OpenLdap配置mysql作为后台数据库&phpldapadmin搭建
2020-03-01 18:10
811 查看
OpenLdap配置mysql作为后台数据库&phpldapadmin搭建
一、安装依赖包
yum -y install unixODBC.x86_64 unixODBC-devel.x86_64 libdbi-devel.x86_64 libdbi.x86_64 libdbi-dbd-mysql.x86_64 openssl openssl-devel
二、安装mysql
- 下载和安裝mysql源
//下载源 wget https://repo.mysql.com//mysql80-community-release-el7-1.noarch.rpm //安装源 yum -y localinstall mysql80-community-release-el7-1.noarch.rpm
- 在线安装Mysql
yum -y install mysql-community-server
- 启动Mysql
//启动mysql服务 systemctl start mysqld //查看进程 ps -ef |grep mysql //设置开机自启动 systemctl enable mysqld
-
修改root登录密码,设置Mysql可远程访问
mysql安裝完成之後,在/var/log/mysqld.log文件中給root生成了一个临时的默认密码,用grep命令搜一下grep -R "password" /var/log/mysqld.log //2019-08-14T07:15:07.717147Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: yourpassword
通过root临时密码进入数据库:
mysql -u root -p yourpassword
修改密码:
alter user 'root'@'localhost' identified by 'newpassword';
开启远程访问:
update mysql.user set host='%' where user='root'; flush privileges;
-
创建openldap所需的mysql数据库
mysql> create database ldap; mysql> CREATE USER 'ldap'@'%' IDENTIFIED BY 'ldap'; mysql> GRANT ALL PRIVILEGES ON ldap.* TO 'ldap'@'%'; //查看创建的数据库 mysql> show databases;
三、安装配置ODBC驱动
- 安装 ODBC
yum install unixODBC mysql-connector-odbc
- 配置ODBC
打开配置文件
vim /etc/odbc.ini //添加如下内容: [ldap] Description = LdapToMysql Driver = MySQL Database = ldap Server = localhost User = ldap Password = ldap Port = 3306 charset = UTF8
vim /etc/odbcinst.ini //内容如下: [PostgreSQL] Description=ODBC for PostgreSQL Driver=/usr/lib/psqlodbcw.so Setup=/usr/lib/libodbcpsqlS.so Driver64=/usr/lib64/psqlodbcw.so Setup64=/usr/lib64/libodbcpsqlS.so FileUsage=1 [MySQL] Description=ODBC for MySQL Driver=/usr/lib64/libmyodbc8w.so Setup=/usr/libi64/libodbcmyS.so Driver64=/usr/lib64/libmyodbc8a.so Setup64=/usr/lib64/libodbcmyS.so FileUsage=1 [MySQL ODBC 8.0 Unicode Driver] Driver=/usr/lib64/libmyodbc8w.so UsageCount=1 [MySQL ODBC 8.0 ANSI Driver] Driver=/usr/lib64/libmyodbc8a.so UsageCount=1
- 验证是否连接成功
isql -v ldap
连接成功页面如下:
四、安装openldap
使用yum安装过程更方便,但不带slapd.conf配置,后续配置较麻烦,因此选择离线编译安装:
- 安装 LDAP 到/opt 目录下:
1、cd /opt 2、wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.47.tgz 3、tar zxvf openldap-*.tgz 4、mv openldap-2.4.47 openldap 5、cd /opt/openldap 6、./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --infodir=/usr/share/info --enable-sql --disable-bdb --disable-ndb --disable-hdb 7、make depend 8、make 9、make install
- 生成ldap账户密码
slappasswd
//返回“{SSHA}XDEtT6s3MTzrSbHeJl7OlRoqk0w1By1X”
- 修改ldap配置文件
vim /etc/openldap/slapd.conf
//内容:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/libexec/openldap
# moduleload back_mdb.la
# moduleload back_ldap.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# MDB database definitions
#######################################################################
database sql
#maxsize 1073741824
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}7SRnkG7G0epO/p+3BdGrmc3gflJiY6A4
dbname ldap
dbuser ldap
dbpasswd ldap
has_ldapinfo_dn_ru no
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
#directory /var/openldap-data
# Indices to maintain
#index objectClass eq
- 为ldap后台数据库添加对应表结构:
对应的表结构在/opt/openldap/servers/slapd/back-sql/rdbms_depend/目录下
cd /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql
导入表结构:
[root@localhost ~]# mysql -u ldap -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 32 Server version: 8.0.17 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use ldap Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/backsql_create.sql mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_create.sql mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql mysql>source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql
- 运行ldap:
/opt/openldap/servers/slapd/slapd -d 5 -h 'ldap:/// ldapi:///' -f /etc/openldap/slapd.conf &
五、安装和配置 LDAP 管理工具 PHPldapadmin
- 安装 Apache 和 PHP:
yum -y install httpd php php-ldap php-gd php-mbstring php-pear php-bcmath php-xml
- 安装 phpldapadmin:
yum --enablerepo=epel -y install phpldapadmin
- 修改配置文件:
1、vim /etc/phpldapadmin/config.php
//397 行取消注释,398 行添加注释
$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');
2、vim /etc/httpd/conf.d/phpldapadmin.conf
// 修改配置
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
Require ip 10.X.X.X //添加远程访问主机ip
</IfModule>
- 设置开机自启并启动 Apache:
systemctl enable httpd systemctl start httpd
- 访问PHPldapadmin:
在浏览器输入:http://your-serverip/phpldapadmin/ 访问PHPldapadmin
用户名:cn=Manager,dc=example,dc=com 密码:yourpassword
登录页面:
- 点赞
- 收藏
- 分享
- 文章举报
安娜莫
发布了3 篇原创文章 · 获赞 0 · 访问量 310
私信
关注
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Ubuntu安装hive,并配置mysql作为元数据库
- vmware ubuntu linux tomcat Xshell Xftp 搭建网站后台——(六)mysql下载安装配置及编码设置
- 大数据-hive仓库的基础知识配置 hive配置mysql作为源数据存储服务 set的使用 配置当前数据库字段信息
- hive配置mysql数据源作为元数据库
- 用mysql作openldap的后台数据库
- Docker 搭建 Owncloud 并且使用Mysql 作为数据库 平台 Ubuntu 18.04.1 LTS
- HIVE 安装系列(3)配置HIVE 使用Mysql作为元数据的数据库
- 用mysql作openldap的后台数据库
- 『搭建中小型互联网公司后台服务架构』三、后台服务数据库工具mysql安装
- centos MySQL主从配置 ntsysv chkconfig setup命令 配置MySQL 主从 子shell MySQL备份 kill命令 pid文件 discuz!论坛数据库读写分离 双主搭建 mysql.history 第二十九节课
- flask win10环境下配置 mysql 数据库
- 在IDEA配置数据库连接(Mysql)
- Qt 读取数据库配置文件类(以MySQL为例)
- 【oozie】将oozie的数据库配置为mysql
- Mysql在数据库链接上配置编码
- mysql 5.6.73 版本数据库的安装和编码的配置
- mysql----------mysql5.7如何配置主从数据库
- openfire3.9.3服务器的外部数据库配置mysql
- MySQL之——数据库双机热备的配置方法
- 为SQL Server 2012配置镜像注意事项及采用SSD硬盘作为数据库存储磁盘