sh
[root@vm0021 openldap] #. / adduser.sh
[root@vm0021 openldap] # id user1
Uid=5004 (user1) gid=5004 (user1) groups=5004 (user1)
[root@vm0021 openldap] # testsaslauthd-uuser1-puser1
0: NO "authentication failed"
[root@vm0021 openldap] # tail-n 5/etc/passwd > system
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_passwd.pl system people.ldif
[root@vm0021 openldap] # ll
Total 80
-rwxr-xr-x 1 root root 274 Mar 31 16:43adduser.sh
-rw-r--r-- 1 root root 2671 Mar 31 11:50 bak-ldap.ldif
-rw-r--r-- 1 root root 1284 Mar 31 11:46 base.ldif
Drwxr-xr-x. 2 root root 4096 Mar 9 16:47 certs
-rw-r- 1 root ldap 121 May 11 2016 check_password.conf
-rw-r--r-- 1 root root 132 Mar 31 11:47group
-rw-r--r-- 1 root root 13 Mar 30 15:58group.in
-rw-r--r-- 1 root root 1337 Mar 31 11:47 group.ldif
-rw-r--r-- 1 root root 280 May 11 2016 ldap.conf
-rw-r--r-- 1 root root 501 Mar 31 11:49passwd
-rw-r--r-- 1 root root 39 Mar 30 15:58passwd.in
-rw-r--r-- 1 root root 1478 Mar 31 11:49 passwd.ldif
-rw-r--r-- 1 root root 2150 Mar 31 16:47 people.ldif
Drwxr-xr-x 2 root root 4096 Mar 30 10:31 schema
-rw-r--r-- 1 root root 4459 Mar 30 11:39 slapd.conf
-rw-r--r-- 1 root root 4681 Mar 30 11:05 slapd.conf.ori
Drwx- 3 ldap ldap 4096 Mar 30 14:30 slapd.d
-rw-r--r-- 1 root root 205 Mar 31 16:47system
[root@vm0021 openldap] # tail-n 10/etc/group > group
[root@vm0021 openldap] # / usr/share/migrationtools/migrate_group.pl group group.ldif
[root@vm0021 openldap] # head-n 5people.ldif
Dn: uid=user1,ou=People,dc=baobaotang,dc=org
Uid: user1
Cn: user1
ObjectClass: account
ObjectClass: posixAccount
[root@vm0021 openldap] # cat people.ldif
Dn:uid=user1,ou=People,dc=baobaotang,dc=org
Uid: user1
Cn: user1
ObjectClass: account
ObjectClass: posixAccount
ObjectClass: top
ObjectClass: shadowAccount
UserPassword: {crypt} $6$ oWFU.3BW$1HWbdkYosz9VL6i5wKiRM4I2vT6Hk9zMoyIsyrkSK/.xCKQyiWRxWRHJgBY5xAiXW82qYK94ykvbdHzWZV8hj.
ShadowLastChange: 17256
ShadowMin: 0
ShadowMax: 99999
ShadowWarning: 7
LoginShell: / bin/bash
UidNumber: 5004
GidNumber: 5004
HomeDirectory: / home/user1
Dn:uid=user2,ou=People,dc=baobaotang,dc=org
Uid: user2
Cn: user2
ObjectClass: account
ObjectClass: posixAccount
ObjectClass: top
ObjectClass: shadowAccount
UserPassword: {crypt} $6$ zYODZFJV$8IOdKkUM2mIRFmaKbNd3Mnv38mRawqNylTSTFWru6fXgTPCNpdlNqn1ZI1cAMwYLLElnYKKdNgZWv2eOvMOFk/
ShadowLastChange: 17256
ShadowMin: 0
ShadowMax: 99999
ShadowWarning: 7
LoginShell: / bin/bash
UidNumber: 5005
GidNumber: 5005
HomeDirectory: / home/user2
Dn: uid=user3,ou=People,dc=baobaotang,dc=org
Uid: user3
Cn: user3
ObjectClass: account
ObjectClass: posixAccount
ObjectClass: top
ObjectClass: shadowAccount
UserPassword: {crypt} $6$ kaE/FMPD$oxEh8BewkoeaOejAjmKxH7VtXY13aRTqHTzDaQ9/H8svHTgACVgX0G1/8X7ECgIKT7/LjHRXusqiNbflZEEmS1
ShadowLastChange: 17256
ShadowMin: 0
ShadowMax: 99999
ShadowWarning: 7
LoginShell: / bin/bash
UidNumber: 5006
GidNumber: 5006
HomeDirectory: / home/user3
Dn:uid=user4,ou=People,dc=baobaotang,dc=org
Uid: user4
Cn: user4
ObjectClass: account
ObjectClass: posixAccount
ObjectClass: top
ObjectClass: shadowAccount
UserPassword: {crypt} $6 $lBvP7CR3 $7pDlbuerW58mWILooQVy33yn39nr5gs4ED1VgCH3FUYXk0hhUeTG8kxeQHhdGEUzGN0978eEYiCl.A9T2sp1g1
ShadowLastChange: 17256
ShadowMin: 0
ShadowMax: 99999
ShadowWarning: 7
LoginShell: / bin/bash
UidNumber: 5007
GidNumber: 5007
HomeDirectory: / home/user4
Dn:uid=user5,ou=People,dc=baobaotang,dc=org
Uid: user5
Cn: user5
ObjectClass: account
ObjectClass: posixAccount
ObjectClass: top
ObjectClass: shadowAccount
UserPassword: {crypt} $6 $pz5Ln4/i$o3X2PlZS243cDOvXvlwBPz1tl9rEKVxuri9JQFbyhvR6FFrhtIHCLrEIEZrr/oQG9lDq8IdVVqca8Xyli9DJQ.
ShadowLastChange: 17256
ShadowMin: 0
ShadowMax: 99999
ShadowWarning: 7
LoginShell: / bin/bash
UidNumber: 5008
GidNumber: 5008
HomeDirectory: / home/user5
[root@vm0021 openldap] # ldapadd-x-W-D "cn=admin,dc=baobaotang,dc=org"-f people.ldif
Enter LDAP Password:
Adding new entry "uid=user1,ou=People,dc=baobaotang,dc=org"
Adding new entry "uid=user2,ou=People,dc=baobaotang,dc=org"
Adding new entry "uid=user3,ou=People,dc=baobaotang,dc=org"
Adding new entry "uid=user4,ou=People,dc=baobaotang,dc=org"
Adding new entry "uid=user5,ou=People,dc=baobaotang,dc=org"
[root@vm0021 openldap] # ldapadd-x-W-D "cn=admin,dc=baobaotang,dc=org"-f group.ldif
Enter LDAP Password:
Adding new entry "cn=avahi,ou=Group,dc=baobaotang,dc=org"
Ldap_add: Already exists (68)
[root@vm0021 openldap] # cat group.ldif
Dn: cn=avahi,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: avahi
UserPassword: {crypt} x
GidNumber: 70
Dn: cn=nscd,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: nscd
UserPassword: {crypt} x
GidNumber: 28
Dn: cn=test,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: test
UserPassword: {crypt} x
GidNumber: 5000
Dn: cn=admin,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: admin
UserPassword: {crypt} x
GidNumber: 5002
Dn: cn=ltest,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: ltest
UserPassword: {crypt} x
GidNumber: 5003
Dn: cn=user1,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: user1
UserPassword: {crypt} x
GidNumber: 5004
Dn: cn=user2,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: user2
UserPassword: {crypt} x
GidNumber: 5005
Dn: cn=user3,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: user3
UserPassword: {crypt} x
GidNumber: 5006
Dn: cn=user4,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: user4
UserPassword: {crypt} x
GidNumber: 5007
Dn: cn=user5,ou=Group,dc=baobaotang,dc=org
ObjectClass: posixGroup
ObjectClass: top
Cn: user5
UserPassword: {crypt} x
GidNumber: 5008
[root@vm0021 openldap] # testsaslauthd-uuser1-puser1
0: OK "Success."
[root@vm0021 openldap] # testsaslauthd-uuser2-puser2
0: OK "Success."
# it worked, it's a little exciting here, it's not easy to handle #
The test succeeded
[root@vm0021 openldap] # testsaslauthd-uuser1-puser1 # this user is a ldap user
0: OK "Success."
Summary
Ldap should have corresponding test users and ldap users
Change the configuration in the file
[root@vm0021 openldap] # grep-I mech/etc/sysconfig/saslauthd
# Mechanism to use when checkingpasswords. Run "saslauthd-v" to get a list
# of which mechanism your installation wascompiled with the ablity to use.
MECH=ldap
Adjust the configuration of etc/saslauthd.conf, if not, restart the saslauthd service
Install svn and test
Installation skip ~
Svn is certified by ldap
This is unsuccessful, indicating that there is a problem with permission authentication.
[root@vm0021 openldap] # svn checkoutsvn://10.1.11.149 / tmp-- username=user1-- password=user1
Authentication realm: My First Repository
Username: user1
Password for 'user1':
Next, give permission.
[root@vm0021 conf] # ll / etc/sasl2/
Total 4
-rw-r--r-- 1 root root 49 Nov 10 2015 smtpd.conf
[root@vm0021 conf] # vi/etc/sasl2/svn.conf # does not exist by default. Create a file
[root@vm0021 conf] # cat / etc/sasl2/svn.conf
Pwcheck_method: saslauthd
Mech_list: PLAIN LOCIN
[root@vm0021 conf] # pwd
/ svn/project/conf
[root@vm0021 conf] # sed-I's reply # use-sasl = true@use-sasl = true@g' svnserve.conf
[root@vm0021 conf] # grep use-saslsvnserve.conf
Use-sasl = true # remove this comment
[root@vm0021 openldap] # cd/svn/project/conf/
[root@vm0021 conf] # pkill svnserve
[root@vm0021 conf] # lsof-I: 3690
[root@vm0021 conf] # svnserve-d-r/svn/project/
[root@vm0021 conf] # lsof-I: 3690
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Svnserve 30088 root 3U IPv4 157380 0t0 TCP *: svn (LISTEN)
[root@vm0021 conf] # diff svnserve.conf.baksvnserve.conf
12,13c12,13
< # anon-access = read < # auth-access = write --- >Anon-access = none
> auth-access = write
20c20
< # password-db = passwd --- >Password-db = / svn/project/conf/passwd
27c27
< # authz-db = authz --- >Authz-db = / svn/project/conf/authz
32c32
< # realm = My First Repository --- >Realm = My First Repository
40c40
< # use-sasl = true --- >Use-sasl = true
[root@vm0021 openldap] # svn checkoutsvn://10.1.11.149 / tmp-- username=user1-- password=user1
ATTENTION! Your password for authentication realm:
My First Repository
Can only be stored to diskunencrypted! You are advised toconfigure
Your system so that Subversion can storepasswords encrypted, if
Possible. See the documentation for details.
You can avoid future appearances of thiswarning by setting the value
Of the 'store-plaintext-passwords' optionto either' yes' or 'no' in
'/ root/.subversion/servers'.
Store password unencrypted (yes/no)? Yes
Svn: Authorization failed # indicates that authorization failed, because my previous svn service modified several configuration files, so try to restore the original configuration.
When an authorization failed exception occurs, it is usually in the authz file that the user group or user permissions are not properly configured. Just set [/], which represents all the resources in the root directory. If you want to limit the resources, you can add a subdirectory.
[root@vm0021 conf] # mv svnserve.conf.baksvnserve.conf
Mv: overwrite `svnserve.conf'? Y
[root@vm0021 conf] # ll
Total 12
-rwx- 1 root root 1140 Mar 16 15:31authz
-rwx- 1 root root 340 Mar 16 15:31 passwd
-rw-r--r-- 1 root root 2279 Dec 14 16:00svnserve.conf
[root@vm0021 conf] # cp svnserve.confsvnserve.conf.bak
[root@vm0021 conf] # sed-I's reply # use-sasl = true@use-sasl = true@g' svnserve.conf
[root@vm0021 conf] # diff svnserve.conf.baksvnserve.conf
40c40
< # use-sasl = true --- >Use-sasl = true
[root@vm0021 conf] # pkill svnserve
[root@vm0021 conf] # lsof-I: 3690
[root@vm0021 conf] # svnserve-d-r/svn/project/
[root@vm0021 conf] # lsof-I: 3690
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Svnserve 30131 root 3U IPv4 157592 0t0 TCP *: svn (LISTEN)
[root@vm0021 conf] # svn checkoutsvn://10.1.11.149 / tmp-- username=user1-- password=user1
ATTENTION! Your password for authentication realm:
45e01b91-73e4-4b5e-bf37-88c21b61a46b
Can only be stored to diskunencrypted! You are advised toconfigure
Your system so that Subversion can storepasswords encrypted, if
Possible. See the documentation for details.
You can avoid future appearances of thiswarning by setting the value
Of the 'store-plaintext-passwords' optionto either' yes' or 'no' in
'/ root/.subversion/servers'.
Store password unencrypted (yes/no)? Yes
Checked out revision 6.
It was a success at this time.
Let's test it under windows.
The following indicates success
If you don't understand, please contact the author.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
#! / bin/bashecho-e "\ n\ n*~~DATE:" `date'+% Y/%m/%d% T'` "~
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
