#####################ldap########################
yum install *ltdl* -y
cd /opt/
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.46.tgz
tar -zxvf openldap-2.4.46.tgz
wget http://download.Oracle.com/berkeley-db/db-5.1.29.tar.gz
tar -zxvf db-5.1.29.tar.gz
mv db-5.1.29 /usr/local/src/
cd /usr/local/src/db-5.1.29/build_unix/
../dist/configure --prefix=/usr/local/berkeleydb-5.1.29
make && make install
echo "/usr/local/berkeleydb-5.1.29/lib/" > /etc/ld.so.conf
ldconfig -v
cd /opt/openldap-2.4.46
./configure --prefix=/usr/local/openldap --enable-syslog --enable-modules --enable-debug --with-tls
make depend
make
make install
ln -s /usr/local/openldap/bin/* /usr/local/bin/
ln -s /usr/local/openldap/sbin/* /usr/local/sbin/openldap安装完成后相关目录承载的功能如下:
bin/ --客户端工具如ldapadd、ldapsearch
etc/ --包含主配置文件slapd.conf、schema、DB_CONFIG等
include/
lib/
libexec/ --服务端启动工具slapd
sbin/ --服务端工具如slappasswd
share/
var/ --bdb数据、log存放目录
cd /usr/local/openldap
#slappasswd
New password:
Re-enter new password:
{SSHA}ASZjRd33L5Dwu+fdApuTbhZYV/wChxB/
{SSHA}2wLmhwVB8IpgZj3snlmkIADMoaBp4OTf
#设置rootdn密码
#这样rootdn密码为密文方式,复制输出密文到主配置文件rootdn对应的位置即可,如果不想麻烦,可以忽略此步,在主配置文件中使用明文即可。
主配置文件slapd.conf
/usr/local/openldap/etc/openldap
vim slapd.conf
添加以下内容
#schema默认只有core.schema,各级需要添加,这里将同配置文件一个目录的schema目录中有的schema文件都加到配置文件中
include /usr/local/openldap/etc/openldap/schema/collective.schema
include /usr/local/openldap/etc/openldap/schema/corba.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/duaconf.schema
include /usr/local/openldap/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/java.schema
include /usr/local/openldap/etc/openldap/schema/misc.schema
include /usr/local/openldap/etc/openldap/schema/nis.schema
include /usr/local/openldap/etc/openldap/schema/openldap.schema
include /usr/local/openldap/etc/openldap/schema/pmi.schema
include /usr/local/openldap/etc/openldap/schema/ppolicy.schema#新增日志文件级别与路径,需要在编译时--enable-debug,否则日志文件输出,不影响调试模式。
loglevel 256
logfile /usr/local/openldap/var/slapd.log #修改域名及管理员账户名,下文为默认
suffix "dc=yoyi,dc=com"
rootdn "cn=admin,dc=yoyi,dc=com"
#修改域名及管理员账户名
rootpw {SSHA}2wLmhwVB8IpgZj3snlmkIADMoaBp4OTf
#如果采用mdb做后端数据库,此步可忽略,DB_CONFIG是 bdb/hdb数据库使用的
#与主配置文件中的配置有关,主配置文件确定使用bdb与数据存放路径。
cd /usr/local/openldap/var/openldap-data/
cp DB_CONFIG.example DB_CONFIG
启动openladp
/usr/local/openldap/libexec/slapd
验证
ps aux|grep slapd
ldapsearch -x -b '' -s base'(objectclass=*)'
创建管理员账号
# vim yoyi.ldif
dn: dc=yoyi,dc=com
objectclass: dcObject
objectclass: organization
o: yoyi.Inc
dc: yoyi
dn: cn=admin,dc=yoyi,dc=com
objectclass: organizationalRole
cn: admin#ldapadd -x -D "cn=admin,dc=yoyi,dc=com" -W -f yoyi.ldif
#注如此步 报错:ldap_bind: Invalid credentials (49)
#需重启 重新生成密码 或重启ldap服务
#成功显示如下
Enter LDAP Password:
adding new entry "dc=yoyi,dc=com"
adding new entry "cn=admin,dc=yoyi,dc=com"
这时就可以登录了。
#################ldap & dokuwiki###########################################
管理-扩展插件管理-激活 LDAP Auth Plugin
管理—配置设置-Authldap
ldap://192.168.5.121:389
389
userid=zhangxl,ou=www,dc=yoyi,dc=com
版本3
cn=admin,dc=yoyi,dc=com
认证设置
authldap
加密方式md5
superuser设置为 admin
保存退出即可
在/var/www/html/dokuwiki/conf下
local.php
$conf['title'] = '公司名称';
$conf['lang'] = 'zh';
$conf['license'] = 'cc-by-sa';
$conf['useacl'] = 1;
$conf['authtype'] = 'authldap';
$conf['passcrypt'] = 'md5';
$conf['superuser'] = 'admin';
$conf['disableactions'] = 'register';
$conf['plugin']['authldap']['server'] = 'ldap://192.168.5.121:389';
$conf['plugin']['authldap']['usertree'] = 'userid=zhangxl,ou=www,dc=yoyi,dc=com';
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['binddn'] = 'cn=admin,dc=yoyi,dc=com';
$conf['plugin']['authldap']['bindpw'] = '123456';
$conf['plugin']['authldap']['debug'] = 1;即可使用ldap密码登陆wiki
注:用wiki acl 对用户进行访问限制
#################ldap & svn###########################################
配置apache 支持ldap
yum install mod_ldap -y
yum 安装的http会在 /etc/httpd/conf.modules.d目录下生成文件01-ldap.conf
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
配置apache conf 支持svn,下例中 添加了虚拟端口主机
Listen 8083
<VirtualHost 192.168.5.121:8083>
ServerAdmin svn.com
ServerName yoyi.svn.com
ErrorLog logs/svn.com-error_log
CustomLog logs/svn.com-access_log common
<Location />
DAV svn
SVNListParentPath on
SVNParentPath /home/svn/data
AuthType Basic
AuthName "SVN"
#AuthUserFile /home/svn/subversion/conf/passwd.conf
AuthzSVNAccessFile /home/svn/subversion/conf/authz.conf
AuthBasicProvider ldap
AuthLDAPURL "ldap://192.168.5.121:389/ou=www,dc=yoyi,dc=com"
AuthLDAPBindDN "cn=admin,dc=yoyi,dc=com"
AuthLDAPBindPassword "123456"
Require valid-user
</Location>
</VirtualHost>注:访问控制文件 AuthzSVNAccessFile /home/svn/subversion/conf/authz.conf
密码文件为注释,采用ldap #AuthUserFile /home/svn/subversion/conf/passwd.conf
重启apache 与svn即可
vim /home/svn/data/repos/conf/svnserve.conf
anon-access = none
auth-access = write
#################ldap & gitlab##########################################
vim /etc/yum.repos.d/gitlab.repo
[gitlab]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1yum makecache
yum install gitlab-ce -y
gitlab-ctl start 启动
/etc/gitlab/gitlab.rb 默认配置文件
gitlab-rake gitlab:check SANITIZE=true --trace 检查配置
gitlab-ctl tail -unicron 查看日志
注:因本测试机安装了apache ,并应用中所以修改 nginx及unicron端口
vim /var/opt/gitlab/nginx/conf/gitlab-http.conf
listen *:8085;
vim /var/opt/gitlab/gitlab-rails/etc/unicorn.rb
listen "127.0.0.1:8086", :tcp_nopush => true
gitlab-ctl restart 重启
gitlab-ctl reconfigure 重新加载配置文件;重新加载后 以上修改端口的失效,需要重新配置,或直接更改默认配置文件gitlab.rb
运行后最后一行为“gitlab Reconfigured!”才说明是加载新配置成功,否则就是根据报错信息找错误
gitlab-rake gitlab:ldap:check
验证用户,显示ldap用户 列表。在配置文件/etc/gitlab/gitlab.rb 修改nginx及unicron端口,这样 reconfigure后不用再去更改文件
external_url 'http://localhost'
unicorn['listen'] = '127.0.0.1'
unicorn['port'] = 8086
nginx['listen_addresses'] = ['*']
nginx['listen_port'] = 8085
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main:
label: 'LDAP'
host: '192.168.5.121'
port: 389
uid: 'uid'
method: 'plain'
bind_dn: 'cn=admin,dc=yoyi,dc=com'
password: '123456'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: 'ou=www,dc=yoyi,dc=com'
user_filter: ''
attributes:
username: ['uid']
email: ['email']
name: 'userid'
first_name: 'givenName'
last_name: 'sn'
EOSgitlab-ctl reconfigure 重新加载配置文件
gitlab-ctl restart 重启
#################ldap & jira##########################################
下载
https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-7.11.2-x64.bin
https://pan.baidu.com/s/1J-XDC7Ku0zgHwCkcdh7XAg
chmod 755 atlassian-jira-software-7.11.2-x64.bin
./atlassian-jira-software-7.11.2-x64.bin
OK [o, Enter], Cancel [c]
默认回车
Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing JIRA installation [3]
1
Use default ports (HTTP: 8080, Control: 8005) - Recommended [1], Set custom value for HTTP and Control ports [2, Enter]
2
HTTP Port Number
[8080]
8088
Control Port Number
[8005]
8089
注:因服务器已使用8080-8085端口,所以配置其他端口
Install [i, Enter], Exit [e]
Yes [y, Enter], No [n]
Please wait a few moments while JIRA Software starts up.
Launching JIRA Software ...
Installation of JIRA Software 7.11.2 is complete
Your installation of JIRA Software 7.11.2 is now ready and can be accessed
via your browser.
JIRA Software 7.11.2 can be accessed at http://localhost:8088
Finishing installation ...
配置完成,访问主机ip 配置mysql连接
I'll set it up myself
My Own Database
填写mysql库信息,测试连通性
注:报错“Could not find driver with class name: com.mysql.jdbc.Driver [duplicate]”
解决:https://confluence.atlassian.com/adminjiraserver/connecting-jira-applications-to-mysql-938846854.html#ConnectingJiraapplicationstoMySQL-jdbcdriver2.CopytheMySQLJDBCdrivertoyourapplicationserver
下载推荐的驱动程序 https://dev.mysql.com/downloads/connector/j/5.1.html
cp /opt/jira/mysql-connector-java-5.1.46/mysql-connector-java-5.1.46* /opt/atlassian/jira/lib/
Private
generate a Jira trial license 生成试用许可证
Server ID B60M-X69Z-PHKA-SPBM
SEN SEN-L12168393
License Key
AAABfg0ODAoPeNp9kU9vgkAQxe98ik16aQ9LRC1RE5IqkJRWlAhtmqaXLY64DSxkdrG1n74oGLX+S
Tjs7DLzfu/NTVQCGZYJMbqkbQw6m4/YTkTaLaOnJQgglnlRAOpjHoOQ4M654rmw3EnkzoKZF7rap
Mw+AaeLFwkoLWpodi4Ui9WEZWD9LplIfkpIgZvmQ5IxnupxnmlfHJl+0hmUGC+ZBIcpsDYItNWjx
r3WiEfrArZT7anvuzPbG453T+5PwXF90NenRndH4vqV7EWUEHAF6DnWyGz59M3sv9Pg8XlIw2Dk1
5wF5vMyVvqmoDJfqG+GoFeD+QoshSXUv12O6EyQ57xUmEKBYCK+4OcKzUmWjU7la+w5oTuhY6Ntm
L1Ov6NVlXV8c2VwqBgqQGvBUgnaFBMmuGS1wxVLy+2RNGqajbC9+L/BtH5/reA2ne2jSKByjQVy2
aTpgIyRF1uNJ282JGEDQ27rZd19DMhevKa/tI5zQR+KH/btZ9b1H076EeYwLQIVAJSoCeElcxvQD
qPxrzWWwTq0v386AhQsylD8JrlWqKQh5Iqov/RVNEJBIQ==X02im
set up administrator account
admin 123456选择语言、其他 配置完成。
破解jira
atlassian-extras-3.1.2.jar https://pan.baidu.com/s/1J-XDC7Ku0zgHwCkcdh7XAg
复制到 默认路径/opt/atlassian/jira/atlassian-jira/WEB-INF/lib/
因安装为 3.2,所以需要重命名,否则不生效
mv atlassian-extras-3.2.jar atlassian-extras-3.2.jar.bak
mv atlassian-extras-3.1.2.jar atlassian-extras-3.2.jar
重启服务,登陆查看破解完成。
ldap配置
管理-用户管理-用户目录-添加目录-内部ldap 或 ldap
服务器设置
名称: 自定义
目录类型: OpenLDAP
主机名:192.168.5.121
端口: 389
用户名: cn=admin,dc=yoyi,dc=com
密码: 123456
登录时复制用户 勾选
默认组成员: jira-software-users (添加软件登陆权限)
首次登录系统后,将添加的组成员列表,且每个成员以逗号分开。如果不存在该组,则会自动创建这个组。
同步组成员
LDAP模式
基本DN: dc=yoyi,dc=com
用户名属性 cn
用户模式设置
附加用户DN: ou=www
用户名RDN属性: cn
用户电邮属性: email
组模式设置
附加组DN: cn=jira
组名属性:cn
测试连接即可。