Openldap installation and configuration basic tutorial

Environment: CentOS 5.4db-5.1.25.tar.gzopenldap-2.3.34.tgzhttpd-2.2.15.tar.gz php-5.2.13.tar.gzphpldapadmin-1.2.0.5.tgzLDAP works: LDAP Working in server/client mode, the directory service divides the logical structure of the database software into front-end (client) and back-end (server and warehouse)

client-server- ----- Warehouse LDAP logical structure diagram system must have the following two db files, or compile openldap-2.3.34 will still report error db4-devel-4.3.29-10.el5db4-4.3.29-10.el5 1. Install db: http://download.oracle.com/berkeley-BerkeleyDB/BerkeleyDB-5.1.25.tar.gz Download to /qeedoodb/setuptar xvf db-5.1.25.tar.gzcd db-5.1.25cd build_unix /../dist/configure --prefix=/usr/local/BerkeleyDBmakemake install

vi /etc/ld.so.conf/usr/local/Berkeley/libldconfig

2 Openldap first set the environment or install openldap will report error env CPPFLAGS="-I/usr/local/BerkeleyDB/include" LDFLAGS="-L/usr/lib -L/usr/local/BerkeleyDB/lib"

tar xvf openldap-2.3.34.tgzcd openldap-2.3.34 ./configure --prefix=/usr/local/openldap --enable-bdbmake dependmakemake test Skip make install

3. Install apache

tar zxvf httpd -2.2.15.tar.gz cd httpd-2.2.15./configure --prefix=/usr/local/apache \\--with-included-apr \\--with-mpm=worker \\--with-ldap \\ --enable-mods-static="deflate expires" \\--enable-mods-shared="ssl ldap authnz-ldap dav dav-fs dav-lock headers rewrite"

make && Make install

Open web account groupadd wwwuseradd -g www www -d /home/www -s /sbin/nologin

Modify httpd.conf configuration file

cd /usr /local/apache/confvi httpd.conf

Change the user to www

Start apache

/usr/local/apache/bin/apachectl -k start
< If the apache is verified, the firewall should release vi /etc/sysconfig/iptables-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT restart Firewall service iptables restart browsing it works correctly

Generate certificate tar -zxvf ssl.ca-0.1.tar.gzmv ./ssl.ca-0 .1 /usr/local/apache/conf/cd /usr/local/apache/conf/ssl.ca-0.1./new-root-ca.sh

Enter the password below and generate any other random writes. Ca.key and ca.crt two files

The following will also generate a certificate for our server. /new-server-cert.sh server

This will generate server.csr and Server.key these two files.

Sign up

./sign-server-cert.sh server

Enter the password you set earlier

Then y generates server.crt

mv ./server.* ../Copy the certificate to the conf directory. cd .. vi httpd.conf

Remove #Include conf/extra Comments for /httpd-ssl.conf

If the certificate is placed elsewhere, modify the configuration of httpd-ssl.com

Restart the apache service/usr/local/apache/bin/apachectl -k restart firewall release port 443, the original port 80 can remove vi /etc/sysconfig/iptables-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT Restart the firewall service iptables restart in the web page https://192.168.6.7

4, generate slapd password

/usr/local/openldap/sbin /slappasswd

New password: Enter the password Re-enter new password: Repeat password

Encrypted password after generation: {SSHA}W/48LCkOe9rZUHMGyjD8VeHbMF4C3Szm Note: The same number will be different after random encryption. Br>

5, modify openldap configuration file

vi /usr/local/openldap/etc/openldap/slapd.conf

Change three lines

suffix " ;dc=holy,dc=com"rootdn "cn=root,dc=holy,dc=com"

rootpw {SSHA}W/48LCkOe9rZUHMGyjD8VeHbMF4C3Szm

Starting the ldap service

cd /usr/local/openldap/libexec./slapd

If the startup is not successful, you can start the debug mode with ./slapd -d 1 . . Will print the startup information on the screen

but you will re-create the debug mode when you start the debug mode. /slapd -d 1 -data/DB_CONFIG.example /usr/local/openldap/var/openldap-data/DB_CONFIG

[root@localhost libexec]# ps -ef