openldap支持memberof
openldap的memberof属性,有很多应用在接入用户组的时候,会判断memberof这个属性,属于哪个组,例如apache kylin,grafana等,配置了ldap用户组的角色以后,只需要把用户添加到相应的组即可,用户就有应用的权限了 1.配置ldap123456789101112131415161718192021222324252627282930313233343536[dev] [root@dev-bigdata-haproxy memof]# cat memof.ldifdn: cn=module,cn=configcn: moduleobjectClass: olcModuleListolcModuleLoad: memberof.laolcModulePath: /usr/lib64/openldapdn: olcOverlay={0}memberof,olcDatabase={2}hdb,cn=configobjectClass: olcConfigobjectClass:...
openldap备份恢复
openldap备份恢复 12345678910111213#在主节点上执行:slapcat -v -l openldap-backup.ldifcat > openldap-backup.synax << EOF/^creatorsName: /d/^modifiersName: /d/^modifyTimestamp: /d/^structuralobjectClass: /d/^createTimestamp: /d/^entryUUID: /d/^entryCSN: /dEOFcat openldap-backup.ldif | sed -f openldap-backup.synax > openldap-complete.ldiftar zcvf schema.tgz schema/ 在另一台机器上恢复: 1234567891011121314yum -y install openldap-servers openldap-clientscp /usr/share/openldap-servers/DB_CONFIG.example...
Grafana接入LDAP
Grafana接入LDAP 1 配置grafana1.1 LDAP增加两个组,一个是Admin,一个是Users,分别是管理员和普通用户,作为权限管理,并给其增加成功 1.2 配置/etc/grafana/ldap.toml123456789101112131415161718192021222324252627282930313233343536373839404142[dev] [root@oneops grafana]# cat /etc/grafana/ldap.toml[[servers]]verbose_logging = truehost = ""port = 389use_ssl = falsestart_tls = falsessl_skip_verify = false#LDAP管理用户和密码bind_dn = "cn=****,dc=oneops,dc=com"bind_password = '*****'search_filter =...
phpldapadmin安装部署
centos7 phpldapadmin安装部署 12345678910111213141516171819202122232425yum install -y php71w-fpm php71w-opcache php71w-cli php71w-gd php71w-imap php71w-mysqlnd php71w-mbstring php71w-mcrypt php71w-pdo php71w-pecl-apcu php71w-pecl-mongodb php71w-pecl-redis php71w-pgsql php71w-xml php71w-xmlrpc php71w-devel mod_php71wyum install phpldapadmin httpd修改phpldapadmin.confvim /etc/httpd/conf.d/phpldapadmin.conf## Web-based tool for managing LDAP servers#Alias /phpldapadmin...
openldap关闭匿名访问
openldap关闭匿名访问 1234567891011121314151617[root@master01 .ldap]# cat disable_anon.ldif dn: cn=configchangetype: modifyadd: olcDisallowsolcDisallows: bind_anon-dn: olcDatabase={-1}frontend,cn=configchangetype: modifyadd: olcRequiresolcRequires: authcldapmodify -Y EXTERNAL -H ldapi:/// -f disable_anon.ldif[root@master01 .ldap]# ldapsearch -x -H ldap://localhost:389 ldap_bind: Inappropriate authentication (48)additional info: anonymous bind disallowed
