zoukankan      html  css  js  c++  java
  • Centos7搭建Open-ldap

    OpenLDAP是轻型目录访问协议(Lightweight Directory Access Protocol,LDAP)的自由和开源的实现,可用于实现统一认证

    一、安装环境

    安装方式:yum

    系统:centos7.4

    openldap版本:2.4.44

    二、安装openldap

    1.安装相关软件

    yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools

    2.初始化配置

    (1)修改数据目录

    mkdir -p /opt/morefun-ldap/{ldap-data,ldap-init}
    chown -R ldap.ldap /opt/morefun-ldap
    sed -i 's#olcDbDirectory: /var/lib/ldap#olcDbDirectory: /opt/morefun-ldap/ldap-data#g' cat /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
    systemctl start slapd
    systemctl enable slapd

    (2)初始化管理员账号密码

    cd /opt/dingkai-ldap/ldap-init
      slappasswd -s dingkai  #生成密码串
       {SSHA}dHcJtKCaBrl+PlVg55LhXrAcSFQWxvBF
    
    cat >chrootpw.ldif<<EOF
    #specify the password generated above for "olcRootPW" section
    dn: olcDatabase={0}config,cn=config
    changetype: modify
    add: olcRootPW
    olcRootPW: {SSHA}dHcJtKCaBrl+PlVg55LhXrAcSFQWxvBF
    EOF
    
    ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
    ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
    
    cat >chdomain.ldif<<EOF
    #replace to your own domain name for "dc=***,dc=***" section
    #specify the password generated above for "olcRootPW" section
    dn: olcDatabase={1}monitor,cn=config
    changetype: modify
    replace: olcAccess
    olcAccess: {0}to *
      by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
      by dn.base="cn=admin,dc=dingkai,dc=com" read
      by * none
    
    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    replace: olcSuffix
    olcSuffix: dc=dingkai,dc=com
    
    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    replace: olcRootDN
    olcRootDN: cn=admin,dc=dingkai,dc=com
    
    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    add: olcRootPW
    olcRootPW: {SSHA}dHcJtKCaBrl+PlVg55LhXrAcSFQWxvBF
    
    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    add: olcAccess
    olcAccess: {0}to attrs=userPassword,shadowLastChange
      by dn="cn=admin,dc=dingkai,dc=com" write
      by anonymous auth by self write
      by * none
    olcAccess: {1}to dn.base=""
      by * read
    olcAccess: {2}to *
      by dn="cn=admin,dc=dingkai,dc=com" write
      by * read
    EOF
    
    ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/chdomain.ldif
    
    #添加基础组 cat >basedomain.ldif << EOF #replace to your own domain name for "dc=***,dc=***" section dn: dc=dingkai,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Example Inc. dc: dingkai dn: cn=admin,dc=dingkai,dc=com objectClass: organizationalRole cn: admin description: Directory Administrator dn: ou=user,dc=dingkai,dc=com objectClass: organizationalUnit ou: user dn: ou=group,dc=dingkai,dc=com objectClass: organizationalUnit ou: group EOF ldapadd -x -D cn=admin,dc=dingkai,dc=com -W -f /root/basedomain.ldif

    (3)加载memberof模块

    cat >memberof_config.ldif<<EOF
    dn: cn=module,cn=config
    cn: module
    objectClass: olcModuleList
    olcModuleLoad: memberof
    olcModulePath: /usr/lib64/openldap
    
    dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config
    objectClass: olcConfig
    objectClass: olcMemberOf
    objectClass: olcOverlayConfig
    objectClass: top
    olcOverlay: memberof
    olcMemberOfDangling: ignore
    olcMemberOfRefInt: TRUE
    olcMemberOfGroupOC: groupOfNames
    olcMemberOfMemberAD: member
    olcMemberOfMemberOfAD: memberOf
    EOF
    
    ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif
    
    cat >refint1.ldif<<EOF
    dn: cn=module{0},cn=config
    add: olcmoduleload
    olcmoduleload: refint
    EOF
    
    ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif
    
    
    cat >refint2.ldif<<EOF
    dn: olcOverlay={1}refint,olcDatabase={2}hdb,cn=config
    objectClass: olcConfig
    objectClass: olcOverlayConfig
    objectClass: olcRefintConfig
    objectClass: top
    olcOverlay: {1}refint
    olcRefintAttribute: memberof member manager owner
    EOF
    
    ldapadd -Q -Y EXTERNAL -H ldapi:/// -f efint1.ldif

     3.测试搜索添加的目录

    ldapsearch -x -b "dc=dingkai,dc=com"

    二、安装图形界面管理工具(phpldapadmin或ldap-account-manager选择其一即可)

    lam【https://www.ldap-account-manager.org/lamcms/】

    详细文档见后续

  • 相关阅读:
    06 is和==的区别 encode()编码 decode()解码
    05 dic的增删改查 字典的嵌套 考试题dic.get()的相关使用
    03 编码 int ,bool,str的常用操作 主要讲str
    01 基本数据类型 变量 if语句
    04 列表的增删改查 常用方法 元祖 range
    02 while循环 格式化输出 运算符
    多校2 Harmonious Army hdu6598 网络流
    P3159 [CQOI2012]交换棋子 网络流
    P2172 [国家集训队]部落战争 最大流
    P2402 奶牛隐藏 网络流
  • 原文地址:https://www.cnblogs.com/dingkailinux/p/9480184.html
Copyright © 2011-2022 走看看