openldap2.4.44安裝和配置
修改selinux
# vi /etc/selinux/config
將selinux=enforcing改為:selinux=disabled
setenforce 0
一、安裝openldap
1、安裝
yum install -y openldap openldap-clients openldap-servers migrationtools
yum -y install openldap-*
3、修改根dn與新增密碼
vi /etc/openldap/slapd.d/cn\=config/olcdatabase\=\hdb.ldif
修改內容:
olcsuffix: dc=domian,dc=com
olcrootdn: cn=root,dc=domian,dc=com
新增內容:
olcrootpw: r2fcl6exxgr8okkawrouqdczkqxrh7be
備註:密碼就是和後面的那一串,此處使用上面生成的密碼替換。
[root@vm211 cn=config]# cat olcdatabase=hdb.ldif
# auto-generated file - do not edit!! use ldapmodify.
# crc32 9bf1453b
dn: olcdatabase=hdb
objectclass: olcdatabaseconfig
objectclass: olchdbconfig
olcdatabase: hdb
olcdbdirectory: /var/lib/ldap
#olcsuffix: dc=my-domain,dc=com
#olcrootdn: cn=manager,dc=my-domain,dc=com
olcsuffix: dc=users,dc=cms
olcrootdn: cn=admin,dc=users,dc=cms
olcdbindex: objectclass eq,pres
olcdbindex: ou,cn,mail,surname,givenname eq,pres,sub
structuralobjectclass: olchdbconfig
entryuuid: 6f0d2d6c-e5e4-1038-9256-afe9e047c07b
creatorsname: cn=config
createtimestamp: 20190328203304z
entrycsn: 20190328203304.923548z#000000#000#000000
modifiersname: cn=config
modifytimestamp: 20190328203304z
olcrootpw: hwp0w7xkbltsfdgrg0fxz5daer5lkzov
4、修改驗證
vi /etc/openldap/slapd.d/cn\=config/olcdatabase\=\monitor.ldif
olcaccess: to * by dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=root,dc=domain,dc=com" read by * none
[root@vm211 cn=config]# cat olcdatabase=monitor.ldif
# auto-generated file - do not edit!! use ldapmodify.
# crc32 43c7c2c2
dn: olcdatabase=monitor
objectclass: olcdatabaseconfig
olcdatabase: monitor
#olcaccess: to * by dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=extern
# al,cn=auth" read by dn.base="cn=manager,dc=my-domain,dc=com" read by * none
olcaccess: to * by dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=admin,dc=users,dc=cms" read by * none
structuralobjectclass: olcdatabaseconfig
entryuuid: 6f0d29b6-e5e4-1038-9255-afe9e047c07b
creatorsname: cn=config
createtimestamp: 20190328203304z
entrycsn: 20190328203304.923453z#000000#000#000000
modifiersname: cn=config
modifytimestamp: 20190328203304z
5、配置db資料庫
cp /usr/share/openldap-servers/db_config.example /var/lib/ldap/db_config
chown ldap:ldap -r /var/lib/ldap
chmod 700 -r /var/lib/ldap
6、驗證
slaptest -u
看見:config file testing succeeded #驗證成功,否則失敗。
7、授權,若不授權啟動時或報錯,許可權不足
chown ldap:ldap -r /var/run/openldap
chown -r ldap:ldap /etc/openldap/
8、啟動
systemctl start slapd
systemctl enable slapd
9、執行ldapsearch -x檢查是否有如下輸出
ldapsearch -x -b '' -s base'(objectclass=*)'
# extended ldif
## ldapv3
# base <> with scope baseobject
# filter: (objectclass=*)
# requesting: all##
dn:objectclass: top
objectclass: openldaprootdse
# search result
search: 2
result: 0 success
如顯示上面資訊,表示服務已經啟動成功。
基礎命令:
mkdir -p /data/service/ldap_server
新增使用者:
1、先行新增
[root@localhost ldap_server]# cat base.ldif
dn: dc=users,dc=cms
o: domain com
dc: users
objectclass: top
objectclass: dcobject
objectclass: organization
dn: cn=admin,dc=users,dc=cms
cn: admin
objectclass: organizationalrole
description: directory manager
dn: ou=people,dc=users,dc=cms
ou: people
objectclass: top
objectclass: organizationalunit
dn: ou=group,dc=users,dc=cms
ou: group
objectclass: top
objectclass: organizationalunit
ldapadd -x -h localhost -d "cn=admin,dc=users,dc=cms" -w ldap123 -f base.ldif ##建立上級目錄
2、新增使用者
[ops@vm211 ldap_server]$ cat user.ldif
dn: ou=managers,dc=users,dc=cms
ou: managers
objectclass: top
objectclass: organizationalunit
dn:cn=cms.admin,ou=managers,dc=users,dc=cms
cn:cms.admin
sn:publisher
objectclass:person
userpassword:123456ca
dn:cn=cms.dev,ou=managers,dc=users,dc=cms
cn:cms.dev
sn:publisher
objectclass:person
userpassword:123456cd
dn:cn=cms.qa,ou=managers,dc=users,dc=cms
cn:cms.qa
sn:publisher
objectclass:person
userpassword:123456cq
ldapadd -x -h localhost -d "cn=admin,dc=users,dc=cms" -w ldap123 -f user.ldif
ldapsearch -x -h localhost -b "dc=users,dc=cms" -d "cn=admin,dc=users,dc=cms" -lll -w
安裝OpenLDAP步驟
磨礪技術珠磯,踐行資料之道,追求卓越價值 回到上一級頁面 postgresql雜記頁 回到頂級頁面 postgresql索引頁 作者 高健 luckyjackgao gmail.com 今日安裝openldap的時候,出現了各種狀況,查閱各種資料後安裝成功 最後整理了安裝步驟。寫下這些步驟,主要是為...
OpenLDAP安裝及配置
1.安裝 1.1 檢視 yum list grep openldap1.2 安裝 yum install openldap 2.配置 2.1 建立slapd.config配置檔案 cp usr share openldap servers slapd.conf.obsolete etc openld...
openldap 安裝 配置
openldap是輕型目錄訪問協議 lightweight directory access protocol,ldap 的開源實現,是較常用的一種目錄服務。openldap版本openldap 2.4.35 berkelydb版本db 4.7.25 然後解壓安裝berkelydb tar xvzf...