| [1] | Install OpenLDAP |
|
[root@dir ~]#
yum -y install openldap-servers openldap-clients
[root@dir ~]#
vi /etc/sysconfig/ldap
# line 16: uncomment and change
SLAPD_LDAPI= yes
[root@dir ~]#
vi /etc/openldap/slapd.conf
# create new
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
rm -rf /etc/openldap/slapd.d/*
[root@dir ~]# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config file testing succeeded [root@dir ~]#
vi /etc/openldap/slapd.d/cn=config/olcDatabase\={0}config.ldif
# line 4: change
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
[root@dir ~]#
vi /etc/openldap/slapd.d/cn=config/olcDatabase\={1}monitor.ldif
# create new
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig creatorsName: cn=config modifiersName: cn=config
chown -R ldap. /etc/openldap/slapd.d
[root@dir ~]#
chmod -R 700 /etc/openldap/slapd.d
[root@dir ~]# /etc/rc.d/init.d/slapd start
Starting slapd: [ OK ] [root@dir ~]#
chkconfig slapd on
|
| [2] | Initial Configuration |
| [root@dir ~]#
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/core.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=core,cn=schema,cn=config" [root@dir ~]#
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=cosine,cn=schema,cn=config" [root@dir ~]#
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=nis,cn=schema,cn=config" [root@dir ~]#
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=inetorgperson,cn=schema,cn=config" [root@dir ~]#
slappasswd
# generate password
New password: # input any one
Re-enter new password: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx [root@dir ~]#
vi backend.ldif
# create new
# replace the section "dc=***,dc=***" to your own suffix
# replace the section "olcRootPW: ***" to your own password generated by slappasswd above
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib64/openldap
olcModuleload: back_hdb
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcSuffix: dc=server,dc=world
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=server,dc=world
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcMonitoring: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=server,dc=world" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=server,dc=world" write by * read
[root@dir ~]#
ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module,cn=config" adding new entry "olcDatabase=hdb,cn=config"
[root@dir ~]#
vi frontend.ldif
# create new
# replace the section "dc=***,dc=***" to your own suffix
# replace the section "userPassword: ***" to your own password generated by slappasswd above
dn: dc=server,dc=world
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server World
dc: Server
dn: cn=admin,dc=server,dc=world
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx
dn: ou=people,dc=server,dc=world
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=server,dc=world
objectClass: organizationalUnit
ou: groups
ldapadd -x -D cn=admin,dc=server,dc=world -W -f frontend.ldif
Enter LDAP Password: # password you set
adding new entry "dc=server,dc=world" adding new entry "cn=admin,dc=server,dc=world" adding new entry "ou=people,dc=server,dc=world" adding new entry "ou=groups,dc=server,dc=world" |
| [3] | Add Existing local Users to LDAP Directory |
|
[root@dir ~]#
vi ldapuser.sh
# extract local users who have 500-999 digit UID
# replace "SUFFIX=***" to your own suffix # this is an example #!/bin/bash
SUFFIX='dc=server,dc=world'
LDIF='ldapuser.ldif'
echo -n > $LDIF
for line in `grep "x:[5-9][0-9][0-9]:" /etc/passwd | sed -e "s/ /%/g"`
do
UID1=`echo $line | cut -d: -f1`
NAME=`echo $line | cut -d: -f5 | cut -d, -f1`
if [ ! "$NAME" ]
then
NAME=$UID1
else
NAME=`echo $NAME | sed -e "s/%/ /g"`
fi
SN=`echo $NAME | awk '{print $2}'`
if [ ! "$SN" ]
then
SN=$NAME
fi
GIVEN=`echo $NAME | awk '{print $1}'`
UID2=`echo $line | cut -d: -f3`
GID=`echo $line | cut -d: -f4`
PASS=`grep $UID1: /etc/shadow | cut -d: -f2`
SHELL=`echo $line | cut -d: -f7`
HOME=`echo $line | cut -d: -f6`
EXPIRE=`passwd -S $UID1 | awk '{print $7}'`
FLAG=`grep $UID1: /etc/shadow | cut -d: -f9`
if [ ! "$FLAG" ]
then
FLAG="0"
fi
WARN=`passwd -S $UID1 | awk '{print $6}'`
MIN=`passwd -S $UID1 | awk '{print $4}'`
MAX=`passwd -S $UID1 | awk '{print $5}'`
LAST=`grep $UID1: /etc/shadow | cut -d: -f3`
echo "dn: uid=$UID1,ou=people,$SUFFIX" >> $LDIF
echo "objectClass: inetOrgPerson" >> $LDIF
echo "objectClass: posixAccount" >> $LDIF
echo "objectClass: shadowAccount" >> $LDIF
echo "uid: $UID1" >> $LDIF
echo "sn: $SN" >> $LDIF
echo "givenName: $GIVEN" >> $LDIF
echo "cn: $NAME" >> $LDIF
echo "displayName: $NAME" >> $LDIF
echo "uidNumber: $UID2" >> $LDIF
echo "gidNumber: $GID" >> $LDIF
echo "userPassword: {crypt}$PASS" >> $LDIF
echo "gecos: $NAME" >> $LDIF
echo "loginShell: $SHELL" >> $LDIF
echo "homeDirectory: $HOME" >> $LDIF
echo "shadowExpire: $EXPIRE" >> $LDIF
echo "shadowFlag: $FLAG" >> $LDIF
echo "shadowWarning: $WARN" >> $LDIF
echo "shadowMin: $MIN" >> $LDIF
echo "shadowMax: $MAX" >> $LDIF
echo "shadowLastChange: $LAST" >> $LDIF
echo >> $LDIF
done
sh ldapuser.sh
[root@dir ~]# ldapadd -x -D cn=admin,dc=server,dc=world -W -f ldapuser.ldif
Enter LDAP Password: # LDAP admin password
adding new entry "uid=cent,ou=people,dc=server,dc=world" adding new entry "uid=fedora,ou=people,dc=server,dc=world" adding new entry "uid=ubuntu,ou=people,dc=server,dc=world" adding new entry "uid=debian,ou=people,dc=server,dc=world" adding new entry "uid=fermi,ou=people,dc=server,dc=world" |
| [4] | Add existing local groups to LDAP directory. |
|
[root@dir ~]#
vi ldapgroup.sh
# extract local groups who have 500-999 digit UID
# replace "SUFFIX=***" to your own suffix # this is an example #!/bin/bash
SUFFIX='dc=server,dc=world'
LDIF='ldapgroup.ldif'
echo -n > $LDIF
for line in `grep "x:[5-9][0-9][0-9]:" /etc/group`
do
CN=`echo $line | cut -d: -f1`
GID=`echo $line | cut -d: -f3`
echo "dn: cn=$CN,ou=groups,$SUFFIX" >> $LDIF
echo "objectClass: posixGroup" >> $LDIF
echo "cn: $CN" >> $LDIF
echo "gidNumber: $GID" >> $LDIF
users=`echo $line | cut -d: -f4 | sed "s/,/ /g"`
for user in ${users} ; do
echo "memberUid: ${user}" >> $LDIF
done
echo >> $LDIF
done
sh ldapgroup.sh
[root@dir ~]# ldapadd -x -D cn=admin,dc=server,dc=world -W -f ldapgroup.ldif
Enter LDAP Password: # LDAP admin password
adding new entry "cn=cent,ou=groups,dc=server,dc=world" adding new entry "cn=fedora,ou=groups,dc=server,dc=world" adding new entry "cn=ubuntu,ou=groups,dc=server,dc=world" adding new entry "cn=debian,ou=groups,dc=server,dc=world" adding new entry "cn=fermi,ou=groups,dc=server,dc=world" |
| [5] | If you'd like to delete User or Group in LDAP, Do as below. |
| [root@dir ~]#
ldapdelete -x -W -D 'cn=admin,dc=server,dc=world' "uid=cent,ou=people,dc=server,dc=world"
Enter LDAP Password: [root@dir ~]# ldapdelete -x -W -D 'cn=admin,dc=server,dc=world' "cn=cent,ou=groups,dc=server,dc=world"
Enter LDAP Password: |
资源引自 http://www.server-world.info/en/note?os=CentOS_6&p=ldap
相关推荐
CentOS 7 OpenLDAP 主从配置 OpenLDAP 是一个开源的轻量级目录访问协议(LDAP)实现,广泛应用于身份验证、授权和目录服务等领域。下面详细介绍 CentOS 7 环境下 OpenLDAP 的主从配置。 OpenLDAP 主从配置环境 在...
centos环境 openldap环境搭建与配置
根据提供的文件信息,我们可以归纳出在CentOS 6.5环境下安装并配置OpenLDAP的一系列步骤及相关的知识点。以下是对这些知识点的详细说明: ### 安装基础软件 #### YUM 安装必要组件 首先,通过YUM(Yellowdog ...
本文部分信息由于时间和版本关系出现差异,请大家根据自己实际...另外本文基于Centos6.5/Centos7架设并成功运用,大家根据实际操作系统版本适当进行调整; 有需要的,大家有分用分下,没分的联络我通过其他方式提供。
Centos下安装OpenLdap
在CentOS 7上安装和配置OpenLDAP,涉及到多个步骤,其中包括使用LDIF(Lightweight Directory Interchange Format)文件来定义目录结构和数据。LDIF文件是一种文本格式,用于导入和导出LDAP目录数据。 首先,我们来...
### CentOS6.2 下 OpenLDAP 安装与配置详解 #### 一、OpenLDAP简介 OpenLDAP 是一个开源实现的轻量级目录访问协议(Lightweight Directory Access Protocol, LDAP)服务器套件,常用于集中管理和分发组织内各种资源...
### CentOS 6.7 OpenLDAP 主从配置详解 #### 系统环境信息 - **操作系统**: CentOS release 6.7 - **环境准备**: - 关闭防火墙: `/etc/init.d/iptables stop && chkconfig iptables off` - 关闭 NetworkManager:...
本文档主要讲述了如何在CentOS 7环境下安装OpenLDAP和Phpldapadmin,以及在安装过程中遇到的问题和解决方案。下面将详细阐述相关的知识点。 1. OpenLDAP和Phpldapadmin介绍 OpenLDAP是一个开源的轻量级目录访问协议...
在CentOS 7.4上安装OpenLDAP是一个关键任务,涉及到构建一个轻量级目录访问协议(LDAP)服务器,用于高效地存储和管理用户、组和其他目录相关的信息。以下是对安装过程的详细解释: 首先,确保系统环境符合要求。在...
### Centos7 安装配置OpenLdap服务端及phpadmin #### 一、概述 在CentOS 7环境中配置OpenLDAP服务器是一项重要的任务,它能够为企业或组织提供统一的身份验证服务,帮助管理员集中管理用户的账号信息。本文将详细...
环境:centos6.4 openldap 2.4.23 实践: 1.openldap安装配置 2.客户端配置 3.sudo的支持 4.漫游用户主目录配置 5.用户更改密码 6.安全加密 7.主从复制 8.权限控制
db-4.7.25.tar.gz freetype-2.3.5.tar.gz ft254.zip gd-2.0.35.tar.gz gettext-0.16.1.tar.gz httpd-2.4.10.tar.gz jpegsrc.v6b.tar.gz ...包含上述安装包,都是源码包,通过编译安装,在CentOs5.0下运行通过
本文将深入探讨如何在CentOS7操作系统上安装和配置OpenLDAP服务器,以及如何利用phpLDAPadmin进行图形化管理,并通过Java LDAP API与LDAP服务器交互。 首先,我们来了解OpenLDAP。OpenLDAP是一个实现LDAP协议的开源...
《Hue 4.10.0 在 CentOS 7.9 上的安装与部署详解》 Hue 是一个开源的数据浏览和交互工具,主要用于 Hadoop 生态系统,它提供了直观的 Web 界面,使得用户无需编写代码即可进行数据查询、分析和管理。本篇将详细...
2. **安装LDAP软件包**:接下来,安装OpenLDAP软件包,这包含了LDAP服务器所需的组件。 ``` sudo yum install openldap openldap-servers openldap-clients ``` 3. **初始化LDAP数据库**:创建默认的配置并启动服务...
此文件为centos7部署openldap全过程的日志文件,非常详细,照此操作基本无误 ######################################## #### OS:CentOS Linux release 7.3.1611 (Core) #### db:berkeleydb-5.1.29 #### lpad:...