软件安装
# yum -y install openldap-servers openldap-clients
# systemctl start slapd
# systemctl enable slapd
密码修改
# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
# vim chrootpw.ldif # specify the password generated above for "olcRootPW" section dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx // copy above # ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
基础Schema导入
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
Ldap域数据生成
vim chdomain.ldif
# less chdomain.ldif # replace to your own domain name for "dc=***,dc=***" section dn:olcDatabase={2}hdb,cn=config changetype:modify replace:olcSuffix olcSuffix:dc=cnicg,dc=cn dn:olcDatabase={2}hdb,cn=config changetype:modify replace:olcRootDN olcRootDN:cn=Manager,dc=cnicg,dc=cn dn: olcDatabase={1}monitor,cn=config changetype:modify replace:olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=cnicg,dc=cn" read by * none
# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
基础域数据
vim basedomain.ldif
# replace to your own domain name for "dc=***,dc=***" section dn: dc=cnicg,dc=cn objectClass: top objectClass: dcObject objectclass: organization o: cnicg cn dc: cnicg dn: cn=Manager,dc=cnicg,dc=cn objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=cnicg,dc=cn objectClass: organizationalUnit ou: People dn: ou=Group,dc=cnicg,dc=cn objectClass: organizationalUnit ou: Group
# ldapadd -x -D cn=Manager,dc=cnicg,dc=cn -W -f basedomain.ldif