当前位置：首页 > news >正文

铁岭卫生职业学院官方网站建设网站免费正能量加载要快

news 2025/12/20 10:47:56

铁岭卫生职业学院官方网站建设,网站免费正能量加载要快,wordpress站点如何添加百度分享代码,江西省住房和城乡建设厅网站首页文章目录前言1.yum安装openldap2.配置密码3.导入配置4.定义域5.配置memberof6.配置base dn7.安装phpldapadmin管理8.调整httpd的配置9.调整php的配置10.登陆php管理页面11.同步旧ldapsever用户数据(可省略)12.客户端配置13.对接jumpserver 前言介绍如何在centos7上部署openl… 文章目录前言1.yum安装openldap2.配置密码3.导入配置4.定义域5.配置memberof6.配置base dn7.安装phpldapadmin管理8.调整httpd的配置9.调整php的配置10.登陆php管理页面11.同步旧ldapsever用户数据(可省略)12.客户端配置13.对接jumpserver 前言介绍如何在centos7上部署openldap,并配置memberof进行组管理用户并介入jumpserver堡垒机 openldap参考的是这位大佬的博客,大佬文章的ldif格式有点乱,添加的时候不处理会报错 https://blog.csdn.net/weixin_41004350/article/details/89521170 1.yum安装openldap [rootldapserver 10:37:52 ~]# yum install -y openldap openldap-clients openldap-servers [rootldapserver 10:39:08 ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [rootldapserver 10:39:10 ~]# chown -R ldap. /var/lib/ldap/DB_CONFIG [rootldapserver 10:39:14 ~]# systemctl start slapd [rootldapserver 10:39:14 ~]#systemctl enable slapd [rootldapserver 10:39:20 ~]# systemctl status slapd ● slapd.service - OpenLDAP Server DaemonLoaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)Active: active (running) since 三 2023-07-12 10:39:20 CST; 3s ago2.配置密码我这里涉及到的密码都是000000 [rootldapserver 10:39:24 ~]# slappasswd -s 000000 {SSHA}LSgYPTUW4zjGtIVtuZ8cRUqqFRv1tWpE最后一行使用上面生成的密码 [rootldapserver 10:39:32 ~]# vim changepwd.ldif dn: olcDatabase{0}config,cnconfig changetype: modify add: olcRootPW olcRootPW: {SSHA}LSgYPTUW4zjGtIVtuZ8cRUqqFRv1tWpE[rootldapserver 10:39:47 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f changepwd.ldif SASL/EXTERNAL authentication started SASL username: gidNumber0uidNumber0,cnpeercred,cnexternal,cnauth SASL SSF: 0 modifying entry olcDatabase{0}config,cnconfig 3.导入配置这里可以根据需要导入,不知道需要什么都执行一遍 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/collective.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/corba.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/duaconf.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/dyngroup.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/java.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/misc.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/openldap.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/pmi.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif4.定义域我这里定义的是:dcyinhan,dccom,可根据自己的修改,比如改成dctest,dccom 这里修改建议是在vim模式下批量改:%s/dcyinhan,dccom/dcxxx,dcxxxx/g 这里olcRootPW的密码使用的也是前面生成的000000加密后的密文 [rootldapserver ~]# cat changedomain.ldif dn: olcDatabase{1}monitor,cnconfig changetype: modify replace: olcAccess olcAccess: {0}to * by dn.basegidNumber0uidNumber0,cnpeercred,cnexternal,cnauth read by dn.basecnadmin,dcyinhan,dccom read by * nonedn: olcDatabase{2}hdb,cnconfig changetype: modify replace: olcSuffix olcSuffix: dcyinhan,dccomdn: olcDatabase{2}hdb,cnconfig changetype: modify replace: olcRootDN olcRootDN: cnadmin,dcyinhan,dccomdn: olcDatabase{2}hdb,cnconfig changetype: modify replace: olcRootPW olcRootPW: {SSHA}LSgYPTUW4zjGtIVtuZ8cRUqqFRv1tWpEdn: olcDatabase{2}hdb,cnconfig changetype: modify add: olcAccess olcAccess: {0}to attrsuserPassword,shadowLastChange by dncnadmin,dcyinhan,dccom write by anonymous auth by self write by * none olcAccess: {1}to dn.base by * read olcAccess: {2}to * by dncnadmin,dcyinhan,dccom write by * read[rootldapserver ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f changedomain.ldif SASL/EXTERNAL authentication started SASL username: gidNumber0uidNumber0,cnpeercred,cnexternal,cnauth SASL SSF: 0 modifying entry olcDatabase{1}monitor,cnconfigmodifying entry olcDatabase{2}hdb,cnconfigmodifying entry olcDatabase{2}hdb,cnconfigmodifying entry olcDatabase{2}hdb,cnconfigmodifying entry olcDatabase{2}hdb,cnconfig5.配置memberof [rootldapserver ~]# cat add-memberof.ldif dn: cnmodule{0},cnconfig cn: modulle{0} objectClass: olcModuleList objectclass: top olcModuleload: memberof.la olcModulePath: /usr/lib64/openldapdn: olcOverlay{0}memberof,olcDatabase{2}hdb,cnconfig objectClass: olcConfig objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: top olcOverlay: memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfUniqueNames olcMemberOfMemberAD: uniqueMember olcMemberOfMemberOfAD: memberOf[rootetcd-test 10:45:41 ~]# vim refint1.ldif dn: cnmodule{0},cnconfig add: olcmoduleload olcmoduleload: refint[rootetcd-test 10:45:53 ~]# vim refint2.ldif dn: olcOverlayrefint,olcDatabase{2}hdb,cnconfig objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcRefintConfig objectClass: top olcOverlay: refint olcRefintAttribute: memberof uniqueMember manager owner[rootldapserver ~]# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f add-memberof.ldif adding new entry cnmodule{0},cnconfigadding new entry olcOverlay{0}memberof,olcDatabase{2}hdb,cnconfig[rootldapserver ~]# echo $? 0 [rootldapserver ~]# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif modifying entry cnmodule{0},cnconfig[rootldapserver ~]# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif adding new entry olcOverlayrefint,olcDatabase{2}hdb,cnconfig 6.配置base dn [rootldapserver ~]# cat base.ldif dn: dcyinhan,dccom objectClass: top objectClass: dcObject objectClass: organization o: yinhan Company dc: yinhandn: cnadmin,dcyinhan,dccom objectClass: organizationalRole cn: admindn: ouPeople,dcyinhan,dccom objectClass: organizationalUnit ou: Peopledn: ouGroup,dcyinhan,dccom objectClass: organizationalRole cn: Group[rootldapserver ~]# ldapadd -x -D cnadmin,dcyinhan,dccom -f base.ldif -w 000000 Enter LDAP Password: adding new entry dcyinhan,dccomadding new entry cnadmin,dcyinhan,dccomadding new entry ouPeople,dcyinhan,dccomadding new entry ouGroup,dcyinhan,dccom7.安装phpldapadmin管理这里需要有epel的yum源 [rootldapserver ~]# yum install phpldapadmin -y8.调整httpd的配置增加12行IP为自己的网段 [rootldapserver ~]# cat -n /etc/httpd/conf.d/phpldapadmin.conf 1 #2 # Web-based tool for managing LDAP servers3 #45 Alias /phpldapadmin /usr/share/phpldapadmin/htdocs6 Alias /ldapadmin /usr/share/phpldapadmin/htdocs78 Directory /usr/share/phpldapadmin/htdocs9 IfModule mod_authz_core.c10 # Apache 2.411 Require local12 Require ip 192.168.0.0/1613 /IfModule14 IfModule !mod_authz_core.c15 # Apache 2.216 Order Deny,Allow17 Allow from 127.0.0.118 Allow from ::119 /IfModule20 /Directory9.调整php的配置注释掉389行开启397行 [rootldapserver ~]#vim /etc/phpldapadmin/config.php 397 $servers-setValue(login,attr,dn); 398 //$servers-setValue(login,attr,uid); [rootldapserver phpldapadmin]# systemctl restart httpd10.登陆php管理页面登陆地址: http://ip/ldapadmin 账号为第四步定义的:cnadmin,dcyinhan,dccom 密码也是前面定义的登陆报错解决 [rootldapserver ~]# setsebool -P httpd_can_connect_ldap on11.同步旧ldapsever用户数据(可省略) 我这里原来有一套ldapserver已经跑了很多年了,可以通过slapcat跟slapadd把数据导入到新的server里 [rootldapserver bak]# systemctl stop slapd [rootldapserver bak]# grep dn: uid user.ldif dn: uidtest1,ouPeople,dcyinhan,dccom dn: uidtest2,ouPeople,dcyinhan,dccom[rootldapserver bak]# slapadd -n 2 -l user.ldif .#################### 100.00% eta none elapsed none fast! Closing DB... [rootldapserver bak]# systemctl start slapd 12.客户端配置 [rootcompute02_11bak]# yum install -y openldap-clients nss-pam-ldapd [rootcompute02_11:58:44_~ $ip a|grep inet 17inet 172.16.4.80/16 brd 172.16.255.255 scope global eth0inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0inet 172.20.0.1/16 brd 172.20.255.255 scope global br-b76db9453ac8inet 172.23.0.1/16 brd 172.23.255.255 scope global br-f422a62a0cc9 rootcompute02_11:58:55_~ $authconfig --enablemkhomedir --enableshadow --enableldap --enableldapauth --ldapserverldap://192.168.11.21 --ldapbasedndcyinhan,dccom --disableldaptls --enablecache --disablewinbindauth --disablesssdauth --updateallgetsebool: SELinux is disabled getsebool: SELinux is disabled rootcompute02_11:59:03_~ $id liliangde uid1000(liliangde) gid500(sa_test) 组908(monitorUsers),917(hc_group),902(sa_group),903(dba_group),500(sa_test) rootcompute02_11:59:06_~ $id liliangde1 uid1001(liliangde1) gid500(sa_test) 组500(sa_test)rootcompute02_11:59:07_~ $ssh liliangde1172.16.4.80 liliangde1172.16.4.80s password: Creating directory /data/home/liliangde1. Last login: Tue Jun 28 18:37:23 2022 liliangde1compute02_11:59:35_~ $who root pts/0 2023-08-11 11:57 (mirrors.yh.com) liliangde1 pts/1 2023-08-11 11:59 (compute02)13.对接jumpserver 添加一个新的组,按照红色框勾选的操作这里需要勾选groupOfUnxxx 新组的名称我设置为 test_mem 添加完成通过命令可以通过uniqueMember查看组里面包含哪些用户 [rootldapserver bak]# ldapsearch -LL -Y EXTERNAL -H ldapi:/// (cntest_mem) -b dcyinhan,dccom uniqueMember SASL/EXTERNAL authentication started SASL username: gidNumber0uidNumber0,cnpeercred,cnexternal,cnauth SASL SSF: 0 version: 1dn: cntest_mem,ouGroup,dcyinhan,dccom uniqueMember: cnliliangde,ouPeople,dcyinhan,dccomjumpserver上面配置配置完导入可以看到新的组

查看全文

http://www.dnsts.com.cn/news/11223.html