对于想了解PHPLDAP连接的读者,本文将提供新的信息,我们将详细介绍phpldapadmin,并且为您提供关于c#–尝试使用LDAP连接连接AD时出错、Centos6.8OpenLDAP+PhpLd
对于想了解PHP LDAP连接的读者,本文将提供新的信息,我们将详细介绍php ldap admin,并且为您提供关于c# – 尝试使用LDAP连接连接AD时出错、Centos6.8OpenLDAP+PhpLdapAdmin部署、debian上安装和配置ldap及phpldapadmin、gerrit + ldap + phpldapadmin docker部署的有价值信息。
本文目录一览:- PHP LDAP连接(php ldap admin)
- c# – 尝试使用LDAP连接连接AD时出错
- Centos6.8OpenLDAP+PhpLdapAdmin部署
- debian上安装和配置ldap及phpldapadmin
- gerrit + ldap + phpldapadmin docker部署
PHP LDAP连接(php ldap admin)
我正在尝试使用PHP-ldap连接LDAP.我使用ldap_bind()遇到了一个问题:
$username = 'josue.ruiz';
$password = 'pass';
$ldapconfig['host'] = '10.10.10.11';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=domain,dc=com';
$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$dn="cn=".$username.",ou=Technology,".$ldapconfig['basedn'];
if ($bind=ldap_bind($ds, $dn, $password)) {
echo("Login correct");
} else {
echo("Login incorrect");
}
我收到这条消息:
Warning: ldap_bind(): Unable to bind to server: Invalid credentials in …
但是当我这样尝试时:
ldap_bind($ds,'josue.ruiz@domain.com','pass');
它工作正常,但对我来说它不起作用,因为我想按OU过滤,而这样我就不能.有没有人对这个问题有任何建议?
解决方法:
当您尝试执行ldap_bind时,您只是连接并确定凭据是否有效.您需要做的是将您的域添加到用户名并让它连接.然后,如果你想确定用户是否是带有ldap_search(‘)的’Technology’OU,请考虑这样做:
$domain = 'mydomain.com';
$username = 'josue.ruiz';
$password = 'pass';
$ldapconfig['host'] = '10.10.10.11';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=domain,dc=com';
$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$dn="ou=Technology,".$ldapconfig['basedn'];
$bind=ldap_bind($ds, $username .'@' .$domain, $password);
$isITuser = ldap_search($bind,$dn,'(&(objectClass=User)(sAMAccountName=' . $username. '))');
if ($isITuser) {
echo("Login correct");
} else {
echo("Login incorrect");
}
c# – 尝试使用LDAP连接连接AD时出错
PrincipalContext context = new PrincipalContext(ContextType.Domain,domain)
但我收到错误说:
The LDAP server is unavailable.
任何想法?
解决方法
>“mydomain.com”(DNS格式)
>或“dc = mydomain,dc = com”(AD样式格式)
令我惊讶的是,域名必须是DNS格式(例如“mydomain.com”),以使其工作(而不是通常的AD格式的“dc = mydomain,dc = com”).
Centos6.8OpenLDAP+PhpLdapAdmin部署
1、安装openldap及配置
yum install -y openldap openldap-* rpm -qa|grep openldap openldap-clients-2.4.40-16.el6.x86_64 openldap-servers-2.4.40-16.el6.x86_64 openldap-servers-sql-2.4.40-16.el6.x86_64 openldap-2.4.40-16.el6.x86_64 openldap-devel-2.4.40-16.el6.x86_64 cp /usr/share/openldap-servers/DB_CONfig.example /var/lib/ldap/DB_CONfig cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
2、生成openldap密码
[[email protected] ~]# slappasswd -s [email protected]
{SSHA}R5Pyt+KNMgxf71fLF8/y89gJgs/Uxfqp
3、修改slapd.conf
grep -n ^[a-Z] /etc/openldap/slapd.conf
6:include /etc/openldap/schema/corba.schema
7:include /etc/openldap/schema/core.schema
8:include /etc/openldap/schema/cosine.schema
9:include /etc/openldap/schema/duaconf.schema
10:include /etc/openldap/schema/dyngroup.schema
11:include /etc/openldap/schema/inetorgperson.schema
12:include /etc/openldap/schema/java.schema
13:include /etc/openldap/schema/misc.schema
14:include /etc/openldap/schema/nis.schema
15:include /etc/openldap/schema/openldap.schema
16:include /etc/openldap/schema/ppolicy.schema
17:include /etc/openldap/schema/collective.schema
20:allow bind_v2
26:pidfile /var/run/openldap/slapd.pid
27:argsfile /var/run/openldap/slapd.args
66:TLSCACertificatePath /etc/openldap/certs
67:TLSCertificateFile "\"OpenLDAP Server\""
68:TLSCertificateKeyFile /etc/openldap/certs/password
98:database config
99:access to *
104:database monitor
105:access to *
114:database bdb
115:suffix "dc=qas-domain,dc=com"
116:checkpoint 1024 15
117:rootdn "cn=Manager,dc=qas-domain,dc=com"
122:rootpw {SSHA}R5Pyt+KNMgxf71fLF8/y89gJgs/Uxfqp
127:directory /var/lib/ldap
130:index objectClass eq,pres
131:index ou,cn,mail,surname,givenname eq,pres,sub
132:index uidNumber,gidNumber,loginShell eq,pres
133:index uid,memberUid eq,sub
134:index nisMapName,nisMapEntry eq,sub
4、检测并重新生成ldap数据库
[[email protected] ~]# rm -rf /etc/openldap/slapd.d/*
[[email protected] ~]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
5bcac4b6 bdb_db_open: database "dc=qas-domain,dc=com": db_open(/var/lib/ldap/id2entry.bdb) Failed: No such file or directory (2).
5bcac4b6 backend_startup_one (type=bdb,suffix="dc=qas-domain,dc=com"): bi_db_open Failed! (2)
slap_startup Failed (test would succeed using the -u switch)
[[email protected] ~]# slaptest -u
config file testing succeeded
[[email protected] ~]# ll /etc/openldap/slapd.d/*
-rw-------. 1 root root 1259 10月 20 14:01 /etc/openldap/slapd.d/cn=config.ldif
/etc/openldap/slapd.d/cn=config:
总用量 80
drwxr-x---. 2 root root 4096 10月 20 14:01 cn=schema
-rw-------. 1 root root 59398 10月 20 14:01 cn=schema.ldif
-rw-------. 1 root root 663 10月 20 14:01 olcDatabase={0}config.ldif
-rw-------. 1 root root 596 10月 20 14:01 olcDatabase={-1}frontend.ldif
-rw-------. 1 root root 695 10月 20 14:01 olcDatabase={1}monitor.ldif
-rw-------. 1 root root 2724 10月 20 14:01 olcDatabase={2}bdb.ldif
5、修改相关ldap文件权限
chown -R ldap:ldap /var/lib/ldap/ chown -R ldap:ldap /etc/openldap/
6、启动slapd服务
/etc/init.d/slapd start /etc/init.d/slapd status lsof -i:389
二、migrationtools安装及配置
yum install migrationtools -y
vim /usr/share/migrationtools/migrate_common.ph # Default DNS domain $DEFAULT_MAIL_DOMAIN = "qas-domain.com"; # Default base $DEFAULT_BASE = "dc=qas-domain,dc=com";
cd /etc/openldap/
/usr/share/migrationtools/migrate_base.pl >base.ldif
grep -n ^[a-Z] base.ldif
1:dn: dc=qas-domain,dc=com
2:dc: qas-domain
3:objectClass: top
4:objectClass: domain
6:dn: ou=Hosts,dc=com
7:ou: Hosts
8:objectClass: top
9:objectClass: organizationalUnit
11:dn: ou=Rpc,dc=com
12:ou: Rpc
13:objectClass: top
14:objectClass: organizationalUnit
16:dn: ou=Services,dc=com
17:ou: Services
18:objectClass: top
19:objectClass: organizationalUnit
21:dn: nisMapName=netgroup.byuser,dc=com
22:nismapname: netgroup.byuser
23:objectClass: top
24:objectClass: nisMap
26:dn: ou=Mounts,dc=com
27:ou: Mounts
28:objectClass: top
29:objectClass: organizationalUnit
31:dn: ou=Networks,dc=com
32:ou: Networks
33:objectClass: top
34:objectClass: organizationalUnit
36:dn: ou=People,dc=com
37:ou: People
38:objectClass: top
39:objectClass: organizationalUnit
41:dn: ou=Group,dc=com
42:ou: Group
43:objectClass: top
44:objectClass: organizationalUnit
46:dn: ou=Netgroup,dc=com
47:ou: Netgroup
48:objectClass: top
49:objectClass: organizationalUnit
51:dn: ou=Protocols,dc=com
52:ou: Protocols
53:objectClass: top
54:objectClass: organizationalUnit
56:dn: ou=Aliases,dc=com
57:ou: Aliases
58:objectClass: top
59:objectClass: organizationalUnit
61:dn: nisMapName=netgroup.byhost,dc=com
62:nismapname: netgroup.byhost
63:objectClass: top
64:objectClass: nisMap
ldapadd -x -D "cn=Manager,dc=com" -W -f /etc/openldap/base.ldif
Enter LDAP Password: #输入密码[email protected]
adding new entry "dc=qas-domain,dc=com"
adding new entry "ou=Hosts,dc=com"
adding new entry "ou=Rpc,dc=com"
adding new entry "ou=Services,dc=com"
adding new entry "nisMapName=netgroup.byuser,dc=com"
adding new entry "ou=Mounts,dc=com"
adding new entry "ou=Networks,dc=com"
adding new entry "ou=People,dc=com"
adding new entry "ou=Group,dc=com"
adding new entry "ou=Netgroup,dc=com"
adding new entry "ou=Protocols,dc=com"
adding new entry "ou=Aliases,dc=com"
adding new entry "nisMapName=netgroup.byhost,dc=com"
ldapsearch -x -D "cn=Manager,dc=com" -b "ou=Aliases,dc=com" -W Enter LDAP Password: #输入密码[email protected] # extended LDIF # # LDAPv3 # base <ou=Aliases,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # Aliases,qas-domain.com dn: ou=Aliases,dc=com ou: Aliases objectClass: top objectClass: organizationalUnit # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
三、PHPldapadmin 安装及配置
yum install -y httpd PHPldapadmin
vim /etc/httpd/conf.d/PHPldapadmin.conf
Alias /PHPldapadmin /usr/share/PHPldapadmin/htdocs
Alias /ldapadmin /usr/share/PHPldapadmin/htdocs
<Directory /usr/share/PHPldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Allow from all
</IfModule>
</Directory>
vim /etc/PHPldapadmin/config.PHP $servers->setValue(‘login‘,‘attr‘,‘dn‘); 修改为: $servers->setValue(‘login‘,‘dn‘);
/etc/init.d/httpd start
http://172.16.8.251/phpldapadmin/
cn=Manager,dc=com [email protected]
debian上安装和配置ldap及phpldapadmin
debian下安装和配置ldap及phpldapadmin
1.安装ldap
安装slapd 以及相关ldap工具
#apt-get install slapd ldap-utils
2.编辑配置文件
vim /etc/ldap/slapd.conf?? (个人比较喜欢vim,vi用着总不习惯)
########################################################
include???????? /etc/ldap/schema/core.schema
include???????? /etc/ldap/schema/cosine.schema
include???????? /etc/ldap/schema/nis.schema
include???????? /etc/ldap/schema/inetorgperson.schema
pidfile???????? /var/run/slapd/slapd.pid
argsfile??????? /var/run/slapd/slapd.args
loglevel??????? 256
modulepath??? /usr/lib/ldap
moduleload??? back_bdb
sizelimit 500
tool-threads 1
backend??? ??? bdb
checkpoint 512 30
database??????? bdb
suffix????????? "dc=test,dc=net"
rootdn??? ??? "cn=admin,dc=test,dc=net"
rootpw??? ??? {md5}g0z6gesdfw+jgkbwkcllgg==
directory?????? "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index?????????? objectclass eq
lastmod???????? on
access to attrs=userpassword,shadowlastchange
??????? by dn="cn=admin,dc=test,dc=net" write
??????? by anonymous auth
??????? by self write
??????? by * none
access to dn.base="" by * read
access to *
??????? by dn="cn=admin,dc=test,dc=net" write
??????? by * read
########################################################
以上红色为要修改的,其中需要添加rootdn和rootpw两行,其中rootpw由
#slappasswd -h {md5}
得到。
修改loglevel为256产生日志文件。
#echo "local4.debug??? /var/log/ldap.log" >> /etc/syslog.conf
将ldap功能打开。
?
3.重启日志和目录服务。
#/etc/init.d/rsyslog restart?? //我的是这样的,有可能每个人的不一样
#/etc/init.d/slapd restart
4.测试是否已经正常运行
#ldapsearch -x -b '''' -s? base ''(objectclass=*)''
如果看到有相关信息输出就说明openldap已经正常运行了。
立即学习“PHP免费学习笔记(深入)”;
5.建立根
touch base.ldif
########################################################
dn: dc=test,dc=net
objectClass: dcobject
objectClass: organization
dc: test
o: test.net
description: My Test Openldap
########################################################
#ldapadd? -x -D "cn=admin,dc=test,dc=net" -W -f base.ldif
至此openladp搭建成功。
6.安装IDE,phpldapadmin
如果已配置好lamp环境,推荐使用phpldapadmin对ldap进行管理
#apt-get install phpldapadmin
作个软链接到www目录下
ln -s /usr/share/phpldapadmin /var/www
注意要使用admin登录时,Login DN填入:cn=admin,dc=test,dc=net
?
在地址栏里直接输入:
http://192.168.89.130/phpldapadmin这样就可以直接访问了。
?
LDAP目录结构示意图
?
gerrit + ldap + phpldapadmin docker部署
在部署中出现以下问题
- 初次接触ldap
- docker镜像对于参数说明不充分
- gerrit会自动填充ldap的信息到自己的用户系统中 但未说明
属于零时应急 此前并无gerrit ldap等相关知识 百度 gg后发现docker中gerrit 和 ldap对接的细节零散,特总结一下 专业术语几乎没有,大佬请过。
ldap
#用于用户生成 校验
docker run \
--name ldap-service \
--hostname ldap-service \
--detach osixia/openldap:1.1.8
gerrit
#git code review web系统
docker run \
--name gerrit \
#web 映射虚拟端口(自行修改)
-p xxx:8080 \
#基于LDAP认证
-e AUTH_TYPE=LDAP \
-e LDAP_SERVER=ldap://ldap-service \
#基于DN = ou=users,dc=example,dc=org进行路径检索
-e LDAP_ACCOUNTBASE=ou\=users\,dc\=example\,dc\=org \
#用户LDAP接入后存入的FULLNAME gerrit系统的用户将会使用dn中的cn作为fullname
-e LDAP_ACCOUNTFULLNAME=cn \
#LDAP 管理员用户名
-e LDAP_USERNAME=cn\=admin\,dc\=example\,dc\=org \
#用户LDAP接入后存入的USERNAME gerrit的用户系统会使用dn中的cn作为username
-e LDAP_ACCOUNTSSHUSERNAME=cn \
#LDAP 管理员密码
-e LDAP_PASSWORD=admin \
#用于匹配LDAP的用户表达式
-e LDAP_ACCOUNTPATTERN=\(cn\=\$\{username\}\) \
#加载下载插件
-e GERRIT_INIT_ARGS=''--install-plugin=download-commands'' \
#接入LDAP服务
--link ldap-service \
#挂载本地卷 用于持久化gerrit数据 也可使用其他数据库
-v /data/gerrit:/var/gerrit/review_site \
-d openfrontier/gerrit
phpldapadmin
#web管理ldap系统
docker run \
--name phpldapadmin-service \
--hostname phpldapadmin-service \
--link ldap-service \
#接入LDAP服务
--env PHPLDAPADMIN_LDAP_HOSTS=ldap-service \
#取消默认的https
--env PHPLDAPADMIN_HTTPS=false \
#web 映射虚拟端口 (自行修改)
-p xxx:80 \
--detach osixia/phpldapadmin:0.7.1
登陆不成功请查看日志
docker logs gerrit今天关于PHP LDAP连接和php ldap admin的介绍到此结束,谢谢您的阅读,有关c# – 尝试使用LDAP连接连接AD时出错、Centos6.8OpenLDAP+PhpLdapAdmin部署、debian上安装和配置ldap及phpldapadmin、gerrit + ldap + phpldapadmin docker部署等更多相关知识的信息可以在本站进行查询。
本文标签:
