CentOS7 LDAP 2.4 安装配置

软件安装

# yum -y install openldap-servers openldap-clients

# systemctl start slapd

# systemctl enable slapd

 

密码修改

# slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxx

# vim chrootpw.ldif

# specify the password generated above for "olcRootPW" section

dn: olcDatabase={0}config,cn=config

changetype: modify

add: olcRootPW

olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx // copy above

# ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif

 

 

基础Schema导入

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

 

 Ldap域数据生成

vim chdomain.ldif

# less chdomain.ldif 
# replace to your own domain name for "dc=***,dc=***" section
dn:olcDatabase={2}hdb,cn=config
changetype:modify
replace:olcSuffix
olcSuffix:dc=cnicg,dc=cn

dn:olcDatabase={2}hdb,cn=config
changetype:modify
replace:olcRootDN
olcRootDN:cn=Manager,dc=cnicg,dc=cn

dn: olcDatabase={1}monitor,cn=config
changetype:modify
replace:olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=cnicg,dc=cn" read by * none

 

# ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

 

基础域数据

vim basedomain.ldif

# replace to your own domain name for "dc=***,dc=***" section

dn: dc=cnicg,dc=cn
objectClass: top
objectClass: dcObject
objectclass: organization
o: cnicg cn
dc: cnicg

 

dn: cn=Manager,dc=cnicg,dc=cn
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=cnicg,dc=cn
objectClass: organizationalUnit
ou: People
 
dn: ou=Group,dc=cnicg,dc=cn
objectClass: organizationalUnit
ou: Group

 

# ldapadd -x -D cn=Manager,dc=cnicg,dc=cn -W -f basedomain.ldif

 

posted @ 2017-06-26 17:40  Fatt  阅读(1963)  评论(0编辑  收藏  举报