Shulou(Shulou.com)06/02 Report--

Foreword:

In the process of installing and using openldap, I stepped on many pits. Some of them didn't understand it, some others didn't express it clearly. This time, I started from installation, simple permission settings, and dual masters, including associations with confluence, jira, and gitlab.

Install OpenLDAP

Previously compiled and installed, stepped on a lot of pits, and finally chose to use yum installation to facilitate.

`yum install openldap openldap-servers openldap-clients openldap-devel compat-openldap -y`

Openldap back-end database is Berkeley DB, so this also has to be installed, when compiling and installing, there are strict requirements for the version of this database, the pit is very large.

`yum install db4 db4-utils`

While openldap provides enough commands to create, search, and modify data, it's still not as intuitive as the web page display, which we'll use phpldapadmin for.

```

wget https://jaist.dl.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.3/phpldapadmin-1.2.3.zip

unzip phpldapadmin-1.2.3.zip

cp -R phpldapadmin-1.2.3 /var/www/html/phpldapadmin

cd /cd/www/html/phpldapadmin/config

cp config.php.example config.php

```

As with most php applications, you have to copy a configuration file yourself. Remember to modify PHP timezone yo. This was also considered a small pit.

`

yum install php php-ldap php-fpm nginx

sed -i '/; date.timezone/a date.timezone =Asia/Shanghai' /etc/php.ini `

Here is the configuration file for nginx I use

```

vim /etc/nginx/conf/phpldapadmin.conf

server{

listen 80;

server_name ldap.xxx.com;

location / {

index index.html index.php;

root /var/www/html/phpldapadmin;

if (!- e $request_filename) {

rewrite ^/(.*) /index.php?$ 1 last;

}

}

location ~ \.php$ {

root /var/www/html/phpldapadmin;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

}

```

Next, start nginx and php-fpm.

```

service nginx start

service php-fpm start

```

Continue configuring openldap. There are many tutorials on the Internet that configure the slapd.conf file. However, the default/etc/openldap/of yum installation does not have this file, because the new version divides a file into multiple files. If you are not used to it, you can continue to configure the original slapd.conf file, and then change it into multiple configuration files under the slapd.d/directory by command.

First generate the administrator password.

slappasswd

Enter it twice to get a password. My password is 1234.

{SSHA}7Wi/7NzFL/b6y+a7jZsDos5ax3HK0gUZ

Modify database configuration file, set domain name, password, etc.

```

vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif

olcSuffix: dc=xxx,dc=com

#This mainly sets the domain name of the directory root.

oclRootDN: cn=admin,dc=xxx,dc=com

#This is the setting administrator dn, xxx can be replaced with your own domain name ~

#Then add an entry for setting the administrator password to the last line of the song profile ~

olcRootPW: {SSHA}7Wi/7NzFL/b6y+a7jZsDos5ax3HK0gUZ

```

2. Specify monitoring authority

```

vim /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif

dn.base="cn=admin,dc=xxx,dc=com"

#Modify their doomsday domain name

```

3. Set up database cache

```

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown -R ldap:ldap /var/lib/ldap

#Test if there is an error in the configuration file, get `testing succeeded` to indicate no problem

slaptest -u

```

4. Start openldap

`service slapd start`

At this point you can access phpldapadmin. Web page is gone.

User Name: cn=admin,dc=ldap,dc=com

Password: 1234

But there is a pit here, the web page will have a prompt, and then there is no root of the directory tree, because the root node has not yet been created. The operation is as follows:

```

vim base.ldif

#The following is the content of base.ldif

dn: dc=xxx,dc=com

o: ldap

objectclass: dcObject

objectclass: organization

```

Then join the user

`ldapmodify -x -D "cn=admin,dc=luojilab,dc=com" -W -f base.ldif`

If it is centos7 plus a-a parameter, otherwise the old error.

If the prompt `adding new entry "dc=xxx,dc=com"` indicates success ~

There is no problem visiting the web page again the next time ~~

Pour into schema

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.