安装LDAP用户认证
LDAP伺服器设定
1.安装 openldap-servers
yum -y install openldap openldap-devel openldap-servers
2.建立 LDAP 密码
slappasswd
New password:
Re-enter new password:
{SSHA}dKmbTeq19LgSL9tLKEiv7nyrkCJhaa83
设定密码
slappasswd -h {MD5}
3.设定slap.conf以下三个部份
vi /etc/openldap/slap.conf
先将预设的设定值加上#,把以下的规格全部放进来比较方便。
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/phpgwaccount.schema
include /etc/openldap/schema/phpgwcontact.schema
include /etc/openldap/schema/samba.schema.
database ldbm.
suffix "dc=server,dc=kh,dc=edu,dc=tw"
rootdn "cn=Manager,dc=domain,dc=kh,dc=edu, dc=tw"一般 cn 值是 Manager
rootpw {SSHA}dKmbTeq19LgSL9tLKEiv7nyrkCJhaa83 可为明码或加密码
4.透过档案传输(FTP)的方式,将原有的schema格式放到/etc/openldap/schema/
5.若要导入原有的domain.ldif 档案,记得检查是否关掉ldap,并且清空原先资料库档案
service slapd stop
rm -rf /var/lib/ldap/*
6.准备好后,导入之前的备份资料档案
slapadd -l 来源
slapadd -l /etc/openldap/domain.ldif
.导入后,记得修改资料库目录权限
chown -R ldap:ldap /var/lib/ldap/*
启动 LDAP 服务
service slapd start
用原domain.ldif内的使用者登入测试看看吧!