CentOS 4.5 OpenLDAP安装笔记
一,安装openldap
#yum install openldap-servers openldap-devel openldap-clients
二,设置openldap
#vi /etc/openldap/ldap.conf
修改如下:
HOST localhost
BASE dc=cn-gd,dc=umec,dc=com,dc=tw
#vi /etc/openldap/slapd.conf
修改如下:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous read
by dn.base="cn=Manager,dc=smtp,dc=cn-gd,dc=umec,dc=com,dc=tw" write
by * none
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Manager,dc=smtp,dc=cn-gd,dc=umec,dc=com,dc=tw" write
by * none
#设置使用的资料库,也可用lbdm
database bdb
#设置目录后缀
suffix "dc=cn-gd,dc=umec,dc=com,dc=tw"
#设置目录管理员
rootdn "cn=Manager,dc=cn-gd,dc=umec,dc=com,dc=tw"
#设置管理密码,这里用了明文的“secret”密码。这样设置不安全,需使用加密的密码,用MD5加密。密码串用slappasswd -h {MD5}指令生成
rootpw {SSHA}nRVL8guD6AE08vhmsA9K3LZ1YNcn508P
#设置资料库路径
directory /var/lib/ldap
#设置目录项索引
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
三,启动OpenLDAP
#测试配置有没有问题
#slaptest
#启动
#service ldap start
四,建立DN,RDN
#vi umec.ldif
dn: dc=cn-gd,dc=umec,dc=com,dc=tw
dc: cn-gd
objectClass: top
objectClass: domain
dn: ou=mail,dc=cn-gd,dc=umec,dc=com,dc=tw
ou: mail
objectClass: top
objectClass: organizationalUnit
#ldapadd -x -D "cn=Manager,dc=cn-gd,dc=umec,dc=com,dc=tw" -w password -f umec.ldif
五,安装phpldapadmin
#tar -zxvf phpldapadmin-0.9.8.5.tar.gz
#cp -rf ./phpldapadmin-0.9.85 /var/www/html/phpldapadmin
#cd /var/www/html/phpldapadmin/config
#cp config.php.example config.php
#vi config.php
修改几个地方
$config->custom->appearance['language'] = 'zh_TW';
$ldapservers->SetValue($i,'server','name','UMEC LDAP Server');
$ldapservers->SetValue($i,'server','host','localhost');
$ldapservers->SetValue($i,'server','port','389');
$ldapservers->SetValue($i,'server','base',array('dc=cn-gd,dc=umec,dc=com,dc=tw'));
$ldapservers->SetValue($i,'server','auth_type','cookie');
$ldapservers->SetValue($i,'login','dn','cn=Manager,dc=cn-gd,dc=umec,dc=com,dc=tw');
$ldapservers->SetValue($i,'login','pass','secret');
#service httpd restart
六,注意事项
错误一:
# ldapsearch -x -b 'dc=smtp,dc=cn-gd,dc=umec,dc=com,dc=tw' -s base '(objectclass=*)'
ldap_bind: Can't contact LDAP server (-1)
解决:
#vi /etc/hosts.allow
增加如下:
slapd: 172.16.0.0/255.255.0.0 127.0.0.1/255.0.0.0:allow
有的朋友说是删除/var/lib/ldap/_db.001---_db.005等文件再重启就可以了,我试了不行。
#管理员密码更改
#slappasswd
New password
Re-enter new password
{SSHA}nRVL8guD6AE08vhmsA9K3LZ1YNcn508P
参考网页:
基礎設定
http://blog.chinaunix.net/u/7872/showart_31573.html
http://blog.linuxeden.com/index.php/204996/viewspace-6346.html
