LDAP Self Service Password and phpLDAPadmin Centos7
一、phpLDAPadmin
二、LDAP SSP
http://ltb-project.org/wiki/documentation/self-service-password
1.rpm 安裝後程式位置:
/usr/share/self-service-password/
2.http組態設定
/etc/httpd/conf.d/self-service-password.conf
Configuration
簡體中文檔案位址:
/usr/share/self-service-password/lang/zh-CN
20200430 修正
1.OS:Centos6 uptodate
2.php version 5.6.40
https://www.shayanderson.com/linux/upgrade-php-5-5-to-php-7-on-centos-6.htm
3.Self Service Password 1.3
https://ltb-project.org/documentation/self-service-password
4.設定檔
/usr/share/self-service-password/conf/config.inc.php
修正:
# LDAP
$ldap_url = "ldap://localhost";
$ldap_starttls = false;
$ldap_binddn = "cn=xxxx,dc=sh,dc=tc,dc=edu,dc=tw";
$ldap_bindpw = "xxxxaa";
$ldap_base = "dc=ch,dc=tc,dc=edu,dc=tw";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
…
# LDAP mail attribute
$mail_attribute = "mail";
# Get mail address directly from LDAP (only first mail entry)
# and hide mail input field
# default = false
$mail_address_use_ldap = false;
# Who the email should come from
$mail_from = "admin@gs.cgsh.tc.edu.tw";
$mail_from_name = "Self Service Password";
$mail_signature = "";
# Notify users anytime their password is changed
$notify_on_change = false;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'error_log';
$mail_smtp_host = 'localhost';
$mail_smtp_auth = false;
$mail_smtp_user = '';
$mail_smtp_pass = '';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
#$mail_smtp_secure = 'tls';
$mail_smtp_autotls = true;
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;
$mail_newline = PHP_EOL;
Centos7 phpldapadmin
yum install phpldapadmin systemctl start httpd systemctl enable httpd firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload vi /etc/httpd/conf.d/phpldapadmin.conf systemctl restart httpd
phpldapadmin
vi /usr/share/phpldapadmin/config/config.php
https://hostadvice.com/how-to/how-to-install-phpldapadmin-on-centos-7/
The password hashing algorithm set should be ssha. So change line 388 appropriately:
$servers->setValue('appearance','password_hash','ssha');
Line 397 should be uncommented to ensure the login credentials used are the domain name details and not the user identification (so comment out line 398)
$servers->setValue('login','attr','dn');
//$servers->setValue('login','attr','uid');
Save your changes and exit the editor.
setsebool -P httpd_enable_homedirs 1Openldap
yum -y install openldap-servers openldap-clients
vi /etc/httpd/conf.d/phpldapadmin.conf systemctl restart httpd yum -y install openldap-servers openldap-clients cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap. /var/lib/ldap/DB_CONFIG systemctl start slapd systemctl enable slapd firewall-cmd --add-service=ldap --permanent firewall-cmd --reload ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
slappasswd
[root@ldap ~]# slappasswd
New password:
Re-enter new password:
{SSHA}s+NJbuOvZsOrcoW05D2fBIKz+/NkWO3Ovi chrootpw.ldif
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={0}config,cn=config
changetype: modify
#add: olcRootPW
replace: olcRootPW
olcRootPW: {SSHA}s+NJbuOvZsOrcoW05D2fBIKz+/NkWO3O
ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldifvi chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=root,dc=cgsh,dc=tc,dc=edu,dc=tw" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=cgsh,dc=tc,dc=edu,dc=tw
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=root,dc=cgsh,dc=tc,dc=edu,dc=tw
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}s+NJbuOvZsOrcoW05D2fBIKz+/NkWO3O
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=root,dc=cgsh,dc=tc,dc=edu,dc=tw" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=root,dc=cgsh,dc=tc,dc=edu,dc=tw" write by * readvi basedomain.ldif
dn: dc=cgsh,dc=tc,dc=edu,dc=tw
dc: cgsh
objectclass: top
objectclass: dcObject
objectclass: organizationalUnit
ou: cgsh Dot tc Dot edu Dot tw
dn: ou=ldap,dc=cgsh,dc=tc,dc=edu,dc=tw
objectclass: organizationalUnit
ou: ldap
ldapadd -x -D cn=root,dc=cgsh,dc=tc,dc=edu,dc=tw -W -f basedomain.ldif
Self-service-password
php upgrade to 7.0
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php70
yum update
yum install php-Smarty
yum install php-mcrypthttps://self-service-password.readthedocs.io/en/v1.4/
Configure the yum repository:
vi /etc/yum.repos.d/ltb-project.repo
[ltb-project-noarch] name=LTB project packages (noarch) baseurl=https://ltb-project.org/rpm/$releasever/noarch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
yum update
rpm --import https://ltb-project.org/wiki/lib/RPM-GPG-KEY-LTB-project
yum install self-service-password