zoukankan      html  css  js  c++  java
  • Linux_LDAP+NFS+autofs

    目录

    前言

    LDAP+NFS+Autofs也是一种网络用户集中管理解决方案,相对于NIS+NFS+Autofs而言,有着更可靠的安全性。

    Ldap

    LDAP(Lightweight Directory Access Protocol)轻量目录访问协议,它基于X.500标准的,与X.500不同,LDAP支持TCP/IP,这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义,所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到。

    LDAP+NFS+autofs

    ServerPost

    step1.

    yum install -y openldap openldap-clients openldap-servers

    step2.Change the dynamic ldap config file.

    mv slapd.d slapd.d.bak --> /etc/openldap

    step3. Use the static ldap config file.

    cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

    step4. Edit the LDAP config file in the section “database definitions” as below:
    vim /etc/openldap/slapd.conf

            # database definitions
            ################################################################
    
            database        bdb
            suffix          "dc=nice,dc=com"
            checkpoint      1024 15
            rootdn          "cn=Manager,dc=nice,dc=com"
            rootpw            fanguiju
            #################################################################
            #the meaning is assign the domain for storage the user account.
            #        cn=Manager-->ManagerAccount
            #        dc=nice,dc=com-->storage user account domain

    step5. Edit the ldap domain database config file.

    cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB__CONFIG
    
    chown ldap:ldap DB_CONFIG

    step6. Start ldap service

    service ldap start
    ldapsearch -x -b "dc=nice,dc=com"
            -x #简单明文方式发送

    step6. Converting local user infomation into LDAP user infomation also storage the LDAP user infomation to the database file.

    yum install -y migrationtools  --> migrationtools is a format conversion.

    vim /usr/share/migrationtools/migrate_common.ph

            $DEFAULT_MAIL.DOMAIN="nice.com"
            $DEFAULT_BASE="dc=nice,dc=com"

    Create base.ldif

     ./migrate_base.pl > base.ldif  #Converting the base info into LDAP info
     #Edit the base.ldif file as below(keep base item of nice,People,Group):
                dn: dc=nice,dc=com
                dc: nice
                objectClass: top
                objectClass: domain
    
                dn: ou=People,dc=nice,dc=com
                ou: People
                objectClass: top   
                objectClass: organizationalUnit
    
                dn: ou=Group,dc=nice,dc=com
                ou: Group
                objectClass: top
                objectClass: organizationalUnit

    Create user.ldif

    ./migrate_passwd.pl /etc/passwd > user.ldif   #Converting the user info into LDAP info, if you want to keep therein some user ,you can cut the user info in the passwd file also storage it to new file.将要加入到LDAP的用户留下

    Create group.ldif

    ./migrate_group.pl /etc/group > group.ldif    #Converting the group info into LDAP info, idem.

    step7. After converting,import the LDAP info to the DB file.

    ldapadd -D "cn=Manager,dc=nice,dc=com" -W -x -f base.ldif #input password of "jmilkfan".
    ldapadd -D "cn=Manager,dc=nice,dc=com" -W -x -f user.ldif
    ldapadd -D "cn=Manager,dc=nice,dc=com" -W -x -f group.ldif

    step8. Test the LDAP config again.

    ldapsearch -x -b "dc=nice,dc=com"

    step9. Setup the PHP env (phpldapadmin)

    yum install -y php php-ldap
    tar phpldapadmin -C /var/www/html #Source code install phpldapadmin
    cp /var/www/html/phpldapadmin/config/config.php.example /var/www/html/phpldapadmin/config/config.php

    step10. Login phpldapadmin via web protal.

     http://localhost/phpldapadmin

    step11. Create TLS(Transport Layer Security 安全传输协议) and check authentication certificate.

    sh certcreate.sh #create certificate by certcreate.sh script

    step12. Write TLS authentication certificate URL to the slap.conf.
    vim /etc/openldap/slapd.conf

    cp XXX.crt XXX.key /etc/openldap/certs
    cp XXX.crt /var/www/html --> client can download the cert file

    step13. Test the LDAP in clientPort.
    Add LDAP domain by imaging and login the LDAP user.

    step14. Setup the NFS
    vim /etc/exports

    /home    192.168.0.0/24(rw,sync)

    Restart service

    service nfs restart

    step15. Setup the autofs
    vim /etc/auto.master

    /home    /etc/auto.ldap
    cp /etc/auto.misc    /etc/auto.ldap

    vim /etc/auto.ldap

    *    -fstype==nfs,rw    LDAPServerIP:/home/&

    Restart service

    start autofs restart

    step16. Test the LNA

    su - LdapUserName
  • 相关阅读:
    1023. 组个最小数 (20)
    1048. Find Coins (25)
    1050. String Subtraction (20)
    1041. Be Unique (20)
    1047. 编程团体赛(20)
    1043. 输出PATest(20)
    Java基础学习总结(8)——super关键字
    Java基础学习总结(8)——super关键字
    Java基础学习总结(7)——Object类
    Java基础学习总结(7)——Object类
  • 原文地址:https://www.cnblogs.com/jmilkfan-fanguiju/p/7533765.html
Copyright © 2011-2022 走看看