在使用APACHE的时候总是会接触到验证的问题,而APACHE本身自带的验证已经是非常全的了,这里就用APACHE与LDAP整合来说明一下APACHE的验证.
1.安装openldap
openldap-stable-20040329.tgz http://www.openldap.org
db-4.1.25.NC.tar.gz http://www.sleepycat.com
gunzip < db-4.1.25.NC.tar.gz |tar xvf -
cd db-4.1.25.nc
./configure
make
make install
gunzip < openldap-stable-20040329.tgz |tar xvf -
cd openldap-2.1.29
CPPFLAGS="-I/usr/local/BerkeleyDB.4.1/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.1/lib" ./configure --prefix=/usr/local/openldap --enable-ldbm
make depend
make
make test
make install
PATH=$PATH:/usr/local/openldap/bin
export PATH
修改/usr/local/openldap/etc/openldap/slapd.conf
include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/corba.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/java.schema
include /usr/local/openldap/etc/openldap/schema/misc.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include /usr/local/openldap/etc/openldap/schema/openldap.schema
database bdb
suffix "dc=ldaptest,dc=com"
rootdn "cn=root,dc=ldaptest,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw 123456
建立basedn.ldif文件
dn: dc=ldaptest,dc=com
dc: ldaptest
objectClass: domain
建立userdn.ldif
dn:cn=user1,dc=ldaptest,dc=com
cn: user1
sn: USER1
uid: user1
userPassword: user1
objectClass: inetOrgPerson
dn:cn=user2,dc=ldaptest,dc=com
cn: user2
sn: USER2
uid: user2
userPassword: user2
objectClass: inetOrgPerson
dn:cn=user3,dc=ldaptest,dc=com
cn: user3
sn: USER3
uid: user3
userPassword: user3
objectClass: inetOrgPerson
dn:cn=user4,dc=ldaptest,dc=com
cn: user4
sn: USER4
uid: user4
userPassword: user4
objectClass: inetOrgPerson
启动LDAP服务器
/usr/local/openldap/libexec/slapd
添加记录:
ldapadd -D "cn=root,dc=ldaptest,dc=com" -w 123456 -f /basedn.ldif
ldapadd -D "cn=root,dc=ldaptest,dc=com" -w 123456 -f /userdn.ldif
2.安装apr-1.2.2
./configure
make
make install
3.安装apr-util-1.2.2
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-ldap-include=/usr/local/openldap/include
--with-ldap-lib=/usr/local/openldap/lib
make
make install
4.安装openssl
./configure
make
make install
5.安装apache-2.2.0(安装再根下的apache2的目录下)
./configure --prefix=/apache2 --enable-so --enable-authnz-ldap --enable-ldap
make
make install
6.配置httpd.conf
将ServerNmae 修改为自己本机的域名或者IP
在最后一行加入 include conf/app_auth.conf
7.配置/apache2/conf/app_auth.conf
<Location />
AuthType basic
AuthName "private area"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://localhost:389/dc=ldaptest,dc=com?uid?sub?(objectClass=*)
require ldap-user "user1"
#require ldap-user "user3"
#require ldap-user "user4"
#require ldap-user "user2"
require valid-user
</Location>
8.当配置完所有的软件以后,就可以启动APACHE了
/apache2/bin/apachectl start
这时候配置的是默认情况,也就是对整个服务器各目录都进行验证,如果需要对单独的地方进行验证,可以查阅Location的用法
1.安装openldap
openldap-stable-20040329.tgz http://www.openldap.org
db-4.1.25.NC.tar.gz http://www.sleepycat.com
gunzip < db-4.1.25.NC.tar.gz |tar xvf -
cd db-4.1.25.nc
./configure
make
make install
gunzip < openldap-stable-20040329.tgz |tar xvf -
cd openldap-2.1.29
CPPFLAGS="-I/usr/local/BerkeleyDB.4.1/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.1/lib" ./configure --prefix=/usr/local/openldap --enable-ldbm
make depend
make
make test
make install
PATH=$PATH:/usr/local/openldap/bin
export PATH
修改/usr/local/openldap/etc/openldap/slapd.conf
include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/corba.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/java.schema
include /usr/local/openldap/etc/openldap/schema/misc.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include /usr/local/openldap/etc/openldap/schema/openldap.schema
database bdb
suffix "dc=ldaptest,dc=com"
rootdn "cn=root,dc=ldaptest,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw 123456
建立basedn.ldif文件
dn: dc=ldaptest,dc=com
dc: ldaptest
objectClass: domain
建立userdn.ldif
dn:cn=user1,dc=ldaptest,dc=com
cn: user1
sn: USER1
uid: user1
userPassword: user1
objectClass: inetOrgPerson
dn:cn=user2,dc=ldaptest,dc=com
cn: user2
sn: USER2
uid: user2
userPassword: user2
objectClass: inetOrgPerson
dn:cn=user3,dc=ldaptest,dc=com
cn: user3
sn: USER3
uid: user3
userPassword: user3
objectClass: inetOrgPerson
dn:cn=user4,dc=ldaptest,dc=com
cn: user4
sn: USER4
uid: user4
userPassword: user4
objectClass: inetOrgPerson
启动LDAP服务器
/usr/local/openldap/libexec/slapd
添加记录:
ldapadd -D "cn=root,dc=ldaptest,dc=com" -w 123456 -f /basedn.ldif
ldapadd -D "cn=root,dc=ldaptest,dc=com" -w 123456 -f /userdn.ldif
2.安装apr-1.2.2
./configure
make
make install
3.安装apr-util-1.2.2
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-ldap-include=/usr/local/openldap/include
--with-ldap-lib=/usr/local/openldap/lib
make
make install
4.安装openssl
./configure
make
make install
5.安装apache-2.2.0(安装再根下的apache2的目录下)
./configure --prefix=/apache2 --enable-so --enable-authnz-ldap --enable-ldap
make
make install
6.配置httpd.conf
将ServerNmae 修改为自己本机的域名或者IP
在最后一行加入 include conf/app_auth.conf
7.配置/apache2/conf/app_auth.conf
<Location />
AuthType basic
AuthName "private area"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://localhost:389/dc=ldaptest,dc=com?uid?sub?(objectClass=*)
require ldap-user "user1"
#require ldap-user "user3"
#require ldap-user "user4"
#require ldap-user "user2"
require valid-user
</Location>
8.当配置完所有的软件以后,就可以启动APACHE了
/apache2/bin/apachectl start
这时候配置的是默认情况,也就是对整个服务器各目录都进行验证,如果需要对单独的地方进行验证,可以查阅Location的用法
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
