Professional Documents
Culture Documents
LDAP(OpenLDAP)
22-23 2558
1 LINUX CENTOS 6.5 .............................................................................................................. 1
2 OPENLDAP CENTOS 6.5 ...................................................................... 6
3 PHPLDAPADMIN........................................................................................... 11
4 OWNCLOUD 7.04 CENTOS 6.5......................................................... 13
5 OWNCLOUD 7.0.4 OPENLDAP.................................................. 17
6 PHP 5.3.3 PHP 5.5.20 ........................................................................... 20
WUNCA 30
1 Linux CENTOS 6.5
WUNCA 30
Basic Storage
WUNCA 30
user root
WUNCA 30
Harddisk
Basic Server
WUNCA 30
Reboot
WUNCA 30
2 OpenLDAP CentOS 6.5
http://ihazem.wordpress.com/2011/11/29/installing-and-configuring-openldap-on-centos-5/
Install EPEL repository in CentOS
#wget http://mirror-fpt-telecom.fpt.net/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
#rpm -Uhv epel-release-6-8.noarch.rpm
( Error TLS )
OpenLDAP
# yum -y install openldap openldap-servers openldap-clients
Create Certificate
# cd /etc/pki/tls/certs
# make slapd.pem
WUNCA 30
Generate LDAP Manager password
#slappasswd
New password: ******
Re-enter new password: ******
{SSHA}wdsKizh0mBZ1bP4q7YzG2FsO25VoJvNs Copy Configure
Copy {SSHA}SQhwTQJVnigb57aZJdZzFiD5P/f1Z3gv Notepad
slapd config file
#cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# vim /etc/openldap/slapd.conf
: Mode Insert ESC
66 # 3 replace the following three lines
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
115 117 Find and replace all dc=my-domain to your own domain.
suffix
dc=<your_domain>,dc=com
rootdn
cn=Manager,dc=<your_domain>,dc=com
123 Search for rootpw and add the {SSHA}********************* you copied earlier,
ensuring all other rootpw are commented out
# rootpw
secret
# rootpw
{crypt}ijFYNcSNctBYg
rootpw
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Esc+ :wq
Enable SSL over LDAP
#vim /etc/sysconfig/ldap
16 no yes
SLAPD_LDAPS=yes
Esc+ :wq
WUNCA 30
ldap config file
#vim /etc/openldap/ldap.conf
8 9 #
BASE dc=<your_domain>,dc=com
URI ldap://localhost
TLS_REQCERT never
#this line probably won't exist so add it to the bottom
Esc+ :wq
initial LDAP structure
#vim /root/root.ldif
dn: dc=<your_domain>,dc=com
dc: <your_domain>
objectClass: dcObject
objectClass: organizationalUnit
ou: <your_domain>.com
dn: ou=people,dc=<your_domain>,dc=com
ou: people
objectClass: organizationalUnit
dn: ou=groups,dc=<your_domain>,dc=com
ou: groups
objectClass: organizationalUnit
dn: dc=ldapserver,dc=com
dc: ldapserver
objectClass: dcObject
objectClass: organizationalUnit
ou: ldapserver.com
dn: ou=people,dc=ldapserver,dc=com
ou: people
objectClass: organizationalUnit
dn: ou=groups,dc=ldapserver,dc=com
ou: groups
objectClass: organizationalUnit
Esc+ :wq
slapd Base ldap
WUNCA 30
#rm -rf /etc/openldap/slapd.d/*
#slapadd -v -n 2 -l /root/root.ldif
LDAP config
#chkconfig slapd on
#service slapd start
Starting slapd:
[ OK ]
LDAP
#ldapsearch -x -ZZ -h localhost
# extended LDIF
#
# LDAPv3
# base <dc=ldapserver,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ldapserver.com
dn: dc=ldapserver,dc=com
dc: ldapserver
objectClass: dcObject
objectClass: organizationalUnit
ou: ldapserver.com
# people, ldapserver.com
dn: ou=people,dc=ldapserver,dc=com
spd 272.0 /s
WUNCA 30
ou: people
objectClass: organizationalUnit
.
#ldapsearch -x -H ldaps://localhost
# extended LDIF
#
# LDAPv3
# base <dc=ldapserver,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ldapserver.com
dn: dc=ldapserver,dc=com
dc: ldapserver
objectClass: dcObject
objectClass: organizationalUnit
ou: ldapserver.com
# people, ldapserver.com
dn: ou=people,dc=ldapserver,dc=com
10
WUNCA 30
3 phpLDAPadmin
http://www.itmanx.com/kb/centos6/install-openldap-phpldapadmin
http://www.tecmint.com/install-openldap-server-and-administer-with-phpldapadmin-indebianubuntu/
phpldapadmin
#yum -y install phpldapadmin
Allow access from your network
#vim /etc/httpd/conf.d/phpldapadmin.conf
13
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Allow from 192.168.0 # 13
#vim /etc/phpldapadmin/config.php
Comment 398
//$servers->setValue('login','attr','uid');
Setup HTTPD service
#chkconfig httpd on
#service httpd start
Log in to phpLDAPadmin
port tcp 636 389 LDAP
setup
Firewall
11
WUNCA 30
phpldapadmin
http://your_ip_address/phpldapadmin
DN: cn=Manager,dc=ldapserver,dc=com
Password : slapdpassword
12
WUNCA 30
13
WUNCA 30
14
http://www.unixmen.com/setup-your-personal-cloud-server-in-minutes-using-owncloud/
#service mysqld restart
User root 123456
#mysqladmin -u root password '123456'
OwnCloud
#mysql u root p
Enter password:
mysql> CREATE DATABASE ownclouddb;
Query OK, 1 row affected (0.04 sec)
mysql> GRANT ALL ON ownclouddb.* TO ownclouduser@localhost IDENTIFIED BY 'centos';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit
Bye
WUNCA 30
15
Firewall
Customize
http https
User : admin
Password : 123456
Storage & database
: ownuser
: ownpass
: owncloud
WUNCA 30
16
OwnCloud
WUNCA 30
17
Server
User Filter
Login Filter
Expert
1 Server
IP Address
Openldap Server
Port 389
OpenLdap
cn=Manager,dc=oc,dc=com
Base DN
WUNCA 30
18
2 User Filter Edit raw
filter
objectclass=posixAccount
Openldap
3 Login Filter Edit raw
filter
uid=%uid
Openldap
4 Edit
raw filter
objectclass=posixGroup
Openldap
cn
tree dc=oc,dc=com ()
cn
tree dc=oc,dc=com ()
memberUid
Test Configuration
WUNCA 30
19
OpenLdap
openldap
Groups => Data, Ict, Student
People => Dd 01, Test 001, Test 002
WUNCA 30
20
WUNCA 30
089-733-3779
E-mail : kritwara.ra@skru.ac.th
080-540-5426
E-mail : sarayut.ku@skru.ac.th
21