溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
LDAP是輕量目錄訪問協議,英文全稱是Lightweight Directory Access Protocol,一般都簡稱為LDAP。它是基于X.500標準的,但是簡單多了并且可以根據需要定制。與X.500不同,LDAP支持TCP/IP,這對訪問Internet是必須的。LDAP的核心規范在RFC中都有定義,所有與LDAP相關的RFC都可以在LDAPman RFC網頁中找到
ldap環境安裝
1-1檢查系統環境
[root@vm0021 xuqizhang]# cat/etc/redhat-release
CentOS release 6.5 (Final)
[root@vm0021 xuqizhang]## uname -r
2.6.32-431.el6.x86_64
[root@vm0021 xuqizhang]## uname -m
x86_64
配置yum源,保留rpm原有的包
[root@vm0021 xuqizhang]# sed -i's#keepcache=0#keepcache=1#g' /etc/yum.conf
[root@vm0021 xuqizhang]# grep keepcache/etc/yum.conf
keepcache=1
關閉selinux防火墻以及防火墻
[root@vm0021 xuqizhang]# setenforce 0
[root@vm0021 xuqizhang]# getenforce
Permissive
[root@vm0021 xuqizhang]#/etc/init.d/iptables stop
時間同步
[root@vm0021 xuqizhang]# /usr/sbin/ntpdatetime.windows.com
[root@vm0021 xuqizhang]# crontab -e
#time sync
*/5 * * * */usr/sbin/ntpdate time.windows.com>/dev/null 2>&1
設定ldap域名并配置host
[root@vm0021 xuqizhang]# echo"10.1.11.149 baobaotang.org" >>/etc/hosts
[root@vm0021 xuqizhang]# tail -1 /etc/hosts
10.1.11.149 baobaotang.org
[root@vm0021 xuqizhang]# pingbaobaotang.org
PING baobaotang.org (10.1.11.149) 56(84)bytes of data.
64 bytes from baobaotang.org (10.1.11.149):icmp_seq=1 ttl=64 time=7.37 ms
64 bytes from baobaotang.org (10.1.11.149):icmp_seq=2 ttl=64 time=0.031 ms
開始安裝ldap master
openldap依賴的軟件很多,我們一般功能性軟件都用yum安裝,定制的軟件用源碼安裝
安裝前:檢查
[root@vm0021 xuqizhang]# rpm -qa openldap
openldap-2.4.40-12.el6.x86_64
[root@vm0021 xuqizhang]# rpm -qa |grepopenldap
openldap-2.4.40-12.el6.x86_64
openldap-devel-2.4.40-12.el6.x86_64
安裝
[root@vm0021 xuqizhang]# yum -y installopenldap openldap-* -y
[root@vm0021 xuqizhang]# yum -y installnscd nss-pam-ldap nss-* pcre pcre-*
安裝好檢查一下,出現以下包就ok
[root@vm0021 xuqizhang]# rpm -qa |grepopenldap
openldap-clients-2.4.40-12.el6.x86_64
openldap-servers-2.4.40-12.el6.x86_64
openldap-servers-sql-2.4.40-12.el6.x86_64
openldap-2.4.40-12.el6.x86_64
openldap-devel-2.4.40-12.el6.x86_64
小提示:如果以上安裝出現報錯,建議依賴包分開yum安裝
配置ldap master
[root@vm0021 xuqizhang]# cd /etc/openldap/
[root@vm0021 openldap]# ll
total 20
drwxr-xr-x. 2 root root 4096 Mar 9 16:47 certs
-rw-r----- 1 root ldap 121 May 11 2016 check_password.conf
-rw-r--r-- 1 root root 280 May 11 2016 ldap.conf
drwxr-xr-x 2 root root 4096 Mar 30 10:31 schema
drwx------ 3 ldap ldap 4096 Mar 30 10:31 slapd.d
centos5和centos6 ldap配置文件有變化,6的配置文件在slapd.d目錄下,5的就是當前目錄下的slapd.conf
[root@vm0021 openldap]# cp/usr/share/openldap-servers/slapd.conf.obsolete slapd.conf #拷貝模板在當前目錄下
[root@vm0021openldap]# slappasswd -s admin #生成密碼,管理員創建的密碼
{SSHA}ZZ7RPi0ih/cr00LurQoTfse1826YbQGj
[root@vm0021 openldap]# slappasswd -s admin|sed -e "s#{SSHA}#rootpw\t{SSHA}#g" >>slapd.conf #這個文件追加到slapd.conf下
[root@vm0021 openldap]# tail -1 slapd.conf
rootpw {SSHA}XKdLuM/nmj43cQATC42z/CY8YTBClBHB
[root@vm0021 openldap]# cp slapd.confslapd.conf.ori
[root@vm0021 openldap]#vim slapd.conf
database bdb #默認就好,是指定使用的數據庫
suffix "dc=baobaotang,dc=org" #修改自己的域名
#checkpoint 1024 15 #注釋
rootdn "cn=admin,dc=baobaotang,dc=org" #管理員的rootdn,唯一標示
Ldap管理員:admin 密碼:admin
ldap參數優化及日志、緩存參數
##日志參數,cat用法
[root@vm0021 openldap]# cat >>/etc/openldap/slapd.conf<<EOF
> #add start by xqz 2017/3/30
> loglevel 296 #日志級別
> cachesize 1000 #緩存記錄數
> checkpoint 2048 10 #文件達到2048,每10分鐘做一次回寫
> #add end by xqz 2018/3/30
> EOF
權限控制
刪除如下:
vim slapd.conf
98 database config #這是寫法是2.4的寫法,不用刪除加新的寫法,2.4的配置,兼容2.3
99 access to *
100 bydn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn= auth" manage
101 by * none
102
103 # enable server status monitoring (cn=monitor)
104 database monitor
105 access to *
106 bydn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn= auth" read
107 bydn.exact="cn=Manager,dc=my-domain,dc=com" read
108 by * none
添加如下內容 不加也可以~~~
96 access to *
97 by self write
98 by users read
99 by anonymous auth
1-2配置rssyslog記錄ldap服務日志
[root@vm0021 openldap]# cp/etc/rsyslog.conf /etc/rsyslog.conf.ori.$(date +%F%T)
[root@vm0021 openldap]# echo '#recordldap.log by xqz 2017-03-30' >> /etc/rsyslog.conf
[root@vm0021 openldap]# echo 'local4.* /var/log/ldap.log'>> /etc/rsyslog.conf
[root@vm0021 openldap]# tail -1/etc/rsyslog.conf
local4.* /var/log/ldap.log
[root@vm0021 openldap]# /etc/init.d/rsyslogrestart
1-3 配置ldap數據庫路徑,提示:6.4以下的版本可能路徑會發生變化
[root@vm0021 openldap]# ll/var/lib/ldap/ #數據庫路徑
total 0
[root@vm0021 openldap]# cp/usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@vm0021 openldap]#ll /var/lib/ldap/ #數據庫已經拷貝過來了
total 4
-rw-r--r-- 1 root root845 Mar 30 12:13 DB_CONFIG
授權訪問,默認是root
[root@vm0021 openldap]# chown ldap:ldap/var/lib/ldap/DB_CONFIG
[root@vm0021 openldap]# chmod 700/var/lib/ldap/
[root@vm0021 openldap]# ls -l/var/lib/ldap/
total 4
-rw-r--r-- 1 ldap ldap 845 Mar 30 12:13DB_CONFIG
過濾查看一下數據庫里面的文件
[root@vm0021 openldap]# grep -Ev"#|^$" /var/lib/ldap/DB_CONFIG
set_cachesize 0 268435456 1
set_lg_regionmax 262144
set_lg_bsize 2097152
[root@vm0021 openldap]# slaptest -u #執行這個命令證明數據庫配置成功
config file testing succeeded
1-4 啟動ldap-master服務
系統5.8啟動方式是/etc/init.d/ldap start 6.4以上系統啟動就變了,如下就是6.5的啟動方式
[root@vm0021 openldap]# /etc/init.d/slapdstart
Starting slapd: [ OK ]
[root@vm0021 openldap]# lsof -i :389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
slapd 24258 ldap 7u IPv4 115368 0t0 TCP *:ldap (LISTEN)
slapd 24258 ldap 8u IPv6 115369 0t0 TCP *:ldap (LISTEN)
[root@vm0021 openldap]# ps -ef|grep ldap
ldap 24258 1 0 12:32 ? 00:00:01 /usr/sbin/slapd -h ldap:/// ldapi:/// -u ldap
root 24274 23605 0 12:38 pts/1 00:00:00 grep ldap
開機自啟動,也可以放在rc.local下
[root@vm0021 openldap]# chkconfig slapd on
[root@vm0021 openldap]# chkconfig --listslapd
slapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
查看啟動日志
[root@vm0021 openldap]# tail/var/log/ldap.log #如果沒有日志說明你的rsyslog服務器沒配好
Mar 30 12:32:57 vm0021 slapd[24257]: @(#)$OpenLDAP: slapd 2.4.40
(May 10 2016 23:30:49)$#012#011mockbuild@worker1.bsys.centos.org:
/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
命令的用法
[root@vm0021 openldap]# ldap #命令的用法
ldapadd ldapdelete ldapmodify ldappasswd ldapurl
ldapcompare ldapexop ldapmodrdn ldapsearch ldapwhoami
[root@vm0021 openldap]# ldapsearch -LLL -W-x -H ldap://baobaotang.org -D "cn=admin,dc=baobaotang,dc=org" -b"dc=baobaotang,dc=org" "(uid=*)"
Enter LDAP Password: #輸入密碼
ldap_bind: Invalid credentials (49) #有問題,版本導致的
解決方法:
[root@vm0021 openldap]# rm -rf/etc/openldap/slapd.d/* #刪除默認2.4的配置文件
[root@vm0021 openldap]# slaptest -f/etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ #重新生成slapd.d
58dca609 bdb_monitor_db_open: monitoringdisabled; configure monitor database to enable
config file testing succeeded
[root@vm0021 openldap]# /etc/init.d/slapdrestart
Stopping slapd: [ OK ]
Checking configuration files forslapd: [FAILED]
58dca645 ldif_read_file: Permission deniedfor "/etc/openldap/slapd.d/cn=config.ldif" #啟動報錯,權限問題
slaptest: bad configuration file!
[root@vm0021 openldap]# chown -R ldap.ldap/etc/openldap/slapd.d/ #給權限
[root@vm0021 openldap]# /etc/init.d/slapdrestart
Stopping slapd: [FAILED]
Starting slapd: [ OK ]
[root@vm0021 openldap]# ldapsearch -LLL -W-x -H ldap://baobaotang.org -D "cn=admin,dc=baobaotang,dc=org" -b"dc=baobaotang,dc=org" "(uid=*)"
Enter LDAP Password:
No such object (32) #重新查詢,出現這個就證明好了
到此問題解決
1-5 為ldap master數據庫添加數據的方法
根據系統用戶及ldap自帶的腳本初始化數據
添加測試用戶test,配置用戶登錄環境
[root@vm0021 openldap]# groupadd -g 5000test
[root@vm0021 openldap]# useradd -u 5001 -g5000 test
創建根項,并使用openLDAP-servers自帶腳本生成和導入pass/group配置
[root@vm0021 openldap]# grep test /etc/passwd> passwd.in
[root@vm0021 openldap]# grep test/etc/group > group.in
[root@vm0021 openldap]# yum installmigrationtools -y
[root@vm0021 openldap]#/usr/share/migrationtools/migrate_base.pl > base.ldif
[root@vm0021 openldap]# vi /usr/share/migrationtools/migrate_common.ph #修改71行和74行,修改結果如下
# Default DNS domain
$DEFAULT_MAIL_DOMAIN ="baobaotang.org";
# Default base
$DEFAULT_BASE ="dc=baobaotang,dc=org";
生成ldap數據,引用腳本導入數據
操作命令:
[root@vm0021 openldap]# export LC_ALL=C
[root@vm0021 openldap]#/usr/share/migrationtools/migrate_base.pl >base.ldif
[root@vm0021 openldap]#/usr/share/migrationtools/migrate_base.pl passwd.in passwd.ldif
dn: dc=baobaotang,dc=org
dc: baobaotang
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=baobaotang,dc=org
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=baobaotang,dc=org
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=baobaotang,dc=org
ou: Services
objectClass: top
objectClass: organizationalUnit
dn:nisMapName=netgroup.byuser,dc=baobaotang,dc=org
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=baobaotang,dc=org
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=baobaotang,dc=org
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=baobaotang,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=baobaotang,dc=org
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=baobaotang,dc=org
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=baobaotang,dc=org
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=baobaotang,dc=org
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn:nisMapName=netgroup.byhost,dc=baobaotang,dc=org
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
[root@vm0021 openldap]# ll group.inpasswd.*
-rw-r--r--. 1 root root 13 Mar 31 00:55group.in
-rw-r--r--. 1 root root 39 Mar 31 00:55passwd.in
[root@vm0021 openldap]#/usr/share/migrationtools/migrate_base.pl group.in group.ldif
dn: dc=baobaotang,dc=org
dc: baobaotang
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=baobaotang,dc=org
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=baobaotang,dc=org
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=baobaotang,dc=org
ou: Services
objectClass: top
objectClass: organizationalUnit
dn:nisMapName=netgroup.byuser,dc=baobaotang,dc=org
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=baobaotang,dc=org
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=baobaotang,dc=org
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=baobaotang,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=baobaotang,dc=org
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=baobaotang,dc=org
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=baobaotang,dc=org
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=baobaotang,dc=org
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn:nisMapName=netgroup.byhost,dc=baobaotang,dc=org
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
[root@vm0021 openldap]# ll -al *.ldif
-rw-r--r--. 1 root root 1284 Mar 31 01:09base.ldif
利用ldapadd 導入模板文件中的內容。
導入用戶LDIF 文件至OpenLDAP 目錄樹中,生成用戶
[root@vm0021 openldap]# ldapadd -w admin -x-H ldap://127.0.0.1 -D "cn=admin,dc=baobaotang,dc=org" -f base.ldif
adding new entry"dc=baobaotang,dc=org"
adding new entry "ou=Hosts,dc=baobaotang,dc=org"
adding new entry"ou=Rpc,dc=baobaotang,dc=org"
adding new entry"ou=Services,dc=baobaotang,dc=org"
adding new entry"nisMapName=netgroup.byuser,dc=baobaotang,dc=org"
adding new entry"ou=Mounts,dc=baobaotang,dc=org"
adding new entry "ou=Networks,dc=baobaotang,dc=org"
adding new entry"ou=People,dc=baobaotang,dc=org"
adding new entry"ou=Group,dc=baobaotang,dc=org"
adding new entry"ou=Netgroup,dc=baobaotang,dc=org"
adding new entry"ou=Protocols,dc=baobaotang,dc=org"
adding new entry"ou=Aliases,dc=baobaotang,dc=org"
adding new entry"nisMapName=netgroup.byhost,dc=baobaotang,dc=org"
[root@vm0021 openldap]# ldapadd -x -W -D"cn=Manager,dc=gdy,dc=com" -f group.ldif
group.ldif: No such file or directory
[root@vm0021 openldap]#
[root@vm0021 openldap]# tail -n 10/etc/group > group
[root@vm0021 openldap]# cat group
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
sshd:x:74:
tcpdump:x:72:
slocate:x:21:
smart:x:500:
ldap:x:55:
nscd:x:28:
test:x:5000:
[root@vm0021 openldap]# /usr/share/migrationtools/migrate_group.plgroup group.ldif
[root@vm0021 openldap]# head -n 20group.ldif
dn:cn=stapusr,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: stapusr
userPassword: {crypt}x
gidNumber: 156
dn: cn=stapsys,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: stapsys
userPassword: {crypt}x
gidNumber: 157
dn:cn=stapdev,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: stapdev
userPassword: {crypt}x
gidNumber: 158
[root@vm0021 openldap]# ldapadd -x -W -D"cn=Manager,dc=gdy,dc=com" -f group.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@vm0021 openldap]# ldapadd -x -W -D"cn=admin,dc=baobaotang,dc=org" -f group.ldif
Enter LDAP Password:
adding new entry"cn=stapusr,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=stapsys,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=stapdev,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=sshd,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=tcpdump,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=slocate,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=smart,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=ldap,ou=Group,dc=baobaotang,dc=org"
adding new entry "cn=nscd,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=test,ou=Group,dc=baobaotang,dc=org"
[root@vm0021 openldap]# ldapadd -x -W -D"cn=admin,dc=baobaotang,dc=org" -f passwd.ldif
passwd.ldif: No such file or directory
[root@vm0021 openldap]# tail -n 10 /etc/passwd> passwd
[root@vm0021 openldap]#/usr/share/migrationtools/migrate_group.pl passwd passwd.ldif
[root@vm0021 openldap]# ldapadd -x -W -D"cn=admin,dc=baobaotang,dc=org" -f passwd.ldif
Enter LDAP Password:
adding new entry"cn=saslauth,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=postfix,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=pulse,ou=Group,dc=baobaotang,dc=org"
adding new entry"cn=sshd,ou=Group,dc=baobaotang,dc=org"
ldap_add: Already exists (68) #已存在,先不管
[root@vm0021 openldap]# ll -al *.ldif
-rw-r--r--. 1 root root 1284 Mar 31 01:09base.ldif
-rw-r--r--. 1 root root 1338 Mar 31 01:42group.ldif
-rw-r--r--. 1 root root 1475 Mar 31 01:48passwd.ldif
分別cat查看一下
[root@vm0021 openldap]# cat passwd.ldif
dn: cn=saslauth,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: saslauth
userPassword: {crypt}x
gidNumber: 498
memberUid: 76
dn:cn=postfix,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: postfix
userPassword: {crypt}x
gidNumber: 89
memberUid: 89
dn: cn=pulse,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: pulse
userPassword: {crypt}x
gidNumber: 497
memberUid: 496
dn: cn=sshd,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: sshd
userPassword: {crypt}x
gidNumber: 74
memberUid: 74
dn:cn=tcpdump,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: tcpdump
userPassword: {crypt}x
gidNumber: 72
memberUid: 72
dn: cn=smart,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: smart
userPassword: {crypt}x
gidNumber: 500
memberUid: 500
dn: cn=ldap,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: ldap
userPassword: {crypt}x
gidNumber: 55
memberUid: 55
dn: cn=nscd,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: nscd
userPassword: {crypt}x
gidNumber: 28
memberUid: 28
dn: cn=nslcd,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: nslcd
userPassword: {crypt}x
gidNumber: 65
memberUid: 55
dn: cn=test,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: test
userPassword: {crypt}x
gidNumber: 5001
memberUid: 5000
以上就是導入到ldap數據庫的操作
備份ldap數據
[root@vm0021 openldap]# ldapsearch -LLL -wadmin -x -H ldap://baobaotang.org -D "cn=admin,dc=baobaotang,dc=org"-b "dc=baobaotang,dc=org" >bak-ldap.ldif
[root@vm0021 openldap]# cat bak-ldap.ldif
dn: dc=baobaotang,dc=org
dc: baobaotang
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=baobaotang,dc=org
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=baobaotang,dc=org
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=baobaotang,dc=org
ou: Services
objectClass: top
objectClass: organizationalUnit
dn:nisMapName=netgroup.byuser,dc=baobaotang,dc=org
nisMapName: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=baobaotang,dc=org
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=baobaotang,dc=org
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=baobaotang,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=baobaotang,dc=org
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=baobaotang,dc=org
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=baobaotang,dc=org
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=baobaotang,dc=org
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn:nisMapName=netgroup.byhost,dc=baobaotang,dc=org
nisMapName: netgroup.byhost
objectClass: top
objectClass: nisMap
dn:cn=stapusr,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: stapusr
userPassword:: e2NyeXB0fXg=
gidNumber: 156
dn:cn=stapsys,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: stapsys
userPassword:: e2NyeXB0fXg=
gidNumber: 157
dn: cn=stapdev,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: stapdev
userPassword:: e2NyeXB0fXg=
gidNumber: 158
dn: cn=sshd,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: sshd
userPassword:: e2NyeXB0fXg=
gidNumber: 74
dn: cn=tcpdump,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: tcpdump
userPassword:: e2NyeXB0fXg=
gidNumber: 72
dn:cn=slocate,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: slocate
userPassword:: e2NyeXB0fXg=
gidNumber: 21
dn: cn=smart,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: smart
userPassword:: e2NyeXB0fXg=
gidNumber: 500
dn: cn=ldap,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: ldap
userPassword:: e2NyeXB0fXg=
gidNumber: 55
dn: cn=nscd,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: nscd
userPassword:: e2NyeXB0fXg=
gidNumber: 28
dn: cn=test,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: test
userPassword:: e2NyeXB0fXg=
gidNumber: 5000
dn:cn=saslauth,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: saslauth
userPassword:: e2NyeXB0fXg=
gidNumber: 498
memberUid: 76
dn: cn=postfix,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: postfix
userPassword:: e2NyeXB0fXg=
gidNumber: 89
memberUid: 89
dn: cn=pulse,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: pulse
userPassword:: e2NyeXB0fXg=
gidNumber: 497
memberUid: 496
ldap master配置web管理接口
ldap的客戶端管理接口有很多,有b/s結構、web的、也有C/S結構的,我們以b/s為例講解,ldap-account-manager-3.7.tar.gz講解
這個軟件需要安裝lamp服務環境
[root@vm0021 openldap]# yum install httpdphp php-ldap php-gd -y
[root@vm0021 openldap]# rpm -qa httpd phpphp-ldap php-gd
php-gd-5.3.3-48.el6_8.x86_64
httpd-2.2.15-56.el6.centos.3.x86_64
php-ldap-5.3.3-48.el6_8.x86_64
php-5.3.3-48.el6_8.x86_64
https://www.ldap-account-manager.org/lamcms/ 官網下載ldap-account-manager-3.7.tar.gz
[root@vm0021 openldap]# cd /var/www/html/
wgethttp://prdownloads.sourceforge.net/lam/ldap-account-manager-3.7.tar.gz
[root@vm0021 html]# ll
總用量 8944
-rw-r--r--. 1 root root 9157357 3月 31 10:47 ldap-account-manager-3.7.tar.gz
[root@vm0021 html]# tar -xfldap-account-manager-3.7.tar.gz
[root@vm0021 html]# cdldap-account-manager-3.7
[root@vm0021 ldap-account-manager-3.7]# cdconfig
[root@vm0021 config]# cp config.cfg_sampleconfig.cfg_sample.bak
[root@vm0021 config]# cp lam.conf_samplelam.conf_sample.bak
[root@vm0021 config]# sed -i's#cn=Manager#cn=admin#g' lam.conf_sample
[root@vm0021 config]# sed -i's#dc=my-domain#dc=baobaotang#g' lam.conf_sample
[root@vm0021 config]# sed -i's#dc=com#dc=org#g' lam.conf_sample
[root@vm0021 config]# diff lam.conf_samplelam.conf_sample.bak
13c13
< admins: cn=admin,dc=baobaotang,dc=org
---
> admins: cn=Manager,dc=my-domain,dc=com
55c55
< types: suffix_user:ou=People,dc=baobaotang,dc=org
---
> types: suffix_user:ou=People,dc=my-domain,dc=com
59c59
< types: suffix_group:ou=group,dc=baobaotang,dc=org
---
> types: suffix_group:ou=group,dc=my-domain,dc=com
63c63
< types: suffix_host:ou=machines,dc=baobaotang,dc=org
---
> types: suffix_host:ou=machines,dc=my-domain,dc=com
67c67
< types: suffix_smbDomain:dc=baobaotang,dc=org
---
> types: suffix_smbDomain: dc=my-domain,dc=com
[root@vm0021 html]# mvldap-account-manager-3.7 ldap
[root@vm0021 config]# chown -Rapache.apache /var/www/html/ldap
[root@vm0021 config]# /etc/init.d/httpdrestart
正在啟動 httpd:httpd: apr_sockaddr_info_get() failed for vm0021
httpd: Could not reliably determine theserver's fully qualified domain name, using 127.0.0.1 for ServerName
[確定]
[root@vm0021 config]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 2567 root 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2572 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2573 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2574 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2575 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2576 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2577 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2578 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
httpd 2579 apache 4u IPv6 21230 0t0 TCP *:http (LISTEN)
登錄客戶端訪問http://10.1.11.149/ldap/即可,具體用法自己研究~~~ 當然還有別的工具
配置網絡服務通過ldap服務進行身份驗證
安裝配置svn服務(非Apachesvn)
啟用svn服務器的SASL驗證機制 [獨立的驗證機制]
檢查一下
[root@vm0021 html]# rpm -qa|grep sasl
cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-gssapi-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-md5-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-devel-2.1.23-15.el6_6.2.x86_64
yum安裝相關的軟件包,安裝完成檢查會有一推的包
[root@vm0021 html]# yum install *sasl* -y
[root@vm0021 openldap]# saslauthd -v #通過這個命令查看驗證機制列表
saslauthd 2.1.23
authentication mechanisms: getpwentkerberos5 pam rimap shadow ldap
[root@vm0021 openldap]# grep -i mech/etc/sysconfig/saslauthd #-i是忽略大小寫,MECH=pam是調整驗證機制的
# Mechanism to use when checkingpasswords. Run "saslauthd -v"to get a list
# of which mechanism your installation wascompiled with the ablity to use.
MECH=pam
# Options sent to the saslauthd. If theMECH is other than "pam" uncomment the next line.
[root@vm0021 openldap]# sed -i's#MECH=pam#MECH=shadow#g' /etc/sysconfig/saslauthd #sed 替換為shadow
# Options sent to the saslauthd. If theMECH is other than "pam" uncomment the next line.
[root@vm0021 openldap]#/etc/init.d/saslauthd restart
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
[root@vm0021 openldap]# ps -ef|grep sasl
root 29453 1 0 14:35 ? 00:00:00 /usr/sbin/saslauthd -m/var/run/saslauthd -a shadow
root 29454 29453 0 14:35 ? 00:00:00 /usr/sbin/saslauthd -m/var/run/saslauthd -a shadow
root 29455 29453 0 14:35 ? 00:00:00 /usr/sbin/saslauthd -m/var/run/saslauthd -a shadow
root 29456 29453 0 14:35 ? 00:00:00 /usr/sbin/saslauthd -m/var/run/saslauthd -a shadow
root 29458 29453 0 14:35 ? 00:00:00 /usr/sbin/saslauthd -m/var/run/saslauthd -a shadow
root 29460 28899 0 14:35 pts/1 00:00:00 grep sasl
命令測試saslauthd進程的認證功能
admin為linux系統用戶,admin為用戶的密碼,執行后出現OK "Success,則表示認證功能已起作用
[root@vm0021 openldap]# testsaslauthd-uadmin -padmin #驗證失敗
0: NO "authentication failed"
[root@vm0021 openldap]# grep admin /etc/passwd #沒有這個用戶名
[root@vm0021 openldap]# id admin
id: admin: No such user
[root@vm0021 openldap]# useradd admin #創建一個本地系統用戶
[root@vm0021 openldap]# passwd admin #給一個密碼,這里密碼不顯示,我給的密碼是admin
Changing password for user admin.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updatedsuccessfully.
再次驗證,成功
[root@vm0021 openldap]# testsaslauthd-uadmin -padmin #
0: OK "Success."
通過ldap進行驗證
man saslauthd配置文件,會看到這個文件是存在的,隱藏了,但是可以vi編輯這個文件
[root@vm0021 openldap]# ll/etc/saslauthd.conf
ls: cannot access /etc/saslauthd.conf: Nosuch file or directory
[root@vm0021 config]# sed -i's#MECH=shadow#MECH=ldap#g' /etc/sysconfig/saslauthd #改成ldap驗證機制
[root@vm0021 config]# /etc/init.d/saslauthdrestart
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
#再次驗證,失敗,接下來怎么辦呢,vi編輯這個文件/etc/saslauthd.conf,默認是不存在的
[root@vm0021 config]# testsaslauthd -uadmin-padmin
0: NO "authentication failed"
這里按理說是成功的。。。。
[root@vm0021 openldap]#
[root@vm0021 config]# cat/etc/saslauthd.conf
ldap_servers:ldap://baobaotang.org/
ldap_bind_dn: cn=admin,dc=baobaotang,dc=org
ldap_bind_pw: admin
ldap_search_base: ou=People,dc=baobaotang,dc=org
ldap_filter: uid=%U
ldap_password_atter:userPassword
因為在這之前沒有創建ldap用戶,用user1測試時不成功的,因為用戶不存在
下面我來創建ldap的用戶,操作如下:
[root@vm0021 openldap]# vim adduser.sh
#!/bin/bash
# Add system user
for ldap in {1..5};do
if id user${ldap} &>/dev/null;then
echo "System account alreadyexists"
else
adduser user${ldap}
echo user${ldap} | passwd --stdinuser${ldap} &> /dev/null
echo "user${ldap} system addfinish"
fi
done
[root@vm0021 openldap]# chmod +x adduser.sh
[root@vm0021 openldap]# ./adduser.sh
[root@vm0021 openldap]# id user1
uid=5004(user1) gid=5004(user1)groups=5004(user1)
[root@vm0021 openldap]# testsaslauthd-uuser1 -puser1
0: NO "authentication failed"
[root@vm0021 openldap]# tail -n 5/etc/passwd > system
[root@vm0021 openldap]#/usr/share/migrationtools/migrate_passwd.pl system people.ldif
[root@vm0021 openldap]# ll
total 80
-rwxr-xr-x 1 root root 274 Mar 31 16:43adduser.sh
-rw-r--r-- 1 root root 2671 Mar 31 11:50 bak-ldap.ldif
-rw-r--r-- 1 root root 1284 Mar 31 11:46 base.ldif
drwxr-xr-x. 2 root root 4096 Mar 9 16:47 certs
-rw-r----- 1 root ldap 121 May 11 2016 check_password.conf
-rw-r--r-- 1 root root 132 Mar 31 11:47group
-rw-r--r-- 1 root root 13 Mar 30 15:58group.in
-rw-r--r-- 1 root root 1337 Mar 31 11:47 group.ldif
-rw-r--r-- 1 root root 280 May 11 2016 ldap.conf
-rw-r--r-- 1 root root 501 Mar 31 11:49passwd
-rw-r--r-- 1 root root 39 Mar 30 15:58passwd.in
-rw-r--r-- 1 root root 1478 Mar 31 11:49 passwd.ldif
-rw-r--r-- 1 root root 2150 Mar 31 16:47 people.ldif
drwxr-xr-x 2 root root 4096 Mar 30 10:31 schema
-rw-r--r-- 1 root root 4459 Mar 30 11:39 slapd.conf
-rw-r--r-- 1 root root 4681 Mar 30 11:05 slapd.conf.ori
drwx------ 3 ldap ldap 4096 Mar 30 14:30 slapd.d
-rw-r--r-- 1 root root 205 Mar 31 16:47system
[root@vm0021 openldap]# tail -n 10/etc/group > group
[root@vm0021 openldap]#/usr/share/migrationtools/migrate_group.pl group group.ldif
[root@vm0021 openldap]# head -n 5people.ldif
dn: uid=user1,ou=People,dc=baobaotang,dc=org
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
[root@vm0021 openldap]# cat people.ldif
dn:uid=user1,ou=People,dc=baobaotang,dc=org
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:{crypt}$6$oWFU.3BW$1HWbdkYosz9VL6i5wKiRM4I2vT6Hk9zMoyIsyrkSK/.xCKQyiWRxWRHJgBY5xAiXW82qYK94ykvbdHzWZV8hj.
shadowLastChange: 17256
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 5004
gidNumber: 5004
homeDirectory: /home/user1
dn:uid=user2,ou=People,dc=baobaotang,dc=org
uid: user2
cn: user2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:{crypt}$6$zYODZFJV$8IOdKkUM2mIRFmaKbNd3Mnv38mRawqNylTSTFWru6fXgTPCNpdlNqn1ZI1cAMwYLLElnYKKdNgZWv2eOvMOFk/
shadowLastChange: 17256
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 5005
gidNumber: 5005
homeDirectory: /home/user2
dn: uid=user3,ou=People,dc=baobaotang,dc=org
uid: user3
cn: user3
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:{crypt}$6$kaE/FMPD$oxEh8BewkoeaOejAjmKxH7VtXY13aRTqHTzDaQ9/H8svHTgACVgX0G1/8X7ECgIKT7/LjHRXusqiNbflZEEmS1
shadowLastChange: 17256
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 5006
gidNumber: 5006
homeDirectory: /home/user3
dn:uid=user4,ou=People,dc=baobaotang,dc=org
uid: user4
cn: user4
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:{crypt}$6$lBvP7CR3$7pDlbuerW58mWILooQVy33yn39nr5gs4ED1VgCH3FUYXk0hhUeTG8kxeQHhdGEUzGN0978eEYiCl.A9T2sp1g1
shadowLastChange: 17256
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 5007
gidNumber: 5007
homeDirectory: /home/user4
dn:uid=user5,ou=People,dc=baobaotang,dc=org
uid: user5
cn: user5
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:{crypt}$6$pz5Ln4/i$o3X2PlZS243cDOvXvlwBPz1tl9rEKVxuri9JQFbyhvR6FFrhtIHCLrEIEZrr/oQG9lDq8IdVVqca8Xyli9DJQ.
shadowLastChange: 17256
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 5008
gidNumber: 5008
homeDirectory: /home/user5
[root@vm0021 openldap]# ldapadd -x -W -D"cn=admin,dc=baobaotang,dc=org" -f people.ldif
Enter LDAP Password:
adding new entry"uid=user1,ou=People,dc=baobaotang,dc=org"
adding new entry"uid=user2,ou=People,dc=baobaotang,dc=org"
adding new entry"uid=user3,ou=People,dc=baobaotang,dc=org"
adding new entry"uid=user4,ou=People,dc=baobaotang,dc=org"
adding new entry"uid=user5,ou=People,dc=baobaotang,dc=org"
[root@vm0021 openldap]# ldapadd -x -W -D"cn=admin,dc=baobaotang,dc=org" -f group.ldif
Enter LDAP Password:
adding new entry"cn=avahi,ou=Group,dc=baobaotang,dc=org"
ldap_add: Already exists (68)
[root@vm0021 openldap]# cat group.ldif
dn: cn=avahi,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: avahi
userPassword: {crypt}x
gidNumber: 70
dn: cn=nscd,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: nscd
userPassword: {crypt}x
gidNumber: 28
dn: cn=test,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: test
userPassword: {crypt}x
gidNumber: 5000
dn: cn=admin,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: admin
userPassword: {crypt}x
gidNumber: 5002
dn: cn=ltest,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: ltest
userPassword: {crypt}x
gidNumber: 5003
dn: cn=user1,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: user1
userPassword: {crypt}x
gidNumber: 5004
dn: cn=user2,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: user2
userPassword: {crypt}x
gidNumber: 5005
dn: cn=user3,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: user3
userPassword: {crypt}x
gidNumber: 5006
dn: cn=user4,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: user4
userPassword: {crypt}x
gidNumber: 5007
dn: cn=user5,ou=Group,dc=baobaotang,dc=org
objectClass: posixGroup
objectClass: top
cn: user5
userPassword: {crypt}x
gidNumber: 5008
[root@vm0021 openldap]# testsaslauthd -uuser1-puser1
0: OK "Success."
[root@vm0021 openldap]# testsaslauthd-uuser2 -puser2
0: OK "Success."
###########成功了,這里有點小激動,不容易搞定的#####################
測試成功
[root@vm0021 openldap]# testsaslauthd-uuser1 -puser1 #這個用戶是ldap用戶
0: OK "Success."
小結
ldap要有對應的測試用戶,要有ldap用戶
更改文件里的配置
[root@vm0021 openldap]# grep -i mech/etc/sysconfig/saslauthd
# Mechanism to use when checkingpasswords. Run "saslauthd -v"to get a list
# of which mechanism your installation wascompiled with the ablity to use.
MECH=ldap
調整配置etc/saslauthd.conf,如果不可以,重啟saslauthd服務
安裝svn并測試
安裝略過~~~~~
svn通過ldap認證
這是不成功的,提示權限認證有問題
[root@vm0021 openldap]# svn checkoutsvn://10.1.11.149 /tmp --username=user1 --password=user1
Authentication realm:<svn://10.1.11.149:3690> My First Repository
Username: user1
Password for 'user1':
接下來操作給權限
[root@vm0021 conf]# ll /etc/sasl2/
total 4
-rw-r--r-- 1 root root 49 Nov 10 2015 smtpd.conf
[root@vm0021 conf]# vi/etc/sasl2/svn.conf #默認不存在,創建一個文件
[root@vm0021 conf]# cat /etc/sasl2/svn.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOCIN
[root@vm0021 conf]# pwd
/svn/project/conf
[root@vm0021 conf]# sed -i 's@# use-sasl =true@use-sasl = true@g' svnserve.conf
[root@vm0021 conf]# grep use-saslsvnserve.conf
use-sasl = true #去掉這行注釋
[root@vm0021 openldap]# cd/svn/project/conf/
[root@vm0021 conf]# pkill svnserve
[root@vm0021 conf]# lsof -i :3690
[root@vm0021 conf]# svnserve -d -r/svn/project/
[root@vm0021 conf]# lsof -i :3690
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
svnserve 30088 root 3u IPv4 157380 0t0 TCP *:svn (LISTEN)
[root@vm0021 conf]# diff svnserve.conf.baksvnserve.conf
12,13c12,13
< # anon-access = read
< # auth-access = write
---
> anon-access = none
> auth-access = write
20c20
< # password-db = passwd
---
> password-db = /svn/project/conf/passwd
27c27
< # authz-db = authz
---
> authz-db = /svn/project/conf/authz
32c32
< # realm = My First Repository
---
> realm = My First Repository
40c40
< # use-sasl = true
---
> use-sasl = true
[root@vm0021 openldap]# svn checkoutsvn://10.1.11.149 /tmp --username=user1 --password=user1
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<svn://10.1.11.149:3690> My First Repository
can only be stored to diskunencrypted! You are advised toconfigure
your system so that Subversion can storepasswords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of thiswarning by setting the value
of the 'store-plaintext-passwords' optionto either 'yes' or 'no' in
'/root/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes
svn: Authorization failed #提示授權失敗,這是因為我之前的svn服務修改了好幾處配置文件,接下來恢復原始配置試試
出現authorization failed異常,一般都是authz文件里,用戶組或者用戶權限沒有配置好,只要設置[/]就可以,代表根目錄下所有的資源,如果要限定資源,可以加上子目錄即可
[root@vm0021 conf]# mv svnserve.conf.baksvnserve.conf
mv: overwrite `svnserve.conf'? y
[root@vm0021 conf]# ll
total 12
-rwx------ 1 root root 1140 Mar 16 15:31authz
-rwx------ 1 root root 340 Mar 16 15:31 passwd
-rw-r--r-- 1 root root 2279 Dec 14 16:00svnserve.conf
[root@vm0021 conf]# cp svnserve.confsvnserve.conf.bak
[root@vm0021 conf]# sed -i 's@# use-sasl =true@use-sasl = true@g' svnserve.conf
[root@vm0021 conf]# diff svnserve.conf.baksvnserve.conf
40c40
< # use-sasl = true
---
> use-sasl = true
[root@vm0021 conf]# pkill svnserve
[root@vm0021 conf]# lsof -i :3690
[root@vm0021 conf]# svnserve -d -r/svn/project/
[root@vm0021 conf]# lsof -i :3690
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
svnserve 30131 root 3u IPv4 157592 0t0 TCP *:svn (LISTEN)
[root@vm0021 conf]# svn checkoutsvn://10.1.11.149 /tmp --username=user1 --password=user1
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<svn://10.1.11.149:3690> 45e01b91-73e4-4b5e-bf37-88c21b61a46b
can only be stored to diskunencrypted! You are advised toconfigure
your system so that Subversion can storepasswords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of thiswarning by setting the value
of the 'store-plaintext-passwords' optionto either 'yes' or 'no' in
'/root/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes
Checked out revision 6.
此時成功了
我們在windows下測試一下
以下就表示成功
如有不明白的請聯系作者~~~
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
