|
|
环境:
系统:CentOS 6.7
openldap:2.4.40
安装:
1、导入epel源
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm –ivh epel-release-6-8.noarch.rpm
2、安装openldap
yum -y install openldap openldap-*
3、配置openldap,包括准备DB_CONFIG和slapd.conf
cd /etc/openldap/
cp /usr/share/openldap-servers/slapd.conf.obsolete slapd.conf
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
设置管理员密码:
slappasswd -s 123456
{SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
4、修改slapd.conf,主要配置dc和rootpw,rootpw配置为上述步骤中的密码
database bdb
suffix "dc=beyondh,dc=org"
checkpoint 1024 15
rootdn "cn=admin,dc=beyondh,dc=org"
rootpw {SSHA}2TuB7EJeC1pUXDrGoxY1qqKg3ScgAvFC
5、修改目录权限
chown -R ldap:ldap /etc/openldap/
chown -R ldap:ldap /var/lib/ldap/
6、启动slapd服务
/etc/init.d/slapd start 注意一定要先启动slapd服务,第7部测试的时候才不会报错,提示某数据库文件不存在,只有启动服务后才能生产该文件。
7、测试
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
config file testing succeeded
8、安装migrationtools
yum install migrationtools -y
9、编辑/usr/share/migrationtools/migrate_common.ph并修改相关配置
vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "beyondh.org";
$DEFAULT_BASE = "dc=beyondh,dc=org";
10、生成base.ldif、passwd.ldif、group.ldif文件
/usr/share/migrationtools/migrate_base.pl > /tmp/base.ldif
/usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif
/usr/share/migrationtools/migrate_group.pl /etc/group > /tmp/group.ldif
ls /tmp/
base.ldif group.ldif passwd.ldif
11、导入base.ldif、passwd.ldif、group.ldif文件
[root@localhost openldap]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/base.ldif
[root@localhost migrationtools]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/group.ldif
[root@localhost migrationtools]# ldapadd -x -D "cn=admin,dc=beyondh,dc=org" -W -f /tmp/passwd.ldif 需要输入管理员密码
12、测试数据导入是否成功
[root@localhost openldap]# ldapsearch -LLL -W -x -H ldap://beyondh.org -D "cn=admin,dc=beyondh,dc=org" -b "dc=beyondh,dc=org"
Enter LDAP Password:
dn: dc=beyondh,dc=org
dc: beyondh
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=beyondh,dc=org
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=beyondh,dc=org
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=beyondh,dc=org
ou: Services
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=beyondh,dc=org
nisMapName: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=beyondh,dc=org
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=beyondh,dc=org
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=beyondh,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=beyondh,dc=org
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=beyondh,dc=org
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=beyondh,dc=org
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=beyondh,dc=org
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=beyondh,dc=org
nisMapName: netgroup.byhost
objectClass: top
objectClass: nisMap
13、安装httpd及PhpLdapAdmin
yum -y install httpd phpldapadmin
14、 配置/etc/httpd/conf.d/phpldapadmin.conf允许从远程访问
<Directory /usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Allow from all
</Directory>
15、修改/etc/phpldapadmin/config.PHP配置用DN登录,
在397行,将
// $servers->setValue('login','attr','dn');
$servers->setValue('login','attr','uid'); 改成
$servers->setValue('login','attr','dn');
//$servers->setValue('login','attr','uid');
16启动httpd
/etc/init.d/httpd start
17、访问ldapadmin
http://$ip/ldapadmin
18、开启日志功能
编辑/etc/rsyslog.conf 文件,加入下面一行
local4.* /var/log/openldap.log
编辑/etc/openldap/slapd.conf文件,加入下面两行
loglevel 296
cachesize 1000
重启rsyslog服务和slapd服务
/etc/init.d/rsyslog restart
/etc/init.d/slapd restart
ls -l /var/log/openldap.log
-rw------- 1 root root 216 Mar 23 15:46 /var/log/openldap.log
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-4-23 09:34:59
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡