OpenLDAP2 4 44安裝和配置

2021-09-21 13:50:44 字數 4943 閱讀 3133

openldap2.4.44安裝和配置

修改selinux

# vi /etc/selinux/config

將selinux=enforcing改為:selinux=disabled

setenforce 0

一、安裝openldap

1、安裝

yum install -y openldap openldap-clients openldap-servers migrationtools

yum -y install openldap-*

3、修改根dn與新增密碼

vi /etc/openldap/slapd.d/cn\=config/olcdatabase\=\hdb.ldif

修改內容:

olcsuffix: dc=domian,dc=com

olcrootdn: cn=root,dc=domian,dc=com

新增內容:

olcrootpw: r2fcl6exxgr8okkawrouqdczkqxrh7be

備註:密碼就是和後面的那一串,此處使用上面生成的密碼替換。

[root@vm211 cn=config]# cat olcdatabase=hdb.ldif

# auto-generated file - do not edit!! use ldapmodify.

# crc32 9bf1453b

dn: olcdatabase=hdb

objectclass: olcdatabaseconfig

objectclass: olchdbconfig

olcdatabase: hdb

olcdbdirectory: /var/lib/ldap

#olcsuffix: dc=my-domain,dc=com

#olcrootdn: cn=manager,dc=my-domain,dc=com

olcsuffix: dc=users,dc=cms

olcrootdn: cn=admin,dc=users,dc=cms

olcdbindex: objectclass eq,pres

olcdbindex: ou,cn,mail,surname,givenname eq,pres,sub

structuralobjectclass: olchdbconfig

entryuuid: 6f0d2d6c-e5e4-1038-9256-afe9e047c07b

creatorsname: cn=config

createtimestamp: 20190328203304z

entrycsn: 20190328203304.923548z#000000#000#000000

modifiersname: cn=config

modifytimestamp: 20190328203304z

olcrootpw: hwp0w7xkbltsfdgrg0fxz5daer5lkzov

4、修改驗證

vi /etc/openldap/slapd.d/cn\=config/olcdatabase\=\monitor.ldif

olcaccess: to * by dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=extern

al,cn=auth" read by dn.base="cn=root,dc=domain,dc=com" read by * none

[root@vm211 cn=config]# cat olcdatabase=monitor.ldif

# auto-generated file - do not edit!! use ldapmodify.

# crc32 43c7c2c2

dn: olcdatabase=monitor

objectclass: olcdatabaseconfig

olcdatabase: monitor

#olcaccess: to * by dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=extern

# al,cn=auth" read by dn.base="cn=manager,dc=my-domain,dc=com" read by * none

olcaccess: to * by dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=extern

al,cn=auth" read by dn.base="cn=admin,dc=users,dc=cms" read by * none

structuralobjectclass: olcdatabaseconfig

entryuuid: 6f0d29b6-e5e4-1038-9255-afe9e047c07b

creatorsname: cn=config

createtimestamp: 20190328203304z

entrycsn: 20190328203304.923453z#000000#000#000000

modifiersname: cn=config

modifytimestamp: 20190328203304z

5、配置db資料庫

cp /usr/share/openldap-servers/db_config.example /var/lib/ldap/db_config

chown ldap:ldap -r /var/lib/ldap

chmod 700 -r /var/lib/ldap

6、驗證

slaptest -u

看見:config file testing succeeded  #驗證成功,否則失敗。

7、授權,若不授權啟動時或報錯,許可權不足

chown ldap:ldap -r /var/run/openldap

chown -r ldap:ldap /etc/openldap/

8、啟動

systemctl start slapd

systemctl enable slapd

9、執行ldapsearch -x檢查是否有如下輸出

ldapsearch -x -b '' -s base'(objectclass=*)'

# extended ldif

## ldapv3

# base <> with scope baseobject

# filter: (objectclass=*)

# requesting: all##

dn:objectclass: top

objectclass: openldaprootdse

# search result

search: 2

result: 0 success

如顯示上面資訊,表示服務已經啟動成功。

基礎命令:

mkdir -p /data/service/ldap_server

新增使用者:

1、先行新增

[root@localhost ldap_server]# cat base.ldif 

dn: dc=users,dc=cms

o: domain com

dc: users

objectclass: top

objectclass: dcobject

objectclass: organization

dn: cn=admin,dc=users,dc=cms

cn: admin

objectclass: organizationalrole

description: directory manager

dn: ou=people,dc=users,dc=cms

ou: people

objectclass: top

objectclass: organizationalunit

dn: ou=group,dc=users,dc=cms

ou: group

objectclass: top

objectclass: organizationalunit

ldapadd -x -h localhost -d "cn=admin,dc=users,dc=cms" -w ldap123 -f base.ldif  ##建立上級目錄

2、新增使用者

[ops@vm211 ldap_server]$ cat user.ldif

dn: ou=managers,dc=users,dc=cms

ou: managers 

objectclass: top

objectclass: organizationalunit

dn:cn=cms.admin,ou=managers,dc=users,dc=cms

cn:cms.admin

sn:publisher

objectclass:person

userpassword:123456ca

dn:cn=cms.dev,ou=managers,dc=users,dc=cms

cn:cms.dev

sn:publisher

objectclass:person

userpassword:123456cd

dn:cn=cms.qa,ou=managers,dc=users,dc=cms

cn:cms.qa

sn:publisher

objectclass:person

userpassword:123456cq

ldapadd -x -h localhost -d "cn=admin,dc=users,dc=cms" -w ldap123 -f user.ldif

ldapsearch -x -h localhost -b "dc=users,dc=cms" -d "cn=admin,dc=users,dc=cms" -lll -w

安裝OpenLDAP步驟

磨礪技術珠磯,踐行資料之道,追求卓越價值 回到上一級頁面 postgresql雜記頁 回到頂級頁面 postgresql索引頁 作者 高健 luckyjackgao gmail.com 今日安裝openldap的時候,出現了各種狀況,查閱各種資料後安裝成功 最後整理了安裝步驟。寫下這些步驟,主要是為...

OpenLDAP安裝及配置

1.安裝 1.1 檢視 yum list grep openldap1.2 安裝 yum install openldap 2.配置 2.1 建立slapd.config配置檔案 cp usr share openldap servers slapd.conf.obsolete etc openld...

openldap 安裝 配置

openldap是輕型目錄訪問協議 lightweight directory access protocol,ldap 的開源實現,是較常用的一種目錄服務。openldap版本openldap 2.4.35 berkelydb版本db 4.7.25 然後解壓安裝berkelydb tar xvzf...