碼上歡樂
相關內容    簡體    繁體

Centos7安裝Openldap初級篇

本文轉載自   查看原文   2018-06-06 15:12   1431    Linux-運維

openldap 單節點編譯安裝

1、獲取源碼包

#下載Berkeley DB
 www.oracle.com/technetwork/database/database-technologies/berkeleydb/
 #下載OpenLDAP
 www.openldap.org/software/download
#安裝依賴
yum install openssl-devel gcc libtool-ltdl-devel

2、編譯安裝Berkeley DB

#解壓        
tar zxvf db-5.3.28.tar.gz
cd db-5.3.28
#編譯
cd build_unix/
../dist/configure --prefix=/usr/local/bd-5.3.28
make && make install

3、編譯安裝openldap

#解壓
tar zxvf openldap-2.4.46.tgz 
cd  openldap-2.4.46
#編譯
./configure --prefix=/usr/local/openldap --enable-wrappers --enable-syslog --enable-modules --with-tls=openssl CPPFLAGS="-I/usr/local/bd-5.3.28/include" LDFLAGS="-L/usr/local/bd-5.3.28/lib -Wl,-rpath,/usr/local/bd-5.3.28/lib"

make && make install

4、修改配置

cd /usr/local/openldap/etc/openldap &&  mv DB_CONFIG.example  DB_CONFIG
cd /usr/local/openldap/var/openldap-data && mv DB_CONFIG.example  DB_CONFIG
ln -s /usr/local/openldap/bin/* /usr/bin/
ln -s /usr/local/openldap/sbin/* /usr/sbin/
#啟動
/usr/local/openldap/libexec/slapd

Yum安裝方式

yum install openldap-servers openldap-clients

 

服務端初始化

cn=config語法 (語法嚴格“:”后必須有空格,每行必須沒有空格)

dn:
changetype: modify
add/delete/replace:
olcRootPW: ********
objectClass:

1、設置Openldap-server的管理密碼:

命令:slappasswd
slapdpasswd:123456
{SSHA}KLfXV8ipw55AY0bwcZGDZX7JQENgUaWs

2、創建密碼:

cat << EOF | ldapadd -Y EXTERNAL -H ldapi:///
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}l9gQmGTK9TsC7SUQpVOpm/aimoYYdPd3
EOF

3、導入常用的schema文件:

ldapadd -Y EXTERNAL  -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
ldapadd -Y EXTERNAL  -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif 
ldapadd -Y EXTERNAL  -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif 
ldapadd -Y EXTERNAL  -H ldapi:/// -f /etc/openldap/schema/nis.ldif 
ldapadd -Y EXTERNAL  -H ldapi:/// -f /etc/openldap/schema/dyngroup.ldif

4、設置域名:

cat << EOF | ldapadd -Y EXTERNAL -H ldapi://
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth" read by dn.base="cn=Manager,dc=suixingpay,dc=com" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=suixingpay,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=suixingpay,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}KLfXV8ipw55AY0bwcZGDZX7JQENgUaWs
EOF

5、設置組織架構

cat << EOF | ldapadd -x -D cn=Manager,dc=suixingpay,dc=com -W 
dn: dc=suixingpay,dc=com
objectClass: dcObject
objectClass: organization
dc: suixingpay
o: suixingpay.com

dn: ou=研發中心,dc=suixingpay,dc=com
objectClass: organizationalUnit
objectClass: top
ou: 研發中心

dn: ou=運維部,ou=研發中心,dc=suixingpay,dc=com
objectClass: organizationalUnit
objectClass: top
ou: 運維部

dn: cn=Manager,dc=suixingpay,dc=com
objectClass: organizationalRole
cn: Manager

dn: cn=應用運維組,ou=運維部,ou=研發中心,dc=suixingpay,dc=com
objectClass: posixGroup
cn: 應用運維組
gidNumber: 1010
EOF

6、添加用戶

cat << EOF | ldapadd -x -D cn=Manager,dc=suixingpay,dc=com -W 
dn: uid=zhai_kun,ou=運維部,ou=研發中心,dc=suixingpay,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
homeDirectory: /home/zhai_kun
userPassword: {SSHA}l9gQmGTK9TsC7SUQpVOpm/aimoYYdPd3
loginShell: /bin/bash
cn: 應用運維組
uidNumber: 1000
gidNumber: 1010
sn: System Administrator
mail: zhai_kun@suixingpay.com
postalAddress: beijing
mobile: 18810099484
EOF

centons 7 客戶端部署

1、安裝

yum install nss-pam-ldapd -y

2、authconfig備份還原

 

authconfig --savebackup=openldap.bak (備份)

 

authconfig --restorebackup=openldap.bak (還原)

3、配置

authconfig  --enableldap  --enableldapauth --ldapserver=ldap://172.16.138.87  --disableldaptls --enablemkhomedir  --ldapbasedn="dc=suixingpay,dc=com" --update

4、驗證

id zhai_kun
getent passwd zhai_kun
getent shadow zhai_kun

5、登錄

[root@openldap02 ~]# ssh zhai_kun@172.16.138.88
The authenticity of host '172.16.138.88 (172.16.138.88)' can't be established.
ECDSA key fingerprint is dc:b1:7f:2e:01:69:71:6d:5d:50:d6:c7:8b:5c:a6:57.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.138.88' (ECDSA) to the list of known hosts.
zhai_kun@172.16.138.88's password: 
Last login: Wed Jun  6 01:56:31 2018 from 172.16.40.86
/usr/bin/id: cannot find name for group ID 1010
[zhai_kun@openldap02 ~]$

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Centos7安裝OpenLDAP Centos7 下Yum安裝OpenLdap CentOS7安裝OpenLDAP+MySQL+PHPLDAPadmin OpenLDAP on Centos7 centos7 安裝OpenLDAP服務 配置SSL證書 Centos7下安裝OpenLDAP+Phpldapadmin及主主同步 Centos7 Openldap主從配置 CentOS6.5安裝openLdap centos7成功部署OpenLDAP Configure LDAP Server(centos7 openldap)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM