User Tools

Site Tools

Trace: raspberry_magic_mirror
openldap_centos7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
openldap_centos7 [2015/06/24 11:54] herwarthopenldap_centos7 [2015/06/25 08:22] (current) – [Preparation] herwarth
Line 4: Line 4:
   * Install chronyd and configure timeserver   * Install chronyd and configure timeserver
   * Install initial firewall rules   * Install initial firewall rules
 +  * Download my superscript {{:ldap-el7.tar.gz|}} or when using EL6: {{:ldap-el6.tar.gz|}}
  
 =====Installation===== =====Installation=====
Line 11: Line 12:
 Install my created superscript, including LDIF files! Answer all the questions and you have an empty LDAP server. Install my created superscript, including LDIF files! Answer all the questions and you have an empty LDAP server.
   cd /root   cd /root
-  tar -xvzf ldap-latest.tar.gz+  tar -xvzf ldap-el7.tar.gz
   cd ldap   cd ldap
   ./generate_slapd.sh   ./generate_slapd.sh
Line 21: Line 22:
  
 ====phpldapadmin==== ====phpldapadmin====
-  yum install phpldapadmin+  yum install phpldapadmin mod_ssl
  
 +=====Configuration=====
   vi /etc/phpldapadmin/config.php   vi /etc/phpldapadmin/config.php
 +Change line 397 en 398 in the following:
   // $server->setValue('login','attr','uid');   // $server->setValue('login','attr','uid');
   $server->setValue('login','attr','dn');   $server->setValue('login','attr','dn');
Line 35: Line 37:
  
   setsebool -P httpd_can_connect_ldap 1   setsebool -P httpd_can_connect_ldap 1
 +
 +  firewall-cmd --permanent --zone=management --add-service=http
 +  firewall-cmd --permanent --zone=management --add-service=https
 +  firewall-cmd --permanent --zone=local --add-service=http
 +  firewall-cmd --permanent --zone=local --add-service=https
 +<code>
 +systemctl enable httpd
 +systemctl enable slapd
 +systemctl start httpd
 +systemctl start slapd
 +firewall-cmd --reload
 +</code>
 +=====Apache configuration=====
 +<code - etc/httpd/conf.d/namevirtualhost>
 +NameVirtualHost 172.16.2.27:80
 +NameVirtualHost 172.16.2.27:443
 +NameVirtualHost [2a02:22a0:bbb7:402::27]:80
 +NameVirtualHost [2a02:22a0:bbb7:402::27]:443
 +</code>
 +<code - /etc/httpd/conf.d/ldap.mngt.bh.helux.nl.conf>
 +<VirtualHost ldap.mngt.bh.helux.nl:80>
 +    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
 +    ServerName ldap.mngt.bh.helux.nl
 +
 +    RewriteEngine on
 +    RewriteRule ^/(.*)$ https://ldap.mngt.bh.helux.nl/$1 [R,L]
 +
 +    ErrorLog /var/log/httpd/ldap-error.log
 +    CustomLog /var/log/httpd/ldap-access.log common
 +</VirtualHost>
 +
 +<VirtualHost ldap.mngt.bh.helux.nl:443>
 +    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
 +    ServerName ldap.mngt.bh.helux.nl
 +
 +    DocumentRoot /usr/share/phpldapadmin/htdocs/
 +    <Directory /usr/share/phpldapadmin/htdocs>
 +      Require all granted
 +    </Directory>
 +
 +    SSLEngine On
 +    SSLCertificateFile    /etc/pki/tls/certs/localhost.crt
 +    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
 +
 +    ErrorLog /var/log/httpd/ldap-error.log
 +    CustomLog /var/log/httpd/ldap-access.log common
 +</VirtualHost>
 +</code>
 +=====Notes=====
 +  * Problem: When creating a Samba user with phpldapadmin, you will get a user must change password on the first login.
 +  * Solution: add attribute "sambaPwdLastSet" and set the value to 1.
  
 {{tag>centos}} {{tag>centos}}
openldap_centos7.1435146862.txt.gz · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki