017 Wunca30 Handbook

Private Cloud Storage ownCloud
LDAP(OpenLDAP)
22-23 2558

1 LINUX CENTOS 6.5 .............................................................................................................. 1
2 OPENLDAP CENTOS 6.5 ...................................................................... 6
3 PHPLDAPADMIN........................................................................................... 11
4 OWNCLOUD 7.04 CENTOS 6.5......................................................... 13
5 OWNCLOUD 7.0.4 OPENLDAP.................................................. 17
6 PHP 5.3.3 PHP 5.5.20 ........................................................................... 20
WUNCA 30
1 Linux CENTOS 6.5
WUNCA 30
Basic Storage
WUNCA 30
user root
Replace Linux Linux
WUNCA 30
Harddisk
Basic Server
WUNCA 30
Reboot
Package selection Software Development

#vim /etc/selinux/config
i insert SeLinux enforcing disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced. (default)
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Esc + : w q
WUNCA 30
2 OpenLDAP CentOS 6.5
http://ihazem.wordpress.com/2011/11/29/installing-and-configuring-openldap-on-centos-5/
Install EPEL repository in CentOS
#wget http://mirror-fpt-telecom.fpt.net/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
#rpm -Uhv epel-release-6-8.noarch.rpm
( Error TLS )
OpenLDAP
# yum -y install openldap openldap-servers openldap-clients
Create Certificate
# cd /etc/pki/tls/certs
# make slapd.pem
Country Name (2 letter code) [XX]: TH

State or Province Name (full name) []: Songkhla
Locality Name (eg, city) [Default City]:Mung
Organization Name (eg, company) [Default Company Ltd]: SKRU
Organizational Unit Name (eg, section) []:ICT
Common Name (eg, your name or your server's hostname) []:
Email Address []:
#chmod 640 slapd.pem
#chown root:ldap slapd.pem
#ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/certs/slapd.pem
WUNCA 30
Generate LDAP Manager password
#slappasswd
New password: ******
Re-enter new password: ******
{SSHA}wdsKizh0mBZ1bP4q7YzG2FsO25VoJvNs Copy Configure
Copy {SSHA}SQhwTQJVnigb57aZJdZzFiD5P/f1Z3gv Notepad
slapd config file
#cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# vim /etc/openldap/slapd.conf
: Mode Insert ESC
66 # 3 replace the following three lines
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
115 117 Find and replace all dc=my-domain to your own domain.
suffix
dc=<your_domain>,dc=com
rootdn
cn=Manager,dc=<your_domain>,dc=com
123 Search for rootpw and add the {SSHA}********************* you copied earlier,
ensuring all other rootpw are commented out
# rootpw
secret
# rootpw
{crypt}ijFYNcSNctBYg
rootpw
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Esc+ :wq
Enable SSL over LDAP
#vim /etc/sysconfig/ldap
16 no yes
SLAPD_LDAPS=yes
Esc+ :wq
WUNCA 30
ldap config file
#vim /etc/openldap/ldap.conf
8 9 #
BASE dc=<your_domain>,dc=com
URI ldap://localhost
TLS_REQCERT never
#this line probably won't exist so add it to the bottom
Esc+ :wq
initial LDAP structure
#vim /root/root.ldif
dn: dc=<your_domain>,dc=com
dc: <your_domain>
objectClass: dcObject
objectClass: organizationalUnit
ou: <your_domain>.com
dn: ou=people,dc=<your_domain>,dc=com
ou: people
dn: ou=groups,dc=<your_domain>,dc=com
ou: groups
dn: dc=ldapserver,dc=com
dc: ldapserver
ou: ldapserver.com
dn: ou=people,dc=ldapserver,dc=com
ou: people
dn: ou=groups,dc=ldapserver,dc=com
ou: groups
Esc+ :wq
slapd Base ldap
WUNCA 30
#rm -rf /etc/openldap/slapd.d/*
#slapadd -v -n 2 -l /root/root.ldif
added: "dc=ldapserver,dc=com" (00000001)

_##############
70.96% eta none elapsed
"ou=people,dc=ldapserver,dc=com" (00000002)
added: "ou=groups,dc=ldapserver,dc=com" (00000003)
.#################### 100.00% eta none elapsed
Closing DB...
#chown -R ldap:ldap /var/lib/ldap

#chown -R ldap:ldap /etc/openldap/slapd.d
none spd 254.6 /s added:
LDAP config
#chkconfig slapd on
#service slapd start
Starting slapd:
[ OK ]
LDAP
#ldapsearch -x -ZZ -h localhost
# extended LDIF
#
# LDAPv3
# base <dc=ldapserver,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ldapserver.com
dc: ldapserver
ou: ldapserver.com
# people, ldapserver.com
spd 272.0 /s
WUNCA 30
ou: people
.
#ldapsearch -x -H ldaps://localhost
# extended LDIF
#
# LDAPv3
# base <dc=ldapserver,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ldapserver.com
dc: ldapserver
ou: ldapserver.com
# people, ldapserver.com
10
WUNCA 30
3 phpLDAPadmin
http://www.itmanx.com/kb/centos6/install-openldap-phpldapadmin
http://www.tecmint.com/install-openldap-server-and-administer-with-phpldapadmin-indebianubuntu/
phpldapadmin
#yum -y install phpldapadmin
Allow access from your network
#vim /etc/httpd/conf.d/phpldapadmin.conf
13
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Allow from 192.168.0 # 13
#vim /etc/phpldapadmin/config.php
Comment 398
//$servers->setValue('login','attr','uid');
Setup HTTPD service
#chkconfig httpd on
#service httpd start
Log in to phpLDAPadmin
port tcp 636 389 LDAP
setup
Firewall
Customize Forward tcp 636 tcp 389
11
WUNCA 30
phpldapadmin
http://your_ip_address/phpldapadmin
DN: cn=Manager,dc=ldapserver,dc=com
Password : slapdpassword
12
WUNCA 30
13
4 ownCloud 7.04 CentOS 6.5

Download package https://owncloud.org/install/
Install EPEL repository in CentOS

#wget http://mirror-fpt-telecom.fpt.net/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
#rpm -Uhv epel-release-6-8.noarch.rpm
( Error TLS )

#yum install httpd php php-mysql mysql-server sqlite php-dom php-mbstring php-gd php-pdo
php-json php-xml php-zip php-gd curl php-curl y

Apache 2.2
Mysql 5.0
Php 5.3.3
ownCloud Openldap
#yum install -y php-ldap openldap-clients
Download wget package Owncloud http://download.owncloud.org
#wget http://download.owncloud.org/community/owncloud-7.0.4.tar.bz2
Download
#tar xvf owncloud-7.0.4.tar.bz2
Folder Folder Apache
#mv owncloud /var/www/html/

#chown -R apache.apache /var/www/html/owncloud
#chmod 777 /var/www/html/owncloud/config/
WUNCA 30
14
Apache config Owncloud

# vim /etc/httpd/conf/httpd.conf
304 , 338 None All
[...]
AllowOverride All
[...]
Apache
#chkconfig httpd on
#service httpd start
MySQL OwnCloud 7.0.4
OwnCloud 7.0.4 Mysql MariaDB
http://www.unixmen.com/setup-your-personal-cloud-server-in-minutes-using-owncloud/
#service mysqld restart
User root 123456
#mysqladmin -u root password '123456'
OwnCloud
#mysql u root p
Enter password:
mysql> CREATE DATABASE ownclouddb;
Query OK, 1 row affected (0.04 sec)
mysql> GRANT ALL ON ownclouddb.* TO ownclouduser@localhost IDENTIFIED BY 'centos';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit
Bye
WUNCA 30
15
port http https 80 443 LDAP

setup
Firewall
Customize
http https
User : admin
Password : 123456
Storage & database

: ownuser
: ownpass
: owncloud

WUNCA 30
16
OwnCloud

WUNCA 30
17
5 OwnCloud 7.0.4 OpenLdap

http://www.samed-dresden.de/owncloud/core/doc/admin/configuration/auth_ldap.html
LDAP user
and group backend
App Enable
Server
User Filter
Login Filter

Expert
1 Server
IP Address
Openldap Server
Port 389

OpenLdap
cn=Manager,dc=oc,dc=com

Base DN
WUNCA 30
18
2 User Filter Edit raw
filter
objectclass=posixAccount

Openldap
3 Login Filter Edit raw
filter
uid=%uid

Openldap
4 Edit
raw filter
objectclass=posixGroup

Openldap

cn
tree dc=oc,dc=com ()
cn
tree dc=oc,dc=com ()
memberUid
Test Configuration
WUNCA 30
19
OpenLdap
openldap
Groups => Data, Ict, Student
People => Dd 01, Test 001, Test 002
WUNCA 30
20
6 PHP 5.3.3 PHP 5.5.20

CentOS 6.5 Remi reposity
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
php
#yum --enablerepo=remi,remi-php55 install
httpd php php-mysql php-common php-dom
php-mbstring php-gd php-pdo php-json phpxml php-zip php-gd curl php-curl y
Restart Apache
#service httpd restart
WUNCA 30
089-733-3779
E-mail : kritwara.ra@skru.ac.th

080-540-5426
E-mail : sarayut.ku@skru.ac.th
21

017 Wunca30 Handbook

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

017 Wunca30 Handbook

Uploaded by

Copyright:

Available Formats

Private Cloud Storage ownCloud

Replace Linux Linux

Package selection Software Development

Country Name (2 letter code) [XX]: TH

added: "dc=ldapserver,dc=com" (00000001)

#chown -R ldap:ldap /var/lib/ldap

none spd 254.6 /s added:

Customize Forward tcp 636 tcp 389

4 ownCloud 7.04 CentOS 6.5

Install EPEL repository in CentOS

Apache config Owncloud

port http https 80 443 LDAP

5 OwnCloud 7.0.4 OpenLdap

6 PHP 5.3.3 PHP 5.5.20

You might also like