博客

Centos7+Mysql5.7+LDAP+phpldapadmin搭建

  • Post author:
  • Post category:php



部分一:


1.下载mysql的repo并安装

wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm --no-check-certificate

yum localinstall -y mysql80-community-release-el7-3.noarch.rpm

yum makecache

2.修改repo  /etc/yum.repos.d/mysql-community.repo (把5.7的选项enable)

# Enable to use MySQL 5.7
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql


[mysql80-community]
name=MySQL 8.0 Community Server
baseurl=http://repo.mysql.com/yum/mysql-8.0-community/el/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

4.确认mysql57已经开启

yum list | grep mysql57

5.下载mysql社区版本

wget https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-community-server-5.7.33-1.el7.x86_64.rpm

yum localinstall -y mysql-community-server-5.7.33-1.el7.x86_64.rpm

6.启动mysql

systemctl enable mysqld && systemctl start mysqld

7.确定mysql密码

cat  /var/log/mysqld.log | grep  password

8.设置密码复杂度(如果密码比较复杂的话可以省略这步)

set global validate_password_policy=LOW;

9.设置mysql密码

SET PASSWORD = PASSWORD('test.2020');

部分二:

1.安装mysql的odbc

yum install -y unixODBC mysql-connector-odbc unixODBC-devel

2.修改odbcinst.ini文件

cp /etc/odbcinst.ini /etc/odbcinst.ini.bak

cat > /etc/odbcinst.ini << EOF 

[PostgreSQL]
Description=ODBC for PostgreSQL
Driver=/usr/lib/psqlodbcw.so
Setup=/usr/lib/libodbcpsqlS.so
Driver64=/usr/lib64/psqlodbcw.so
Setup64=/usr/lib64/libodbcpsqlS.so
FileUsage=1

[MySQL]
Description=ODBC for MySQL
Driver=/usr/lib/libmyodbc5.so
Setup=/usr/lib/libodbcmyS.so
Driver64=/usr/lib64/libmyodbc5.so
Setup64=/usr/lib64/libodbcmyS.so
FileUsage=1

[MySQL8]
Driver=/usr/lib64/libmyodbc8w.so
UsageCount=1

[MySQL ODBC 8.0 ANSI Driver]
Driver=/usr/lib64/libmyodbc8a.so
UsageCount=1

EOF

3.添加odbc.ini连接配置文件

cat > /etc/odbc.ini << EOF 

[ldap]
Description = LdapToMysql
Driver = MySQL8
Database = ldap
Server = localhost
User = ldap
Password = test.2020
Port = 3306
charset = UTF8

EOF

4.在mysql5.7中创建ldap库

create database ldap;
CREATE USER 'ldap'@'%' IDENTIFIED BY 'test.2020';
GRANT ALL PRIVILEGES ON ldap.* TO 'ldap'@'%';

5.测试连接性

isql  ldap -v

部分三:

1.安装开发者工具包(如果有gcc g++等这些东西忽略这步)

yum groupinstall -y "Development Tools"

2.下载openldap并编译安装

cd /opt
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.47.tgz
tar zxvf openldap-*.tgz
mv openldap-2.4.47 openldap
cd /opt/openldap
./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc--datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --infodir=/usr/share/info --enable-sql --disable-bdb --disable-ndb --disable-hdb  && make depend && make && make install

3.设置密码

slappasswd

成功后这样的

4.登陆mysql执行sql

mysql -uldap -p
mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/backsql_create.sql
mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_create.sql
mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_data.sql
mysql> source /opt/openldap/servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql

5.添加配置文件

修改 database rootdn dbname rootpw dbuser dbpasswd参数 

cat > /etc/openldap/slapd.conf << EOF

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/libexec/openldap
# moduleload	back_mdb.la
# moduleload	back_ldap.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# MDB database definitions
#######################################################################

database	sql
#maxsize		1073741824
suffix		"dc=example,dc=com"
rootdn		"cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		{SSHA}k77Tf/wkCyCPIQUAk9LwIRfd7BXyrYZ0
dbname ldap
dbuser ldap
dbpasswd test.2020
has_ldapinfo_dn_ru no
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
#directory	/var/openldap-data
# Indices to maintain
#index	objectClass	eq

EOF

5.启动openldap

/opt/openldap/servers/slapd/slapd -d 5 -h 'ldap:/// ldapi:///' -f /etc/openldap/slapd.conf &

部分四:

1.安装phpldapadmin

yum -y install httpd php php-ldap php-gd php-mbstring php-pear php-bcmath php-xml

wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && rpm -ivh epel-release-latest-7.noarch.rpm && rm -rf epel-release-latest-7.noarch.rpm 

yum --enablerepo=epel -y install phpldapadmin

2.修改配置文件

vim /etc/phpldapadmin/config.php
//397 行取消注释,398 行添加注释
$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

3.注意!!!!

修改这个配置文件前确认一下httpd的服务的版本 

httpd -v

2.4前的版本修改 

vim /etc/httpd/conf.d/phpldapadmin.conf
// 修改配置
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
Require ip 10.X.X.X   //添加远程访问主机ip
</IfModule>

2.4以后的版本包含2.4 


Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    AllowOverride All
    Require all granted
  </IfModule>
</Directory>

4.启动httpd服务

systemctl start httpd && systemctl enable httpd

5.打开http://{IP}/phpldapadmin

DN域就在/etc/openldap/slapd.conf这个配置文件下密码就是刚刚输入的slappasswd密码


版权声明:本文为u012814696原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
Tags: