openldap 搭建

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了openldap 搭建相关的知识,希望对你有一定的参考价值。

  • 和上次的不同:用rpm安装,且不用mysql做后端。

1. 软件安装:

yum -y install openldap-servers openldap-clients openldap openldap-devel migrationtools

2. 修改配置文件: /etc/openldap/slapd.conf (可以从 /usr/share/openldapservers/ 下面获取模板),去掉注释,就剩下面这些了:

include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema
allow bind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
loglevel	257
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\\"OpenLDAP Server\\""
TLSCertificateKeyFile /etc/openldap/certs/password
database config
access to *
	by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
	by * none
database monitor
access to *
	by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=Manager,dc=my-domain,dc=com" read
        by * none
database	bdb
suffix		"dc=dns,dc=com,dc=cn"
checkpoint	1024 15
rootdn		"cn=Manager,dc=dns,dc=com,dc=cn"
rootpw		secret
directory	/var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
  • 复制数据库文件:
  • cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG;chown ldap:ldap /var/lib/ldap -R

3.导入base.ldif  (这一步很关键,我TM因为这个卡了半天)

  •  去 /usr/share/migrationtools/ , 修改 migrate_common.ph
  • 技术分享

     

  • 执行脚本:./migrate_base.pl > base.ldif
  • 编辑:base.ldif  (其实不编辑也可以,全部导入就好了)
dn: dc=dns,dc=com,dc=cn
dc: dns
objectClass: top
objectClass: domain

dn: ou=People,dc=dns,dc=com,dc=cn
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=dns,dc=com,dc=cn
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou
=Hosts,dc=dns,dc=com,dc=cn ou: Hosts objectClass: top objectClass: organizationalUnit
  • 导入ldap:
  • 执行:  ldapadd -D "cn=Manager,dc=dns,dc=com,dc=cn" -w secret -c -x -f base.lldif
  • 这基础就算弄好了

4. 后续导入账户:

  • 只要随便编写一个ldif文件,用上面导入base.ldif的方式导入就可以了。

 

以上是关于openldap 搭建的主要内容,如果未能解决你的问题,请参考以下文章

OpenLDAP平台搭建

10-openldap同步原理

openldap 搭建

Centos7 搭建openldap完整详细教程(真实可用)

Openldap服务端centos7搭建过程

Kuberneters 搭建openLDAP