openldap 搭建
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了openldap 搭建相关的知识,希望对你有一定的参考价值。
- 和上次的不同:用rpm安装,且不用mysql做后端。
1. 软件安装:
yum -y install openldap-servers openldap-clients openldap openldap-devel migrationtools
2. 修改配置文件: /etc/openldap/slapd.conf (可以从 /usr/share/openldapservers/ 下面获取模板),去掉注释,就剩下面这些了:
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args loglevel 257 TLSCACertificatePath /etc/openldap/certs TLSCertificateFile "\\"OpenLDAP Server\\"" TLSCertificateKeyFile /etc/openldap/certs/password database config access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none database monitor access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact="cn=Manager,dc=my-domain,dc=com" read by * none database bdb suffix "dc=dns,dc=com,dc=cn" checkpoint 1024 15 rootdn "cn=Manager,dc=dns,dc=com,dc=cn" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
- 复制数据库文件:
-
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG;chown ldap:ldap /var/lib/ldap -R
3.导入base.ldif (这一步很关键,我TM因为这个卡了半天)
- 去 /usr/share/migrationtools/ , 修改 migrate_common.ph
-
- 执行脚本:./migrate_base.pl > base.ldif
- 编辑:base.ldif (其实不编辑也可以,全部导入就好了)
dn: dc=dns,dc=com,dc=cn dc: dns objectClass: top objectClass: domain dn: ou=People,dc=dns,dc=com,dc=cn ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=dns,dc=com,dc=cn ou: Group objectClass: top objectClass: organizationalUnit
dn: ou=Hosts,dc=dns,dc=com,dc=cn ou: Hosts objectClass: top objectClass: organizationalUnit
- 导入ldap:
- 执行: ldapadd -D "cn=Manager,dc=dns,dc=com,dc=cn" -w secret -c -x -f base.lldif
- 这基础就算弄好了
4. 后续导入账户:
- 只要随便编写一个ldif文件,用上面导入base.ldif的方式导入就可以了。
以上是关于openldap 搭建的主要内容,如果未能解决你的问题,请参考以下文章