1.環(huán)境準(zhǔn)備
操作系統(tǒng):Centos 7.5
主機名:t-10-10-35-15 IP地址:10.10.35.15
windows 電腦
需要安裝的軟件:
①JDK
②presto
③apacheds
官網(wǎng)地址:http://directory.apache.org/apacheds/
下載地址:
https://mirrors.bfsu.edu.cn/apache/directory/apacheds/dist/2.0.0.AM26/apacheds-2.0.0.AM26-64bit.bin
④Apache Directory Studio (windows 環(huán)境運行連接ApacheDS可視化工具)
官網(wǎng)地址:http://directory.apache.org/studio/
下載地址:
https://mirrors.bfsu.edu.cn/apache/directory/studio/2.0.0.v20200411-M15/ApacheDirectoryStudio-2.0.0.v20200411-M15-win32.win32.x86_64.zip
Centos服務(wù)器關(guān)閉防火墻和selinux
systemctl stop firewalld
setenforce 0
2.安裝JDK
Centos安裝jdk環(huán)境
tar -zxvf jdk8.0.202-linux_x64.tar.gz -C /data
vi ~/.bash_profile
export JAVA_HOME=/data/jdk8.0.202-linux_x64
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/jre/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
使配置生效
source ~/.bash_profile
查看java版本信息
java -version
3.安裝Presto
過程略坷备,網(wǎng)上很多教程都有
4.安裝ApacheDS
1.下載安裝包
cd /data
wget https://mirrors.bfsu.edu.cn/apache//directory/apacheds/dist/2.0.0.AM26/apacheds-2.0.0.AM26-64bit.bin
2.添加執(zhí)行權(quán)限
chmod +x apacheds-2.0.0.AM26-64bit.bin
3.安裝ApacheDS
輸入y 琼娘,后續(xù)直接回車顷扩,使用默認(rèn)配置
4.啟動ApacheDS
/etc/init.d/apacheds-2.0.0.AM26-default start #啟動
/etc/init.d/apacheds-2.0.0.AM26-default stop #停止
/etc/init.d/apacheds-2.0.0.AM26-default restart #重啟
5.查看啟動服務(wù)狀態(tài)
netstat -lntp
10636和10389為ApacheDS的默認(rèn)使用端口
5.Apache Directory Studio連接LDAP
Windows電腦下載Apache Directory Studio
官網(wǎng)地址:http://directory.apache.org/studio/
下載地址:
https://mirrors.bfsu.edu.cn/apache/directory/studio/2.0.0.v20200411-M15/ApacheDirectoryStudio-2.0.0.v20200411-M15-win32.win32.x86_64.zip
下載完成后解壓味混,并進入解壓目錄惰爬,雙擊ApacheDirectoryStudio.exe 運行
連接ApacheDS
設(shè)置用戶名密碼,默認(rèn):user:uid=admin,ou=system password:secret
添加分區(qū)
ctrl+s保存志电,登陸ApacheDS服務(wù)器重啟服務(wù)
/etc/init.d/apacheds-2.0.0.AM26-default restart
刷新新增的分區(qū)
添加組
添加用戶
添加用戶密碼
5.ApacheDS啟用LDAPS
登陸服務(wù)器
1.創(chuàng)建keystore
cd /var/lib/apacheds-2.0.0.AM26/default/conf/
keytool -genkeypair -alias apacheds -keyalg RSA -validity 3650 -keystore ads.keystore
chown apacheds:apacheds ./ads.keystore
2.導(dǎo)出證書骇笔,需要輸入密碼,密碼為上一步設(shè)置的值竿拆,這里為manager
keytool -export -alias apacheds -keystore ads.keystore -rfc -file apacheds.cer
3.將證書導(dǎo)入到系統(tǒng)證書庫宙拉,實現(xiàn)自認(rèn)證,這里的密鑰口令是默認(rèn)的:changeit
keytool -import -file apacheds.cer -alias apacheds -keystore /data/jdk8.0.202-linux_x64/jre/lib/security/cacerts
注意:-keystore 后面的值根據(jù)實際Jdk環(huán)境替換對應(yīng)的路徑
4.設(shè)置Apache Directory Studio 訪問LDAPS丙笋,測試LDAPS是否配置成功
打開Apache Directory Studio
證書為ApacheDS中生成的ads.keystore證書
ctrl+s保存谢澈,登陸ApacheDS服務(wù)器重啟服務(wù)
/etc/init.d/apacheds-2.0.0.AM26-default restart
重啟完成后,配置Apache Directory Studio支持LDAPS連接
LDAPS配置無誤御板,能正常連接
6.Presto配置LDAPS認(rèn)證
進入presto部署目錄
cd <presto部署目錄>/etc
①編輯config.properties配置文件
vi config.properties
添加以下配置:
http-server.authentication.type=PASSWORD #認(rèn)證模式
http-server.https.enabled=true #開啟https
http-server.https.port=8443 #https端口
http-server.https.keystore.path=/var/lib/apacheds-2.0.0.AM26/default/conf/ads.keystore #證書路徑
http-server.https.keystore.key=manager #證書密碼
②添加配置文件password-authenticator.properties
vi password-authenticator.properties
輸入以下配置(apacheds 創(chuàng)建的用戶):
password-authenticator.name=ldap
ldap.url=ldaps://t-10-10-35-15:10636
ldap.user-bind-pattern=uid=${USER},ou=people,dc=smartbi,dc=com
重啟presto即可锥忿。
Presto JDBC連接字符串參考:
jdbc:presto://t-10-10-35-15:8443?SSL=true&SSLKeyStorePath=/var/lib/apacheds-2.0.0.AM26/default/conf/ads.keystore&SSLKeyStorePassword=manager
