User Tools

Site Tools

Trace: raspberry_wireguard
openldap_centos7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
openldap_centos7 [2015/06/24 11:40] herwarthopenldap_centos7 [2015/06/25 08:22] (current) – [Preparation] herwarth
Line 4: Line 4:
   * Install chronyd and configure timeserver   * Install chronyd and configure timeserver
   * Install initial firewall rules   * Install initial firewall rules
 +  * Download my superscript {{:ldap-el7.tar.gz|}} or when using EL6: {{:ldap-el6.tar.gz|}}
  
 =====Installation===== =====Installation=====
 +====Base====
 +  yum install openldap-servers openldap-clients
 +
 +Install my created superscript, including LDIF files! Answer all the questions and you have an empty LDAP server.
 +  cd /root
 +  tar -xvzf ldap-el7.tar.gz
 +  cd ldap
 +  ./generate_slapd.sh
 +
 +  firewall-cmd --permanent --zone=management --add-service=ldap
 +  firewall-cmd --permanent --zone=management --add-service=ldaps
 +  firewall-cmd --permanent --zone=local --add-service=ldap
 +  firewall-cmd --permanent --zone=local --add-service=ldaps
 +
 +====phpldapadmin====
 +  yum install phpldapadmin mod_ssl
 +
 +=====Configuration=====
 +  vi /etc/phpldapadmin/config.php
 +Change line 397 en 398 in the following:
 +  // $server->setValue('login','attr','uid');
 +  $server->setValue('login','attr','dn');
 +
 +  vi /etc/httpd/conf.d/phpldapadmin.conf
 +Change
 +  Require local
 +in
 +  Require all granted
 +
 +  setsebool -P httpd_can_connect_ldap 1
 +
 +  firewall-cmd --permanent --zone=management --add-service=http
 +  firewall-cmd --permanent --zone=management --add-service=https
 +  firewall-cmd --permanent --zone=local --add-service=http
 +  firewall-cmd --permanent --zone=local --add-service=https
 +<code>
 +systemctl enable httpd
 +systemctl enable slapd
 +systemctl start httpd
 +systemctl start slapd
 +firewall-cmd --reload
 +</code>
 +=====Apache configuration=====
 +<code - etc/httpd/conf.d/namevirtualhost>
 +NameVirtualHost 172.16.2.27:80
 +NameVirtualHost 172.16.2.27:443
 +NameVirtualHost [2a02:22a0:bbb7:402::27]:80
 +NameVirtualHost [2a02:22a0:bbb7:402::27]:443
 +</code>
 +<code - /etc/httpd/conf.d/ldap.mngt.bh.helux.nl.conf>
 +<VirtualHost ldap.mngt.bh.helux.nl:80>
 +    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
 +    ServerName ldap.mngt.bh.helux.nl
 +
 +    RewriteEngine on
 +    RewriteRule ^/(.*)$ https://ldap.mngt.bh.helux.nl/$1 [R,L]
 +
 +    ErrorLog /var/log/httpd/ldap-error.log
 +    CustomLog /var/log/httpd/ldap-access.log common
 +</VirtualHost>
 +
 +<VirtualHost ldap.mngt.bh.helux.nl:443>
 +    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
 +    ServerName ldap.mngt.bh.helux.nl
 +
 +    DocumentRoot /usr/share/phpldapadmin/htdocs/
 +    <Directory /usr/share/phpldapadmin/htdocs>
 +      Require all granted
 +    </Directory>
 +
 +    SSLEngine On
 +    SSLCertificateFile    /etc/pki/tls/certs/localhost.crt
 +    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
 +
 +    ErrorLog /var/log/httpd/ldap-error.log
 +    CustomLog /var/log/httpd/ldap-access.log common
 +</VirtualHost>
 +</code>
 +=====Notes=====
 +  * Problem: When creating a Samba user with phpldapadmin, you will get a user must change password on the first login.
 +  * Solution: add attribute "sambaPwdLastSet" and set the value to 1.
  
 {{tag>centos}} {{tag>centos}}
openldap_centos7.1435146056.txt.gz · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki