Centos 6.5 openldap 구축
$ yum install -y openldap openldap-servers openldap-clients openldap-devel
# openldap
$ /etc/init.d/openldap start
2 、 설정 전 준비
# openldap
$ ls /etc/openldap/
certs check_password.conf ldap.conf schema slapd.d
#
$ cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
#
$ cp -a /etc/openldap/slapd.d{,.bak} && rm -rf /etc/openldap/slapd.d/*
# /etc/openldap/slapd.d/
$ slaptest -u
$ slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
$ chown -R ldap.ldap /etc/openldap/slapd.d
3. openldap 설정
# openldap slapd.conf
# ldap admin
$ slappasswd -s 123456
{SSHA}4l73bzaYLHmgnfof5uEmA6G9LaCy+h8S
# slapd.conf
$ egrep -v "#|^$" /etc/openldap/slapd.conf
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
# ,
database config
access to *
by self write
by anonymous auth
by * read
database bdb
#
suffix "dc=example,dc=com"
checkpoint 1024 15
#
rootdn "cn=admin,dc=example,dc=com"
rootpw {SSHA}4l73bzaYLHmgnfof5uEmA6G9LaCy+h8S
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
4. openldap 시작
$ /etc/init.d/openldap restart
#
$ ss -tnl | grep 389
LISTEN 0 128 :::389 :::*
LISTEN 0 128 *:389 *:*
5. 사용자 와 그룹 추가
# migrationtools ( openldap ldif )
$ yum install migrationtools -y
#
$ ls /usr/share/migrationtools
migrate_aliases.pl migrate_all_nisplus_offline.sh migrate_base.pl migrate_netgroup_byhost.pl migrate_profile.pl
migrate_all_netinfo_offline.sh migrate_all_nisplus_online.sh migrate_common.ph migrate_netgroup_byuser.pl migrate_protocols.pl
migrate_all_netinfo_online.sh migrate_all_offline.sh migrate_fstab.pl migrate_netgroup.pl migrate_rpc.pl
migrate_all_nis_offline.sh migrate_all_online.sh migrate_group.pl migrate_networks.pl migrate_services.pl
migrate_all_nis_online.sh migrate_automount.pl migrate_hosts.pl migrate_passwd.pl migrate_slapd_conf.pl
#
$ vim /usr/share/migrationtools/migrate_common.pl
71 $DEFAULT_MAIL_DOMAIN = "example.com";
74 $DEFAULT_BASE = "dc=example,dc=com";
# base.ldif ldap
$ /usr/share/migrationtools/migrate_base.pl > base.ldif
$ cat base.ldif
1 dn: dc=example,dc=com
2 dc: example
3 objectClass: top
4 objectClass: domain
5
6 dn: ou=People,dc=example,dc=com
7 ou: People
8 objectClass: top
9 objectClass: organizationalUnit
10
11 dn: ou=Group,dc=example,dc=com
12 ou: Group
13 objectClass: top
14 objectClass: organizationalUnit
# base.ldif ldap , ldapadd
$ ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f base.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "ou=People,dc=example,dc=com"
adding new entry "ou=Group,dc=example,dc=com"
# test
$ useradd test
$ passwd test
# people.ldif group.ldif
$ grep test /etc/passwd > test_people
$ grep test /etc/group > test_group
$ /usr/share/migrationtools/migrate_passwd.pl test_people > people.ldif
$ /usr/share/migrationtools/migrate_group.pl test_group > group.ldif
#
$ cat people.ldif
dn: uid=test,ou=People,dc=example,dc=com
uid: test
cn: test
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!!
shadowLastChange: 17281
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/test
$cat group.ldif
dn: cn=test,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: test
userPassword: {crypt}x
gidNumber: 500
# ldif ldap
$ ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f people.ldif
Enter LDAP Password:
adding new entry "uid=test,ou=People,dc=example,dc=com"
$ ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f group.ldif
Enter LDAP Password:
adding new entry "cn=test,ou=Group,dc=example,dc=com"
#
$ ldapsearch -x -D "cn=admin,dc=example,dc=com" -W -b "dc=example,dc=com"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
# People, example.com
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
# Group, example.com
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
# test, People, example.com
dn: uid=test,ou=People,dc=example,dc=com
uid: test
cn: test
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSEh
shadowLastChange: 17281
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/test
# test, Group, example.com
dn: cn=test,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: test
userPassword:: e2NyeXB0fXg=
gidNumber: 500
# search result
search: 2
result: 0 Success
# numResponses: 6
# numEntries: 5
현재 만 든 test 사용 자 를 ldap 에 가 져 왔 습 니 다.
openldap 클 라 이언 트 구축:http://jerry12356.blog.51cto.com/4308715/1851933
이 중 작은 문제 가 발생 했 습 니 다. "8. authconfig 명령 으로 nslcd 를 시작 합 니 다" 이후 에 도 su 명령 을 통 해 전환 할 수 없습니다. 집 디 렉 터 리 가 없 음 을 표시 합 니 다. 이 때 "5. 설정 / etc / pam. d / system - auth" 를 다시 실행 하면 해결 할 수 있 습 니 다.
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
CentOS7에서 Openldap 빌드 - 3. LDAP 클라이언트 설정 절차LDAP 로그인을 적용하고 싶은 서버에 대해 SSH와 LDAP 로그인을 설정합니다. 로 LDAP 서버를 구축했으므로 그 계속이 됩니다. 또한 LDAP 계정을 가진 사람이 각자 GUI에서도 암호 변경할 수 있도록, u...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.