您的位置:1010cc时时彩经典版 > 操作系统 > 1010cc时时彩经典版CentOS7部署开源跳板机,OpenLD

1010cc时时彩经典版CentOS7部署开源跳板机,OpenLD

发布时间:2019-08-28 13:25编辑:操作系统浏览(130)

    案由是去除了
    rpm -ef openldap-2.4.23-34.el6_5.1.x86_64 --nodeps
    于是最后找到openldap-2.4.23-34.el6_5.1.x86_64.rpm    那些rpm包安装化解yum出现的标题

    cd /var/www/html/phpldapadmin/config
    cp config.php.example config.php
    vim config.php
    530 $servers->newServer('ldap_pla');
    531 $servers->setValue('server','name','LDAP Server');
    532 $servers->setValue('server','host','127.0.0.1');
    533 $servers->setValue('server','port',389);
    534 $servers->setValue('server','base',array('dc=example,dc=com'));
    535 $servers->setValue('login','auth_type','session');
    536 $servers->setValue('login','bind_id','cn=root,dc=example,dc=com');
    537 $servers->setValue('login','bind_pass','example.com');
    538 $servers->setValue('server','tls',false);

      Next we need to edit the /usr/local/etc/openldap/slapd.conf file and make the protper adjustments. We need to setup the slapd service to use a SQL backend under the "SQL database definitions" section

    CentOS7布署开源跳板机(沟壍机)Jumpserver

    开源跳板机(堡垒机)Jumpserver

    环境 CentOS 7 x64 关闭 selinux firewalld

    jumpserver: 172.24.0.14

    testserver: 172.24.0.15

    一. 部署ldapserver

    1.1 安装ldapserver

    yum install -y openldap openldap-servers openldap-clients openldap-devel

    1.2 准备安排文件 (centos7 slapd.conf.obsolete 并不设有,所以作者从centos6 里拷贝了二个复苏)

    cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

    ## 该文件是slapd的安顿文件

    cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

    ## 数据库的布局文件

    1.3 修改配置文件

    vim /etc/openldap/slapd.conf

    ...

    loglevel 1

    ...

    suffix "dc=jicki,dc=com"

    rootdn "cn=admin,dc=jicki,dc=com"

    rootpw jicki123

    ...

    #说明:

    loglevel:设置日志等第

    suffix:其实正是BaseDN

    rootdn: 超级管理员的dn

    rootpw: 一流助理馆员的密码

    1.4 修改系统日志配置文件

    vim /etc/rsyslog.conf

    搜索 local7.* 在底下增加一行

    local4.* /var/log/ldap.log

    保留今后重启服务

    systemctl restart rsyslog.service

    1.5 运维slapd, 查看运营状态

    systemctl start slapd.service

    删除ladp 原本配置

    rm -rf /etc/openldap/slapd.d/*

    再也生成新的陈设

    slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

    授权

    chown -R ldap:ldap /etc/openldap/slapd.d/

    重启服务

    systemctl restart slapd.service

    1.6 导入ldif数据库框架和测量检验顾客,base.ldif,group.ldif,passwd.ldif 修改文件之中的dc=yolu,dc=com替换来你的baseDN,然后导入,密码是rootpw设置的密码

    上传 base.ldif,group.ldif,passwd.ldif 文件至/tmp 目录下

    cd /tmp

    ldapadd -x -W -D "cn=admin,dc=jicki,dc=com" -f base.ldif

    ldapadd -x -W -D "cn=admin,dc=jicki,dc=com" -f group.ldif

    ldapadd -x -W -D "cn=admin,dc=jicki,dc=com" -f passwd.ldif

    #表明:测量检验顾客是testuser 密码是testuser123

    二. testserver部署ldapclient

    2.1 安装LDAP客户端

    yum -y install openldap openldap-clients nss-pam-ldapd pam_ldap

    2.2 设置自动创立目录

    echo "session required pam_mkhomedir.so skel=/etc/skel umask=0077" >> /etc/pam.d/system-auth

    2.3 CentOS7 系统 必需注释掉这里技巧从 ladp 验证通过. ( 不然 提示登陆失利: password refused )

    vi /etc/pam.d/password-auth-ac

    #auth requisite pam_succeed_if.so uid >= 1000 quiet_success

    2.4 备份原本authconfig,然后设置使用LDAP认证

    authconfig --savebackup=auth.bak

    authconfig --enableldap --enableldapauth --enablemkhomedir --enableforcelegacy --disablesssd --disablesssdauth --ldapserver=172.24.0.14 --ldapbasedn="dc=jicki,dc=com" --update

    2.5 从jumpserver连接testuser测试

    ssh [email protected]

    密码是testuser123 假诺连接成功则持续 ( Creating directory '/home/testuser'. )

    三. 在jumpserver 中配置 LDAP负责sudo

    3.1 拷贝sudo schema,centos版本分化,或然sudo的版本不是1.8.6,别的的也能够

    cp /usr/share/doc/sudo-1.8.6p7/schema.OpenLDAP /etc/openldap/schema/sudo.schema

    3.2 修改文件导入schema

    vim /etc/openldap/slapd.conf

    加多 如下一行:

    include /etc/openldap/schema/sudo.schema

    3.3 重新生成配置文件,重启slapd

    rm -rf /etc/openldap/slapd.d/*

    slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

    chown -R ldap:ldap /etc/openldap/slapd.d/*

    systemctl restart slapd.service

    3.4 导入sudo.ldif到ldapserver

    ldapadd -x -W -D "cn=admin,dc=jicki,dc=com" -f sudo.ldif

    #注明:将sudo.ldif中的dc=jicki,dc=com换作你的baseDN

    四 testserver设置sudo使用ldap

    申明: centos7上sudo使用的ldap配置文件是 /etc/sudo-ldap.conf,sudo版本分化采纳的安插文件只怕也迥然分化,sudo -V | grep 'ldap.conf' 查看

    sudo -V | grep 'ldap.conf'

    echo -e "uri ldap://172.24.0.14nSudoers_base ou=Sudoers,dc=jicki,dc=com" > /etc/sudo-ldap.conf

    echo "Sudoers: files ldap" >> /etc/nsswitch.conf

    4.1 测试sudo

    ssh [email protected]

    sudo su

    whoami

    #表达:密码是testuser123,sudo su假设不晋升输入密码,则成功

    五. 部署jumpserver

    5.1 安装mysql数据库,创制库 ( yum 安装 只用于存款和储蓄新闻 CentOS7 mysql 已替换为 mariadb)

    yum -y install mariadb mariadb-server mariadb-devel

    service mariadb start

    mysqladmin -u root password '12345678'

    mysql -uroot -p

    运转如下命令

    create database jumpserver charset='utf8';

    grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'mysql123';

    grant all on jumpserver.* to 'jumpserver'@'localhost' identified by 'mysql234';

    5.2 下载最新Jumpserver项目

    yum -y install git

    cd /opt

    git clone

    5.3 安装setuptools 和 pip

    yum -y install python-setuptools python-pip gcc python-devel ncurses ncurses-devel

    5.4 安装注重库

    cd /opt/jumpserver/scripts

    pip install -r requirements.txt -i


    Successfully installed readline

    Cleaning up...


    代表安装达成

    5.5 修改Jumpserver配置文件

    cd /opt/jumpserver

    vim jumpserver.conf

    [db]

    host = 127.0.0.1

    port = 3306

    user = jumpserver

    password = rldb123

    db = jumpserver

    [jumpserver]

    key = 5z0h2u0z7h1i2h1u

    ldap_host = ldap://127.0.0.1:389

    ldap_base_dn = dc=jicki,dc=com

    admin_cn = cn=admin,dc=jicki,dc=com

    admin_pass = jicki123

    web_socket_host = 172.24.0.14:3000

    # 说明:

    # db里是数据库的设置,相信您看一眼就清楚了

    # jumpserver中

    # key是加密时要求的字符,能够改换但需借使十五个人

    # ldap_host,ldap_base_dn,admin_cn,admin_pass都以与地方ldapserver设置的一律

    # admin_cn 对应ldap中的rootdn,必需一律

    # admin_pass是ldap的密码,对应ldap.conf中的 rootpw ,必需运用公开

    # web_socket_host是websocket的url,把ip改为jumpserver的IP地址,供给修改,三千是暗中同意端口

    5.6 修改logs目录权限

    chmod 777 logs

    5.7 django sync db 到数据库

    cd /opt/jumpserver/webroot/AutoSa

    python manage.py syncdb

    Would you like to create one now? (yes/no): no

    5.8 测量试验运维

    python manage.py runserver 0.0.0.0:80

    python log_handler.py

    #表达:五个窗口分别张开

    5.9 开端化jumpserver浏览器展开


    打响:安装成功


    六. 设置node.js为了兑现实时监察,使用了node.js来成功websocket

    6.1 下载node.js

    合法地址:

    wget

    6.2 编写翻译安装

    yum -y install gcc-c bzip2*

    tar zxvf node-v0.12.0.tar.gz

    cd node-v0.12.0

    ./configure --prefix=/opt/node/

    make && make install

    6.3 设置path

    vim /etc/profile.d/node.sh

    export PATH=$PATH:/opt/node/bin

    source /etc/profile.d/node.sh

    6.4 安装项目正视module,或行使下载好的

    cd /opt/jumpserver/webroot/AutoSa/websocket

    npm install # 恐怕下载供给几分钟,能够更省时

    6.5 测量检验运营websocket

    node index.js

    表达:新窗口运营

    6.6 访问页面

    测量检验全体机能

    七. 收尾专业

    7.1 修改sshd配置,禁止密码登入#

    vim /etc/sshd/sshd_config

    PasswordAuthentication no

    service sshd restart

    7.2 让客商登陆jumpserver自动运转系统

    cd /opt/jumpserver/scripts

    vim jumpserver.sh

    ...

    if [ $USER == 'jicki' ];then # 修改特殊客商,截止后不脱离

    ...

    cp jumpserver.sh /etc/profile.d/

    7.3 寻常运作jumpserver系统

    cd /opt/jumpserver/

    ./runserver #启动

    ./stopserver #关闭

    开源跳板机(壁垒机)Jumpserver 蒙受 CentOS 7 x64 关闭 selinux firewalld jumpserver: 172.24.0.14 testserver: 172.24.0.15 一...

    [[email protected] lib]# /etc/init.d/slapd start 正在检查 slapd 的...

    tar -zxvf phpldapadmin-1.2.3.tgz
    mv phpldapadmin /var/www/html/

      在编写翻译openldap的时候,我们供给跳过 WITH_ODBC="YES"选项,那样,服务器编写翻译专项使用的sql配置。

    然后运营ldap就一贯不报错了。

    1、安装OpenLDAP
    yum install openldap openldap-*
    service slapd start

      Optionally we can import the testdb_data and testdb_metadata files into the database so that we can have example data with which to work

    [[email protected] lib]# /etc/init.d/slapd start
    正在自己研商 slapd 的布置文件:                                [失败]
    /etc/openldap/slapd.conf: line 110: invalid path: Permission denied
    slaptest: bad configuration file!

    Liferay Portal 配置利用Oracle和OpenLDAP

      ---------------------------------------------------------------

    CentOS部署OpenLDAP认证

    一般来讲效果:

    database        bdb
    suffix          "dc=example,dc=com"
    checkpoint      1024 15
    rootdn          "cn=Manager,dc=example,dc=com"
    # Cleartext passwords, especially for the rootdn, should
    # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
    # Use of strong authentication encouraged.
    rootpw                secret
    # rootpw                {crypt}ijFYNcSNctBYg

      对特定的顾客帐号,我们自然想用大家的确想用的密码替换'password'。

    OpenLDAP 的详尽介绍:请点这里
    OpenLDAP 的下载地址:请点这里

    vi /etc/sysconfig/ldap,确保SLAPD_LDAPI=yes
    cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
    cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIGmv /etc/openldap/slapd.d{,.bak}
    变动密码:
    slappasswd
    [[email protected] ~]# slappasswd
    New password:
    Re-enter new password:

      Setting up OpenLDAP with MySQL backend

    迁移LDAP,系统是CentOS,拷贝/var/lib/ldap/的数据到目的机器之后运营openldap,开采错误:

    yum install openldap openldap-* service slapd start 2、下载 wget ....

      Host = localhost

    vim /etc/openldap/slapd.conf
    设置
    SELINUX=disabled

    OpenLDAP 的详细介绍:请点这里
    OpenLDAP 的下载地址:请点这里

      slapd_enable="YES"

    Axigen OpenLDAP BerkeleyDB ejabberd多域 JWchat详细安插

    找到语句:
    rootpw  secret
    将其改为:
    rootpw  {SSHA}NddfeSDFESFrr#r

      result set 1 returned 10 rows.

    Liferay Portal 配置使用Oracle和OpenLDAP

    3、配置服务

      [email protected] # mysqladmin create ldap

    走的弯路:
    删除openldap导致yum出现难点
    There was a problem importing one of the Python modules
    required to run yum. The error leading to this problem was:
      libldap-2.4.so.2: cannot open shared object file: No such file or directory
    Please install a package which provides this module, or
    verify that the module is installed correctly.
    It's possible that the above module doesn't match the
    current version of Python, which is:
    2.6.5 (r265:79063, Jun 25 2011, 08:36:25)
    [GCC 4.4.4 20100726 (Red Hat 4.4.4-13)]
    If you cannot solve this problem yourself, please go to

    vi slapd.conf
    找到语句:
    suffix“dc=my-domain,dc=com”
    将其改为:
    suffix“dc=example,dc=com”
    __
    找到语句:
    rootdn“cn=Manager,dc=my-domain,dc=com”
    将其改为:
    rootdn“cn=Manager,dc=example,dc=com”
    __

      We can test our current configuration before installing and configuring OpenLDAP. LibIODBC provides a test utility to check DSN configurations.

    权限设置各个设置,最终发掘是selinux的难点。郁闷
    不重启关闭selinux:setenforce 0
    永世关闭:

    CentOS部署OpenLDAP认证

      这将把iodbctest安装到/usr/local/bin/

    _____________________

    up OpenLDAP with MySQL backend 用mysql作后台数据库安装openldap author: TBONIUS OpenLDAP is an X.500 Lightweight Directory Access Server used for centralized authen...

    Axigen OpenLDAP 贝KlayDB ejabberd多域 JWchat详细计划

      MySQL = Installed

    2、下载
    wget

      对于sh或者bash:

      Quite simply we need to edit two file here to get LibODBC to use the MyODBC driver in accessing the MySQL server.

      ServerType = MySQL

      OpenLDAP 2.x : /usr/ports/databases/openldap21-server WITH_ODBC="YES"

      Go ahead and comment out or delete any other example configurations for alternate SQL connectors such as Postgres and/or MsSQL settings. (Unless of course you are using a Postgres or MsSQL server as your backend

      [email protected] # sockstat |grep slapd

      Take a look at the /usr/local/etc/libiodbc/odbcinst.ini file and make the following changes

      make install

      DSN | Description

      iODBC Demonstration program

      [ldap]

      ldap | MySQL LDAP DSN

      Enter ODBC connect string (? shows list): ?

      Description = OpenLDAP Database

      cd work/libiodbc-3.52.2/samples

      Driver = /usr/local/lib/libmyodbc3.so

      author: TBONIUS

      ==>;backsql_free_db_conn()

      make extract

      假若您通过测量检验程序时十分(显示定义在odbc.ini里面包车型地铁DSN名字),尝试输入下边包车型客车shell情况变量:

      InstallDir=/usr/local/lib

      centralized authentication and directory lookups. This article covers configuring this service to utilize SQL services in order to store its data object. Having these objects stored in a SQL database allow for third party applications access to manage these objects.

      After the make install process, we will copy over the slapd.conf file that is configured to use a SQL backend. This file is buried under the OpenLDAP ports directory in the following path:

      上面笔者将确立一个openldap会用的mysql帐号,对应大家新建设构造的ldap数据库。

      [email protected] # mysql

      ldap_oc_mappings

    本文由1010cc时时彩经典版发布于操作系统,转载请注明出处:1010cc时时彩经典版CentOS7部署开源跳板机,OpenLD

    关键词: