1、安装openldap(版本openldap-2.4.40-16.el6.x86_64)
$yuminstall-yopenldapopenldap-serversopenldap-clientsopenldap-devel #启动openldap $/etc/init.d/openldapstart
2、配置前准备
#openldap配置文件 $ls/etc/openldap/ certscheck_password.confldap.confschemaslapd.d #复制服务端配置文件 $cp/usr/share/openldap-servers/slapd.conf.obsolete/etc/openldap/slapd.conf #备份配置文件 $cp-a/etc/openldap/slapd.d{,.bak}&&rm-rf/etc/openldap/slapd.d/* #重新生成/etc/openldap/slapd.d/下的文件 $slaptest-u $slaptest-f/etc/openldap/slapd.conf-F/etc/openldap/slapd.d $chown-Rldap.ldap/etc/openldap/slapd.d
3、配置openldap
#openldap的配置文件为slapd.conf #先生成ldap的admin的密码 $slappasswd-s123456 {SSHA}4l73bzaYLHmgnfof5uEmA6G9LaCy+h8S #修改slapd.conf $egrep-v"#|^$"/etc/openldap/slapd.conf include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allowbind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificatePath/etc/openldap/certs TLSCertificateFile"\"OpenLDAPServer\"" TLSCertificateKeyFile/etc/openldap/certs/password #数据库配置,供测试使用 databaseconfig accessto* byselfwrite byanonymousauth by*read database bdb #设置域和组织名称 suffix "dc=example,dc=com" checkpoint 102415 #设置管理员账号和密码 rootdn "cn=admin,dc=example,dc=com" rootpw {SSHA}4l73bzaYLHmgnfof5uEmA6G9LaCy+h8S directory /var/lib/ldap indexobjectClasseq,pres indexou,cn,mail,surname,givennameeq,pres,sub indexuidNumber,gidNumber,loginShelleq,pres indexuid,memberUideq,sub indexnisMapName,nisMapEntryeq,sub
4、启动openldap
$/etc/init.d/openldaprestart #查看端口已启动 $ss-tnl|grep389 LISTEN0128:::389:::* LISTEN0128*:389*:*
#安装migrationtools软件包(将本地用户写入openldap可读的ldif文件) $yuminstallmigrationtools-y #软件路径 $ls/usr/share/migrationtools migrate_aliases.plmigrate_all_nisplus_offline.shmigrate_base.plmigrate_netgroup_byhost.plmigrate_profile.pl migrate_all_netinfo_offline.shmigrate_all_nisplus_online.shmigrate_common.phmigrate_netgroup_byuser.plmigrate_protocols.pl migrate_all_netinfo_online.shmigrate_all_offline.shmigrate_fstab.plmigrate_netgroup.plmigrate_rpc.pl migrate_all_nis_offline.shmigrate_all_online.shmigrate_group.plmigrate_networks.plmigrate_services.pl migrate_all_nis_online.shmigrate_automount.plmigrate_hosts.plmigrate_passwd.plmigrate_slapd_conf.pl #修改域名 $vim/usr/share/migrationtools/migrate_common.pl 71$DEFAULT_MAIL_DOMAIN="example.com"; 74$DEFAULT_BASE="dc=example,dc=com"; #生成base.ldif文件并导入到ldap中 $/usr/share/migrationtools/migrate_base.pl>base.ldif $catbase.ldif 1dn:dc=example,dc=com 2dc:example 3objectClass:top 4objectClass:domain 5 6dn:ou=People,dc=com 7ou:People 8objectClass:top 9objectClass:organizationalUnit 10 11dn:ou=Group,dc=com 12ou:Group 13objectClass:top 14objectClass:organizationalUnit #把修改好的base.ldif导入到ldap中,通过使用ldapadd命令来完成 $ldapadd-x-D"cn=admin,dc=com"-W-fbase.ldif EnterLDAPPassword: addingnewentry"dc=example,dc=com" addingnewentry"ou=People,dc=com" addingnewentry"ou=Group,dc=com" #新建用户test并设置密码 $useraddtest $passwdtest #生成people.ldif和group.ldif $greptest/etc/passwd>test_people $greptest/etc/group>test_group $/usr/share/migrationtools/migrate_passwd.pltest_people>people.ldif $/usr/share/migrationtools/migrate_group.pltest_group>group.ldif #查看生成的文件 $catpeople.ldif dn:uid=test,ou=People,dc=com uid:test cn:test objectClass:account objectClass:posixAccount objectClass:top objectClass:shadowAccount userPassword:{crypt}!! shadowLastChange:17281 shadowMin:0 shadowMax:99999 shadowWarning:7 loginShell:/bin/bash uidNumber:500 gidNumber:500 homeDirectory:/home/test $catgroup.ldif dn:cn=test,ou=Group,dc=com objectClass:posixGroup objectClass:top cn:test userPassword:{crypt}x gidNumber:500 #导入ldif文件到ldap中 $ldapadd-x-D"cn=admin,dc=com"-W-fpeople.ldif EnterLDAPPassword: addingnewentry"uid=test,dc=com" $ldapadd-x-D"cn=admin,dc=com"-W-fgroup.ldif EnterLDAPPassword: addingnewentry"cn=test,dc=com" #查看 $ldapsearch-x-D"cn=admin,dc=com"-W-b"dc=example,dc=com" EnterLDAPPassword: #extendedLDIF # #LDAPv3 #base<dc=example,dc=com>withscopesubtree #filter:(objectclass=*) #requesting:ALL # #example.com dn:dc=example,dc=com dc:example objectClass:top objectClass:domain #People,example.com dn:ou=People,dc=com ou:People objectClass:top objectClass:organizationalUnit #Group,example.com dn:ou=Group,dc=com ou:Group objectClass:top objectClass:organizationalUnit #test,People,example.com dn:uid=test,dc=com uid:test cn:test objectClass:account objectClass:posixAccount objectClass:top objectClass:shadowAccount userPassword::e2NyeXB0fSEh shadowLastChange:17281 shadowMin:0 shadowMax:99999 shadowWarning:7 loginShell:/bin/bash uidNumber:500 gidNumber:500 homeDirectory:/home/test #test,Group,example.com dn:cn=test,dc=com objectClass:posixGroup objectClass:top cn:test userPassword::e2NyeXB0fXg= gidNumber:500 #searchresult search:2 result:0Success #numResponses:6 #numEntries:5
现已将创建的test用户导入到ldap中
openldap客户端搭建:http://www.jb51.cc/article/p-vguvosoy-bqd.html
其中遇到一个小问题,在“8、使用authconfig命令启动nslcd”后仍然不能通过su命令进行切换,显示没有家目录,这时候,再重新执行“5、配置/etc/pam.d/system-auth”就可以解决。
原文链接:https://www.f2er.com/centos/377817.html