Openldap 鏁版嵁鍚屾
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Openldap 鏁版嵁鍚屾相关的知识,希望对你有一定的参考价值。
鏍囩锛?a href='http://www.mamicode.com/so/1/phrase' title='phrase'>phrase
idt 鏁版嵁鍚屾 new ide 鍖归厤 option inter 鎸囧畾 涓€銆佹暟鎹悓姝ユā寮?/p>refreshonly妯″紡
refreshandpersist妯″紡
ldap锛?89
ldaps锛?36
浜屻€丩DAP 鏁版嵁鍚屾
server绔疘P锛?72.16.216.157
[[email protected] ~]# cd /usr/local/openldap.2.4.46/etc/openldap/ [[email protected] openldap]# vim slapd.conf overlay syncprov #娣诲姞鐨勫唴瀹?syncprov-checkpoint 100 10 syncprov-sessionlog 100 access to * by dn="cn=Manager,dc=abcd,dc=com" by self write [[email protected] libexec]# ./slapd & [1] 24651
LDAP Client IP锛?72.16.216.158
[[email protected] ~]# cd /usr/local/openldap.2.4.46/etc/openldap/ [[email protected] openldap]# vim slapd.conf syncrepl rid=123 #璁惧畾涓绘満 IDsearchbase="dc=abcd,dc=com" #鎼滅储鏍圭洰褰?provider=ldap://172.16.216.157:389 #master涓籌P type=efreshonly #璁惧畾妯″紡涓烘媺 interval=00:00:00:05 #璁惧畾鏇存柊鏃堕棿 scope=sub #鍖归厤鏇寸洰褰曚笅鎵€鏈夋潯鐩?attrs="*,+" #澶嶅埗鎸囧畾灞炴€?schemachecking=off #鍚屾鏇存柊鏃舵槸鍚︽鏌chema涓€鑷存€?bindmethod=simple #浣跨敤simple璁よ瘉 binddn="cn=Manager,dc=abcd,dc=com" #璁よ瘉鐢ㄦ埛鍚?credentials=123456 #璁よ瘉瀵嗙爜 娉細:蹇呴』鍑虹幇鍦ㄩ厤缃枃浠朵腑 [[email protected] libexec]# ./slapd & [1] 25753
涓夈€丩DAPS 鏁版嵁鍚屾
鏈嶅姟绔厤缃細
[[email protected] openldap]# scp /opt/software/ca.crt [email protected]:/opt/software/ Warning: Permanently added '172.16.216.158' (ECDSA) to the list of known hosts. ca.crt 100% 1021 1.0KB/s 00:00 [[email protected] software]# cd /usr/local/openldap.2.4.46/etc/openldap/ [[email protected] openldap]# vim slapd.conf index objectClass eq TLSCACertificateFile /opt/software/ca.crt TLSCertificateFile /opt/software/server.crt TLSCertificateKeyFile /opt/software/server.key loglevel 4095 overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 access to * by dn="cn=Manager,dc=abcd,dc=com" by self write
瀹㈡埛绔厤缃細
[[email protected] ~]# cd /usr/local/openldap.2.4.46/etc/openldap/ [[email protected] openldap]# vim slapd.conf index objectClass eq TLSCACertificateFile /opt/software/ca.crt syncrepl rid=123 searchbase="dc=abcd,dc=com" provider=ldaps://abcd.com:636 type=refreshonly interval=00:00:00:05 scope=sub attrs="*,+" schemachecking=off bindmethod=simple binddn="cn=Manager,dc=abcd,dc=com" credentials=123456 [[email protected] ~]# vim /etc/hosts 172.16.216.157 abcd.com
refreshAndPersist 妯″紡
[[email protected] ~]# cd /usr/local/openldap.2.4.46/etc/openldap/ [[email protected] openldap]# vim slapd.conf index objectClass eq TLSCACertificateFile /opt/software/ca.crt syncrepl rid=123 searchbase="dc=abcd,dc=com" provider=ldaps://abcd.com:636 type=refreshAndPersist interval=00:00:00:05 scope=sub attrs="*,+" schemachecking=off bindmethod=simple binddn="cn=Manager,dc=abcd,dc=com" credentials=123456 [[email protected] openldap]# cd ../../libexec/ [[email protected] libexec]# ./slapd &
鍥涖€佹暟瀛楄瘉涔︾殑鐢熸垚
[[email protected] ~]# openssl genrsa -des3 -out ca.key 2048 Generating RSA private key, 2048 bit long modulus .......................................+++ ......................................................+++ e is 65537 (0x10001) Enter pass phrase for ca.key: Verifying - Enter pass phrase for ca.key: [[email protected] ~]# ll ca.key -rw-r--r-- 1 root root 1743 7鏈?nbsp; 20 23:38 ca.key
[[email protected] ~]# openssl req -new -x509 -key ca.key -out ca.crt -days 365 Enter pass phrase for ca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:jrgc Organizational Unit Name (eg, section) []:jrgc Common Name (eg, your name or your server's hostname) []:abcd.com Email Address []:[email protected] [[email protected] ~]# ll ca.* -rw-r--r-- 1 root root 1399 7鏈?nbsp; 20 23:45 ca.crt -rw-r--r-- 1 root root 1743 7鏈?nbsp; 20 23:38 ca.key [[email protected]ldap ~]# openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus ...........................................................+++ .+++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
[[email protected] ~]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Beijing Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:abcd Organizational Unit Name (eg, section) []:abcd Common Name (eg, your name or your server's hostname) []:abcd.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:123456 [[email protected] ~]# openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt Signature ok subject=/C=CN/ST=Beijing/L=BJ/O=abcd/OU=abcd/CN=abcd.com/[email protected] Getting CA Private Key Enter pass phrase for ca.key: [[email protected] ~]# ll *.key *.crt -rw-r--r-- 1 root root 1399 7鏈?nbsp; 20 23:45 ca.crt -rw-r--r-- 1 root root 1743 7鏈?nbsp; 20 23:38 ca.key -rw-r--r-- 1 root root 1281 7鏈?nbsp; 20 23:51 server.crt -rw-r--r-- 1 root root 1743 7鏈?nbsp; 20 23:47 server.key
以上是关于Openldap 鏁版嵁鍚屾的主要内容,如果未能解决你的问题,请参考以下文章
銆愯浆銆慔Base涓璟ookeeper锛孯egionServer锛孧aster锛孋lient涔嬮棿鍏崇郴