echochio

安裝 ldap

# yum install -y  openldap openldap-clients openldap-servers

設定 ldap 的 /etc/openldap/slapd.conf

### Schema includes ###########################################################
include                 /etc/openldap/schema/core.schema
include                 /etc/openldap/schema/cosine.schema
include                 /etc/openldap/schema/inetorgperson.schema
include                 /etc/openldap/schema/misc.schema
include                 /etc/openldap/schema/nis.schema

## Module paths ##############################################################
modulepath              /usr/lib64/openldap/
moduleload              back_ldap
moduleload              rwm

# Main settings ###############################################################
pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args

### Database definition (Proxy to AD) #########################################
database                ldap
readonly                yes
protocol-version        3
rebind-as-user
uri                     "ldap://192.168.0.200:389"
suffix                  "dc=tw,dc=test"
overlay                 rwm
rwm-map                attribute       uid     sAMAccountName
rwm-map                attribute       mail    proxyAddresses
rwm-map                 attribute       homeDirectory   UNIXHOMEDIRECTORY
rwm-map                 objectclass     posixGroup      group

### Logging ###################################################################
loglevel                0


chase-referrals         no

idassert-authzFrom      "dn.regex:.*"

access                  to *
                        by * read

設  /etc/openldap/ldap.conf

TLS_CACERTDIR   /etc/openldap/certs
sasl-host       localhost
sasl-secprops   none

修改 ldap 初始化

# rm -rf /var/lib/ldap/*
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown -R ldap:ldap /var/lib/ldap/
# rm -rf /etc/openldap/slapd.d/*
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
# chown -R ldap:ldap /etc/openldap/slapd.d
# systemctl restart slapd

安裝 php httpd php-ldap

# yum install php httpd php-ldap
# cd /var/www/html
# wget http://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/1.2.0.3/phpldapadmin-1.2.0.3.tgz?use_mirror=ncu 
# tar zxvf phpldapadmin-1.2.0.3.tgz\?use_mirror\=ncu 
# rm -rf phpldapadmin-1.2.0.3.tgz\?use_mirror\=ncu 
# mv phpldapadmin-1.2.0.3 phpldapadmin
# cp /var/www/html/phpldapadmin/config/config.php.example /var/www/html/phpldapadmin/config/config.php
#  systemctl start httpd

http://<server_ip>/phpldapadmin

用   CN=Administrator,CN=Users,DC=tw,DC=test 登入
 

用  ldapwhoami 查看

#  ldapwhoami -vvv -h 192.168.0.70 -p 389 -D 'CN=Administrator,CN=Users,DC=tw,DC=test' -x -w 'P@ssw0rd'
ldap_initialize( ldap://192.168.0.70:389 )
dn:cn=Administrator,cn=Users,dc=tw,dc=test
Result: Success (0)
#  ldapwhoami -vvv -h 127.0.0.1 -p 389 -D CN=admin,CN=Users,DC=tw,DC=nzgft -x -w 'P@ssw0rd'
ldap_initialize( ldap://127.0.0.1:389 )
dn:cn=admin,cn=Users,dc=tw,dc=test
Result: Success (0)
#  ldapwhoami -vvv -h 127.0.0.1 -p 389 -D CN=enli,OU=資訊部,DC=tw,DC=nzgft -x -w 'P@ssw0rd'
ldap_initialize( ldap://127.0.0.1:389 )
dn:cn=enli,ou=資訊部,dc=tw,dc=nzgft
Result: Success (0)