Centos 6.5 搭建openldap

前端之家收集整理的这篇文章主要介绍了Centos 6.5 搭建openldap前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

1、安装openldap(版本openldap-2.4.40-16.el6.x86_64)

$yuminstall-yopenldapopenldap-serversopenldap-clientsopenldap-devel

#启动openldap
$/etc/init.d/openldapstart


2、配置前准备

#openldap配置文件
$ls/etc/openldap/
certscheck_password.confldap.confschemaslapd.d

#复制服务端配置文件
$cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.conf

#备份配置文件
$cp-a/etc/openldap/slapd.d{,.bak}&&rm-rf/etc/openldap/slapd.d/*

#重新生成/etc/openldap/slapd.d/下的文件
$slaptest-u
$slaptest-f/etc/openldap/slapd.conf-F/etc/openldap/slapd.d
$chown-Rldap.ldap/etc/openldap/slapd.d


3、配置openldap

#openldap的配置文件为slapd.conf
#先生成ldap的admin的密码
$slappasswd-s123456
{SSHA}4l73bzaYLHmgnfof5uEmA6G9LaCy+h8S

#修改slapd.conf
$egrep-v"#|^$"/etc/openldap/slapd.conf
include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema
allowbind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
TLSCACertificatePath/etc/openldap/certs
TLSCertificateFile"\"OpenLDAPServer\""
TLSCertificateKeyFile/etc/openldap/certs/password

#数据库配置,供测试使用
databaseconfig
accessto*
	byselfwrite
	byanonymousauth
	by*read
database	bdb
#设置域和组织名称
suffix		"dc=example,dc=com"
checkpoint	102415
#设置管理员账号和密码
rootdn		"cn=admin,dc=example,dc=com"
rootpw		{SSHA}4l73bzaYLHmgnfof5uEmA6G9LaCy+h8S

directory	/var/lib/ldap
indexobjectClasseq,pres
indexou,cn,mail,surname,givennameeq,pres,sub
indexuidNumber,gidNumber,loginShelleq,pres
indexuid,memberUideq,sub
indexnisMapName,nisMapEntryeq,sub


4、启动openldap

$/etc/init.d/openldaprestart

#查看端口已启动
$ss-tnl|grep389
LISTEN0128:::389:::*
LISTEN0128*:389*:*


5、添加用户和组

#安装migrationtools软件包(将本地用户写入openldap可读的ldif文件)
$yuminstallmigrationtools-y

#软件路径
$ls/usr/share/migrationtools
migrate_aliases.plmigrate_all_nisplus_offline.shmigrate_base.plmigrate_netgroup_byhost.plmigrate_profile.pl
migrate_all_netinfo_offline.shmigrate_all_nisplus_online.shmigrate_common.phmigrate_netgroup_byuser.plmigrate_protocols.pl
migrate_all_netinfo_online.shmigrate_all_offline.shmigrate_fstab.plmigrate_netgroup.plmigrate_rpc.pl
migrate_all_nis_offline.shmigrate_all_online.shmigrate_group.plmigrate_networks.plmigrate_services.pl
migrate_all_nis_online.shmigrate_automount.plmigrate_hosts.plmigrate_passwd.plmigrate_slapd_conf.pl

#修改域名
$vim/usr/share/migrationtools/migrate_common.pl
71$DEFAULT_MAIL_DOMAIN="example.com";

74$DEFAULT_BASE="dc=example,dc=com";

#生成base.ldif文件并导入到ldap中
$/usr/share/migrationtools/migrate_base.pl>base.ldif
$catbase.ldif
1dn:dc=example,dc=com
2dc:example
3objectClass:top
4objectClass:domain
5
6dn:ou=People,dc=com
7ou:People
8objectClass:top
9objectClass:organizationalUnit
10
11dn:ou=Group,dc=com
12ou:Group
13objectClass:top
14objectClass:organizationalUnit

#把修改好的base.ldif导入到ldap中,通过使用ldapadd命令来完成
$ldapadd-x-D"cn=admin,dc=com"-W-fbase.ldif
EnterLDAPPassword:
addingnewentry"dc=example,dc=com"

addingnewentry"ou=People,dc=com"

addingnewentry"ou=Group,dc=com"

#新建用户test并设置密码
$useraddtest
$passwdtest

#生成people.ldif和group.ldif
$greptest/etc/passwd>test_people
$greptest/etc/group>test_group
$/usr/share/migrationtools/migrate_passwd.pltest_people>people.ldif
$/usr/share/migrationtools/migrate_group.pltest_group>group.ldif

#查看生成文件
$catpeople.ldif
dn:uid=test,ou=People,dc=com
uid:test
cn:test
objectClass:account
objectClass:posixAccount
objectClass:top
objectClass:shadowAccount
userPassword:{crypt}!!
shadowLastChange:17281
shadowMin:0
shadowMax:99999
shadowWarning:7
loginShell:/bin/bash
uidNumber:500
gidNumber:500
homeDirectory:/home/test

$catgroup.ldif
dn:cn=test,ou=Group,dc=com
objectClass:posixGroup
objectClass:top
cn:test
userPassword:{crypt}x
gidNumber:500


#导入ldif文件到ldap中
$ldapadd-x-D"cn=admin,dc=com"-W-fpeople.ldif
EnterLDAPPassword:
addingnewentry"uid=test,dc=com"

$ldapadd-x-D"cn=admin,dc=com"-W-fgroup.ldif
EnterLDAPPassword:
addingnewentry"cn=test,dc=com"

#查看
$ldapsearch-x-D"cn=admin,dc=com"-W-b"dc=example,dc=com"
EnterLDAPPassword:
#extendedLDIF
#
#LDAPv3
#base<dc=example,dc=com>withscopesubtree
#filter:(objectclass=*)
#requesting:ALL
#

#example.com
dn:dc=example,dc=com
dc:example
objectClass:top
objectClass:domain

#People,example.com
dn:ou=People,dc=com
ou:People
objectClass:top
objectClass:organizationalUnit

#Group,example.com
dn:ou=Group,dc=com
ou:Group
objectClass:top
objectClass:organizationalUnit

#test,People,example.com
dn:uid=test,dc=com
uid:test
cn:test
objectClass:account
objectClass:posixAccount
objectClass:top
objectClass:shadowAccount
userPassword::e2NyeXB0fSEh
shadowLastChange:17281
shadowMin:0
shadowMax:99999
shadowWarning:7
loginShell:/bin/bash
uidNumber:500
gidNumber:500
homeDirectory:/home/test

#test,Group,example.com
dn:cn=test,dc=com
objectClass:posixGroup
objectClass:top
cn:test
userPassword::e2NyeXB0fXg=
gidNumber:500

#searchresult
search:2
result:0Success

#numResponses:6
#numEntries:5

现已将创建的test用户导入到ldap中


openldap客户端搭建:http://www.jb51.cc/article/p-vguvosoy-bqd.html

其中遇到一个小问题,在“8、使用authconfig命令启动nslcd”后仍然不能通过su命令进行切换,显示没有家目录,这时候,再重新执行“5、配置/etc/pam.d/system-auth”就可以解决

原文链接:https://www.f2er.com/centos/377817.html

猜你在找的CentOS相关文章