OpenLdap配置mysql作为后台数据库&phpldapadmin搭建
2020-03-01 18:10
811 查看
OpenLdap配置mysql作为后台数据库&phpldapadmin搭建
一、安装依赖包
yum -y install unixODBC.x86_64 unixODBC-devel.x86_64 libdbi-devel.x86_64 libdbi.x86_64 libdbi-dbd-mysql.x86_64 openssl openssl-devel
二、安装mysql
- 下载和安裝mysql源
//下载源 wget https://repo.mysql.com//mysql80-community-release-el7-1.noarch.rpm //安装源 yum -y localinstall mysql80-community-release-el7-1.noarch.rpm
- 在线安装Mysql
yum -y install mysql-community-server
- 启动Mysql
//启动mysql服务 systemctl start mysqld //查看进程 ps -ef |grep mysql //设置开机自启动 systemctl enable mysqld
-
修改root登录密码,设置Mysql可远程访问
mysql安裝完成之後,在/var/log/mysqld.log文件中給root生成了一个临时的默认密码,用grep命令搜一下grep -R "password" /var/log/mysqld.log //2019-08-14T07:15:07.717147Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: yourpassword
通过root临时密码进入数据库:
mysql -u root -p yourpassword
修改密码:
alter user 'root'@'localhost' identified by 'newpassword';
开启远程访问:
update mysql.user set host='%' where user='root'; flush privileges;
-
创建openldap所需的mysql数据库
mysql> create database ldap; mysql> CREATE USER 'ldap'@'%' IDENTIFIED BY 'ldap'; mysql> GRANT ALL PRIVILEGES ON ldap.* TO 'ldap'@'%'; //查看创建的数据库 mysql> show databases;
三、安装配置ODBC驱动
- 安装 ODBC
yum install unixODBC mysql-connector-odbc
- 配置ODBC
打开配置文件
vim /etc/odbc.ini //添加如下内容: [ldap] Description = LdapToMysql Driver = MySQL Database = ldap Server = localhost User = ldap Password = ldap Port = 3306 charset = UTF8
vim /etc/odbcinst.ini //内容如下: [PostgreSQL] Description=ODBC for PostgreSQL Driver=/usr/lib/psqlodbcw.so Setup=/usr/lib/libodbcpsqlS.so Driver64=/usr/lib64/psqlodbcw.so Setup64=/usr/lib64/libodbcpsqlS.so FileUsage=1 [MySQL] Description=ODBC for MySQL Driver=/usr/lib64/libmyodbc8w.so Setup=/usr/libi64/libodbcmyS.so Driver64=/usr/lib64/libmyodbc8a.so Setup64=/usr/lib64/libodbcmyS.so FileUsage=1 [MySQL ODBC 8.0 Unicode Driver] Driver=/usr/lib64/libmyodbc8w.so UsageCount=1 [MySQL ODBC 8.0 ANSI Driver] Driver=/usr/lib64/libmyodbc8a.so UsageCount=1
- 验证是否连接成功
isql -v ldap
连接成功页面如下:
四、安装openldap
使用yum安装过程更方便,但不带slapd.conf配置,后续配置较麻烦,因此选择离线编译安装:
- 安装 LDAP 到/opt 目录下:
1、cd /opt 2、wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.47.tgz 3、tar zxvf openldap-*.tgz 4、mv openldap-2.4.47 openldap 5、cd /opt/openldap 6、./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --infodir=/usr/share/info --enable-sql --disable-bdb --disable-ndb --disable-hdb 7、make depend 8、make 9、make install
- 生成ldap账户密码
slappasswd //返回“{SSHA}XDEtT6s3MTzrSbHeJl7OlRoqk0w1By1X”
- 修改ldap配置文件
vim /etc/openldap/slapd.conf //内容: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid argsfile /var/run/slapd.args # Load dynamic backend modules: # modulepath /usr/libexec/openldap # moduleload back_mdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # MDB database definitions ####################################################################### database sql #maxsize 1073741824 suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}7SRnkG7G0epO/p+3BdGrmc3gflJiY6A4 dbname ldap dbuser ldap dbpasswd ldap has_ldapinfo_dn_ru no subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. #directory /var/openldap-data # Indices to maintain #index objectClass eq
- 为ldap后台数据库添加对应表结构:
对应的表结构在/opt/openldap/servers/slapd/back-sql/rdbms_depend/目录下
cd /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql
导入表结构:
[root@localhost ~]# mysql -u ldap -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 32 Server version: 8.0.17 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use ldap Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/backsql_create.sql mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_create.sql mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql mysql>source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql
- 运行ldap:
/opt/openldap/servers/slapd/slapd -d 5 -h 'ldap:/// ldapi:///' -f /etc/openldap/slapd.conf &
五、安装和配置 LDAP 管理工具 PHPldapadmin
- 安装 Apache 和 PHP:
yum -y install httpd php php-ldap php-gd php-mbstring php-pear php-bcmath php-xml
- 安装 phpldapadmin:
yum --enablerepo=epel -y install phpldapadmin
- 修改配置文件:
1、vim /etc/phpldapadmin/config.php //397 行取消注释,398 行添加注释 $servers->setValue('login','attr','dn'); // $servers->setValue('login','attr','uid'); 2、vim /etc/httpd/conf.d/phpldapadmin.conf // 修改配置 <IfModule mod_authz_core.c> # Apache 2.4 Require local Require ip 10.X.X.X //添加远程访问主机ip </IfModule>
- 设置开机自启并启动 Apache:
systemctl enable httpd systemctl start httpd
- 访问PHPldapadmin:
在浏览器输入:http://your-serverip/phpldapadmin/ 访问PHPldapadmin
用户名:cn=Manager,dc=example,dc=com 密码:yourpassword
登录页面:
- 点赞
- 收藏
- 分享
- 文章举报
相关文章推荐
- Ubuntu安装hive,并配置mysql作为元数据库
- vmware ubuntu linux tomcat Xshell Xftp 搭建网站后台——(六)mysql下载安装配置及编码设置
- 大数据-hive仓库的基础知识配置 hive配置mysql作为源数据存储服务 set的使用 配置当前数据库字段信息
- hive配置mysql数据源作为元数据库
- 用mysql作openldap的后台数据库
- Docker 搭建 Owncloud 并且使用Mysql 作为数据库 平台 Ubuntu 18.04.1 LTS
- HIVE 安装系列(3)配置HIVE 使用Mysql作为元数据的数据库
- 用mysql作openldap的后台数据库
- 『搭建中小型互联网公司后台服务架构』三、后台服务数据库工具mysql安装
- centos MySQL主从配置 ntsysv chkconfig setup命令 配置MySQL 主从 子shell MySQL备份 kill命令 pid文件 discuz!论坛数据库读写分离 双主搭建 mysql.history 第二十九节课
- flask win10环境下配置 mysql 数据库
- 在IDEA配置数据库连接(Mysql)
- Qt 读取数据库配置文件类(以MySQL为例)
- 【oozie】将oozie的数据库配置为mysql
- Mysql在数据库链接上配置编码
- mysql 5.6.73 版本数据库的安装和编码的配置
- mysql----------mysql5.7如何配置主从数据库
- openfire3.9.3服务器的外部数据库配置mysql
- MySQL之——数据库双机热备的配置方法
- 为SQL Server 2012配置镜像注意事项及采用SSD硬盘作为数据库存储磁盘