OpenLDAP installation tutorial

Others 2019-11-08 14:09:09 views: null

OpenLDAP installation tutorial

This article Original Address: https://sitoi.cn/posts/48217.html

OpenLDAP is installed on centos7

Preparing the Environment

Two virtual machines

node01 IP: 192.168.1.143 server end

node02 IP: 192.168.1.146 client end

Are closed and iptables firewall and selinux

Service end

step:

  1. Installation package
  2. File copy DB_CONFIG
  3. Setting directory permissions
  4. Create an LDAP administrator password
  5. Modify the configuration file (three)
  6. Start and set the boot slapd service
  7. Importing Basic Schema
  8. Importing files base.ldif
  9. Configuration migrationtools
  10. Introducing system users and groups
  11. Restart Service

Installation package

yum install openldap-servers openldap-clients migrationtools

File copy DB_CONFIG

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Setting directory permissions

chown -R ldap. /var/lib/ldap/

Create an LDAP administrator password

slappasswd

Enter twice to save the ciphertext

New password:
Re-enter new password:
{SSHA}AFU2R+sLzJgjUIoW1B5SxcTUdFcuncLz

Modify the configuration file (three)

vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 d30fb98e
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth" manage by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: 73e7786c-50fa-1038-9bfb-9bfcf0927062
creatorsName: cn=config
createTimestamp: 20180920082518Z
entryCSN: 20180920082518.739228Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20180920082518Z
olcRootPW: {SSHA}37kYCk8iLCmIrGnRvLc7XLAuPqftFUF/        # 添加该行(密码)
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 d41d7411
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=sitoi,dc=cn                                       # 更改dc
olcRootDN: cn=Manager,dc=sitoi,dc=cn                            # 更改dc
olcRootPW: {SSHA}37kYCk8iLCmIrGnRvLc7XLAuPqftFUF/               # 添加该行(密码)
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: 73e77fe2-50fa-1038-9bfd-9bfcf0927062
creatorsName: cn=config
createTimestamp: 20180920082518Z
entryCSN: 20180920082518.739419Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20180920082518Z
olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=Manager,dc=sitoi,dc=cn" write by anonymous auth by * none   # 添加该行
olcAccess: {1}to * by dn.base="cn=Manager,dc=sitoi,dc=cn" write by self write by * read                                      # 添加该行
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 261d1986
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth" read by dn.base="cn=Manager,dc=sitoi,dc=cn" read by * none    # 修改dc信息
structuralObjectClass: olcDatabaseConfig
entryUUID: 73e77bbe-50fa-1038-9bfc-9bfcf0927062
creatorsName: cn=config
createTimestamp: 20180920082518Z
entryCSN: 20180920082518.739313Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20180920082518Z

Start and set the boot slapd service

systemctl enable slapd.service
systemctl start slapd.service

Importing Basic Schema

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Importing files base.ldif

vim base.ldif
dn: dc=sitoi,dc=cn
objectClass: dcObject
objectClass: organization
dc: sitoi
o : sitoi

dn: ou=People,dc=sitoi,dc=cn
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=sitoi,dc=cn
objectClass: organizationalUnit
ou: Group

The import

ldapadd -x -D cn=Manager,dc=sitoi,dc=cn -w sitoi  -f base.ldif

Configuration migrationtools

vim /usr/share/migrationtools/migrate_common.ph

Change the following configuration

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "sitoi.cn";

# Default base
$DEFAULT_BASE = "dc=sitoi,dc=cn";

Introducing system users and groups

Pl script using the / etc / passwd and / etc / shadow generation LDAP can read the file format, saved in / tmp / under

/usr/share/migrationtools/migrate_base.pl > /tmp/base.ldif
/usr/share/migrationtools/migrate_passwd.pl /etc/passwd  > /tmp/passwd.ldif
/usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif

Import LDAP

You need to enter the administrator password

ldapadd -x -D "cn=Manager,dc=sitoi,dc=cn" -w sitoi -f /tmp/base.ldif
ldapadd -x -D "cn=Manager,dc=sitoi,dc=cn" -w sitoi -f /tmp/group.ldif
ldapadd -x -D "cn=Manager,dc=sitoi,dc=cn" -w sitoi -f /tmp/passwd.ldif

Restart Service

systemctl restart slapd

Client-side

ALL

Guess you like

Origin www.cnblogs.com/sitoi/p/11819556.html
Recommended
Ranking
ASP.NET Core storage session to get any value
Linux has disk space but shows insufficient inode usage in Linux
Oral English 433 Twenty English Words Every Day
The use of common transforms in Pytorch
It's Graduation Season II again
Introduction to OracleDB 6: Use DB LINK to clone non-CDB into CDB architecture
How the report generator FastReport .Net uses code to create reports
My Live Writer Plugin - insert monkey face
DCM's diagnostic services dispatcher (DSD) a Detailed
Java NullPointerException when using scanner.hasNext();
Daily
More
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)

Code World

© 2018 codetd.com