zoukankan      html  css  js  c++  java
  • 2.openldap安装

    1.安装步骤如下

    1. 获取软件包
    2. 安装软件包(rpm或者源码编译)
    3. 生产openldap配置文件及数据库文件
    4. 配置
    5. 添加目录树条目
    6. 加载slapd进程
    7. 验证

    2.所需安装包说明

    1. openldap,openldap-devel服务端和客户端必须用的库文件
    2. openldap-clients 用于查看和修改目录的命令行包
    3. openldap-servers 用于启动服务和设置,包含单独的ldap后台守护程序
    4. openldap-servers-sql 支持sql模块
    5. compat-openldap openldap兼容性库

    3. 服务基本配置

    1. 设置主机名
    2. 关闭防火墙
    3. 关闭selinux
    4. 设置时间同步

    5.安装

    1. yum install  openldap-servers openldap-clients -y
    2. yum install openldap openldap-devel compat-openldap -y
    

    6.初始化配置

    1. cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
    2. cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
    3. cd /etc/openldap
    4. cp  -r slapd.d slapd.d.bak
    5. rm -rf slapd.d/*
    4. chown -R ldap.ldap /etc/openldap
    5. chown -R ldap.ldap /var/lib/ldap
    

    7. 修改slapd.conf

    #slappasswd
    输入密码
    New password: 我就不告诉你
    Re-enter new password: 我就不告诉你
    {SSHA}我就不告诉你
    #vim /etc/openldap/slapd.conf
    include         /etc/openldap/schema/corba.schema
    include         /etc/openldap/schema/core.schema
    include         /etc/openldap/schema/cosine.schema
    include         /etc/openldap/schema/duaconf.schema
    include         /etc/openldap/schema/dyngroup.schema
    include         /etc/openldap/schema/inetorgperson.schema
    include         /etc/openldap/schema/java.schema
    include         /etc/openldap/schema/misc.schema
    include         /etc/openldap/schema/nis.schema
    include         /etc/openldap/schema/openldap.schema
    include         /etc/openldap/schema/ppolicy.schema
    include         /etc/openldap/schema/collective.schema
    allow bind_v2
    pidfile         /var/run/openldap/slapd.pid
    argsfile        /var/run/openldap/slapd.args
    modulepath /usr/lib/openldap
    modulepath /usr/lib64/openldap
    database config
    access to *
            by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
            by * none
    
    database monitor
    access to *
            by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
            by dn.exact="cn=root,dc=liuyao,dc=com" read
            by * none
    database        bdb
    suffix          "dc=liuyao,dc=com"
    checkpoint      1024 15
    rootdn          "cn=root,dc=liuyao,dc=com"
    rootpw        {SSHA}我就不告诉你
    directory       /var/lib/ldap
    index objectClass                       eq,pres
    index ou,cn,mail,surname,givenname      eq,pres,sub
    index uidNumber,gidNumber,loginShell    eq,pres
    index uid,memberUid                     eq,pres,sub
    index nisMapName,nisMapEntry            eq,pres,sub
    

    8.生成相关数据

    #slaptest -f /etc/openldap/slapd.conf
    config file testing succeeded
    #slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
    #chown -R ldap.ldap /etc/openldap
    

    7. 日志配置

    创建日志目录
    #mkdir /var/log/slapd
    授权
    #chown ldap.ldap /var/log/slapd
    替换日志等级
    #sed -i "/local4.*/d" /etc/rsyslog.conf 
    替换
    #cat >> /etc/rsyslog.conf << EOF
    > local4.* /var/log/slapd/slapd.log
    > EOF
    启动
    #/etc/init.d/rsyslog start
    

    8. 修改日志级别

    #cat << EOF | ldapmodify -Y EXTERNAL -H ldapi:///
    dn: cn=config
    changetype = modify
    delete: olcLogLevel
    olcLogLevel: 0
    EOF
    
    #cat << EOF | ldapmodify -Y EXTERNAL -H ldapi:///
    dn: cn=config                 
    changetype: modify
    add: olcLogLevel
    olcLogLevel: 32
    EOF
    

    9.启动

    /etc/init.d/slapd start
    netstat -tnlp | grep 389
    tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      1907/slapd
    

    10.创建dn和ou

    #cat dn.ldif 
    内容如下
        dn: dc=liuyao,dc=com
        dc: liuyao
        objectclass: top
        objectclass: domain
    #执行操作 需要输入密码 就是刚刚在上面生成的
    ldapadd -xWD "cn=root,dc=liuyao,dc=com" -f  dn.ldif 
    
    #cat ou.ldif
    内容如下
        dn: ou=devops, dc=liuyao,dc=com
        changetype: add
        objectclass: top
        objectclass: organizationalUnit
        ou: devops
    #执行操作 需要输入密码 就是刚刚在上面生成的
    #ldapadd -xWD "cn=root,dc=liuyao,dc=com" -f ou.ldif
    
    

    11. 查看dn和ou

    # ldapsearch -x -LLL
    dn: dc=liuyao,dc=com
    dc: ixianlai
    objectClass: top
    objectClass: domain
        
    dn: ou=devops,dc=liuyao,dc=com
    objectClass: top
    objectClass: organizationalUnit
    ou: devops
    
  • 相关阅读:
    背水一战 Windows 10 (90)
    背水一战 Windows 10 (89)
    背水一战 Windows 10 (88)
    背水一战 Windows 10 (87)
    背水一战 Windows 10 (86)
    背水一战 Windows 10 (85)
    背水一战 Windows 10 (84)
    背水一战 Windows 10 (83)
    背水一战 Windows 10 (82)
    背水一战 Windows 10 (81)
  • 原文地址:https://www.cnblogs.com/liu-yao/p/2openldap-an-zhuang.html
Copyright © 2011-2022 走看看