一、安装ldap 1、安装依赖LDAP一般指轻型目录访问协议,基本概念这里就不介绍了,网上有很多相关的介绍。 公司内部服务很多,如gitlab、wiki、jira等,如果每个服务创建一个账户,维护起来很不方便,一般通过ldap来解决这种场景。
yum install *ltdl* gcc gcc-c++ -y2、安装BDB
tar -zxvf db-5.1.29.tar.gz cd db-5.1.29/build_unix/ ../dist/configure --prefix=/data/berkeleydb-5.1.29 make && make install3、更新lib库
echo "/data/berkeleydb-5.1.29/lib/" > /etc/ld.so.conf ldconfig -v4、安装OpenLDAP
tar -zxvf openldap-2.4.44.tgz cd openldap-2.4.44 ./configure --prefix=/data/openldap-2.4.44 --enable-syslog --enable-modules --enable-debug --with-tls CPPFLAGS=-I/data/berkeleydb-5.1.29/include/ LDFLAGS=-L/data/berkeleydb-5.1.29/lib/ make depend make make install5、设置可执行命令
ln -s /data/openldap-2.4.44/bin/* /usr/local/bin/ ln -s /data/openldap-2.4.44/sbin/* /usr/local/sbin/6、配置rootdn密码
#设置为123456 cd /data/openldap-2.4.44/ slappasswd
密码串: {SSHA}ZBIzcb0WtUUJU1zogxZsooNPCprcR2kO
7、修改配置文件slapd.conf
cd /data/openldap-2.4.44/etc/openldap/ vim slapd.conf #添加模块 include /data/openldap-2.4.44/etc/openldap/schema/core.schema include /data/openldap-2.4.44/etc/openldap/schema/collective.schema include /data/openldap-2.4.44/etc/openldap/schema/corba.schema include /data/openldap-2.4.44/etc/openldap/schema/cosine.schema include /data/openldap-2.4.44/etc/openldap/schema/duaconf.schema include /data/openldap-2.4.44/etc/openldap/schema/dyngroup.schema include /data/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema include /data/openldap-2.4.44/etc/openldap/schema/java.schema include /data/openldap-2.4.44/etc/openldap/schema/misc.schema include /data/openldap-2.4.44/etc/openldap/schema/nis.schema include /data/openldap-2.4.44/etc/openldap/schema/openldap.schema include /data/openldap-2.4.44/etc/openldap/schema/pmi.schema include /data/openldap-2.4.44/etc/openldap/schema/ppolicy.schema8、初始化OpenLADP(optional)
cd /data/openldap-2.4.44/var/openldap-data/ mv DB_CONFIG.example DB_ConFIG9、启动OpenLADP
#直接在后台工作 /data/openldap-2.4.44/libexec/slapd #在前端工作,输出debug信息 /data/openldap-2.4.44/libexec/slapd -d 256二、安装LAM 1、安装http和PHP
yum -y remove php* yum install httpd php php-bcmath php-gd php-mbstring php-xml php-ldap php-zip php-gmp php-json -y2、安装lam
tar jxf ldap-account-manager-7.3.tar.bz2 mv ldap-account-manager-7.3 ldap mv ldap /var/www/html/ #修改配置 cd /var/www/html/ldap/config/ cp config.cfg.sample config.cfg cp unix.conf.sample lam.conf sed -i "s/dc=my-domain,dc=com/dc=jueceshu,dc=com/g" lam.conf sed -i "s/cn=Manager/cn=admin/g" lam.conf sed -i "s/dc=yourdomain,dc=org/dc=jueceshu,dc=com/g" lam.conf chown -R apache.apache /var/www/html/ldap/3、启动http
systemctl start httpd systemctl enable httpd4、访问
http://192.168.3.173/ldap/templates/login.php 密码为: 1234565、创建ldap用户
vim ning.ldif
dn: uid=ning,ou=People,dc=jueceshu,dc=com
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
givenName: ning
sn: ning
displayName: ning
uid: ning
homeDirectory: /home/ning
loginShell: /bin/bash
mail: xingning@treesmob.com
cn: ning
uidNumber: 10003
gidNumber: 10000
userPassword: {SSHA}5BVwoIY5sKgjrTGneWZnpY2jW1AMHhKs
#密码创建和ldap的一样
vim group.ldif
dn: cn=xing,ou=Group,dc=jueceshu,dc=com
objectclass: top
objectClass: posixGroup
description: xing
cn: xing
gidNumber: 10000
memberUid: ceshi
#创建用户
ldapadd -x -D "cn=admin,dc=jueceshu,dc=com" -W -f group.ldif
ldapadd -x -D "cn=admin,dc=jueceshu,dc=com" -W -f ning.ldif
创建成功
把用户添加到xing组中去
vim user.ldif
dn: uid=ceshi,ou=People,dc=jueceshu,dc=com
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
givenName: ceshi
sn: ceshi
displayName: ceshi
uid: ceshi
homeDirectory: /home/ceshi
loginShell: /bin/bash
mail: xingning@treesmob.com
cn: ceshi
uidNumber: 10002
gidNumber: 10000
userPassword: {SSHA}5BVwoIY5sKgjrTGneWZnpY2jW1AMHhKs
dn: cn=ceshi,ou=Group,dc=jueceshu,dc=com
objectclass: top
objectClass: groupOfUniqueNames
description: ceshi
cn: ceshi
uniquemember: uid=ceshi,ou=People,dc=jueceshu,dc=com
三、连接wiki与jira
1、jira、wiki关联时选择方式 2、Jira、wiki连接ldap目录配置
高级设置默认即可
以上就是我对ldap使用记录,大家如果有问题可以私信我哈
