Chinaunix首页 | 论坛 | 博客
  • 博客访问: 42919
  • 博文数量: 11
  • 博客积分: 1410
  • 博客等级: 上尉
  • 技术积分: 130
  • 用 户 组: 普通用户
  • 注册时间: 2006-01-24 12:37
文章分类
文章存档

2006年(11)

我的朋友
最近访客

分类:

2006-01-24 12:37:52

在使用APACHE的时候总是会接触到验证的问题,而APACHE本身自带的验证已经是非常全的了,这里就用APACHE与LDAP整合来说明一下APACHE的验证.
 
1.安装openldap
openldap-stable-20040329.tgz
db-4.1.25.NC.tar.gz
gunzip < db-4.1.25.NC.tar.gz |tar xvf -
cd db-4.1.25.nc
./configure
make
make install
gunzip < openldap-stable-20040329.tgz |tar xvf -
cd openldap-2.1.29
CPPFLAGS="-I/usr/local/BerkeleyDB.4.1/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.1/lib" ./configure --prefix=/usr/local/openldap --enable-ldbm
make depend
make
make test
make install
PATH=$PATH:/usr/local/openldap/bin
export PATH
修改/usr/local/openldap/etc/openldap/slapd.conf
include         /usr/local/openldap/etc/openldap/schema/core.schema
include         /usr/local/openldap/etc/openldap/schema/corba.schema
include         /usr/local/openldap/etc/openldap/schema/cosine.schema
include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include         /usr/local/openldap/etc/openldap/schema/java.schema
include         /usr/local/openldap/etc/openldap/schema/misc.schema
include         /usr/local/openldap/etc/openldap/schema/nis.schema
include         /usr/local/openldap/etc/openldap/schema/openldap.schema

database        bdb
suffix          "dc=ldaptest,dc=com"
rootdn          "cn=root,dc=ldaptest,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          123456
 
建立basedn.ldif文件
dn: dc=ldaptest,dc=com
dc: ldaptest
objectClass: domain
建立userdn.ldif
dn:cn=user1,dc=ldaptest,dc=com
cn: user1
sn: USER1
uid: user1
userPassword: user1
objectClass: inetOrgPerson
dn:cn=user2,dc=ldaptest,dc=com
cn: user2
sn: USER2
uid: user2
userPassword: user2
objectClass: inetOrgPerson
dn:cn=user3,dc=ldaptest,dc=com
cn: user3
sn: USER3
uid: user3
userPassword: user3
objectClass: inetOrgPerson
dn:cn=user4,dc=ldaptest,dc=com
cn: user4
sn: USER4
uid: user4
userPassword: user4
objectClass: inetOrgPerson

启动LDAP服务器
/usr/local/openldap/libexec/slapd

添加记录:
ldapadd -D "cn=root,dc=ldaptest,dc=com" -w 123456 -f /basedn.ldif
ldapadd -D "cn=root,dc=ldaptest,dc=com" -w 123456 -f /userdn.ldif
 
2.安装apr-1.2.2
./configure
make
make install
3.安装apr-util-1.2.2              
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-ldap-include=/usr/local/openldap/include
--with-ldap-lib=/usr/local/openldap/lib
make
make install
4.安装openssl
./configure
make
make install
5.安装apache-2.2.0(安装再根下的apache2的目录下)
./configure --prefix=/apache2 --enable-so --enable-authnz-ldap --enable-ldap
make
make install

6.配置httpd.conf
将ServerNmae 修改为自己本机的域名或者IP
在最后一行加入 include conf/app_auth.conf
7.配置/apache2/conf/app_auth.conf

AuthType basic
AuthName "private area"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL =*)
require ldap-user "user1"
#require ldap-user "user3"
#require ldap-user "user4"
#require ldap-user "user2"
require valid-user
 

8.当配置完所有的软件以后,就可以启动APACHE了
/apache2/bin/apachectl start
这时候配置的是默认情况,也就是对整个服务器各目录都进行验证,如果需要对单独的地方进行验证,可以查阅Location的用法
 
阅读(1314) | 评论(0) | 转发(0) |
0

上一篇:没有了

下一篇:统计系统信息的一些命令

给主人留下些什么吧!~~