OpenLDAP installation tutorial
This article Original Address: https://sitoi.cn/posts/48217.html
OpenLDAP is installed on centos7
Preparing the Environment
Two virtual machines
node01 IP: 192.168.1.143 server end
node02 IP: 192.168.1.146 client end
Are closed and iptables firewall and selinux
Service end
step:
- Installation package
- File copy DB_CONFIG
- Setting directory permissions
- Create an LDAP administrator password
- Modify the configuration file (three)
- Start and set the boot slapd service
- Importing Basic Schema
- Importing files base.ldif
- Configuration migrationtools
- Introducing system users and groups
- Restart Service
Installation package
yum install openldap-servers openldap-clients migrationtools
File copy DB_CONFIG
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Setting directory permissions
chown -R ldap. /var/lib/ldap/
Create an LDAP administrator password
slappasswd
Enter twice to save the ciphertext
New password:
Re-enter new password:
{SSHA}AFU2R+sLzJgjUIoW1B5SxcTUdFcuncLz
Modify the configuration file (three)
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 d30fb98e
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" manage by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: 73e7786c-50fa-1038-9bfb-9bfcf0927062
creatorsName: cn=config
createTimestamp: 20180920082518Z
entryCSN: 20180920082518.739228Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20180920082518Z
olcRootPW: {SSHA}37kYCk8iLCmIrGnRvLc7XLAuPqftFUF/ # 添加该行(密码)
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 d41d7411
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=sitoi,dc=cn # 更改dc
olcRootDN: cn=Manager,dc=sitoi,dc=cn # 更改dc
olcRootPW: {SSHA}37kYCk8iLCmIrGnRvLc7XLAuPqftFUF/ # 添加该行(密码)
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: 73e77fe2-50fa-1038-9bfd-9bfcf0927062
creatorsName: cn=config
createTimestamp: 20180920082518Z
entryCSN: 20180920082518.739419Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20180920082518Z
olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=Manager,dc=sitoi,dc=cn" write by anonymous auth by * none # 添加该行
olcAccess: {1}to * by dn.base="cn=Manager,dc=sitoi,dc=cn" write by self write by * read # 添加该行
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 261d1986
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=Manager,dc=sitoi,dc=cn" read by * none # 修改dc信息
structuralObjectClass: olcDatabaseConfig
entryUUID: 73e77bbe-50fa-1038-9bfc-9bfcf0927062
creatorsName: cn=config
createTimestamp: 20180920082518Z
entryCSN: 20180920082518.739313Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20180920082518Z
Start and set the boot slapd service
systemctl enable slapd.service
systemctl start slapd.service
Importing Basic Schema
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
Importing files base.ldif
vim base.ldif
dn: dc=sitoi,dc=cn
objectClass: dcObject
objectClass: organization
dc: sitoi
o : sitoi
dn: ou=People,dc=sitoi,dc=cn
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=sitoi,dc=cn
objectClass: organizationalUnit
ou: Group
The import
ldapadd -x -D cn=Manager,dc=sitoi,dc=cn -w sitoi -f base.ldif
Configuration migrationtools
vim /usr/share/migrationtools/migrate_common.ph
Change the following configuration
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "sitoi.cn";
# Default base
$DEFAULT_BASE = "dc=sitoi,dc=cn";
Introducing system users and groups
Pl script using the / etc / passwd and / etc / shadow generation LDAP can read the file format, saved in / tmp / under
/usr/share/migrationtools/migrate_base.pl > /tmp/base.ldif
/usr/share/migrationtools/migrate_passwd.pl /etc/passwd > /tmp/passwd.ldif
/usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif
Import LDAP
You need to enter the administrator password
ldapadd -x -D "cn=Manager,dc=sitoi,dc=cn" -w sitoi -f /tmp/base.ldif
ldapadd -x -D "cn=Manager,dc=sitoi,dc=cn" -w sitoi -f /tmp/group.ldif
ldapadd -x -D "cn=Manager,dc=sitoi,dc=cn" -w sitoi -f /tmp/passwd.ldif
Restart Service
systemctl restart slapd