2.openldap安装

1.安装步骤如下

  1. 获取软件包
  2. 安装软件包(rpm或者源码编译)
  3. 生产openldap配置文件及数据库文件
  4. 配置
  5. 添加目录树条目
  6. 加载slapd进程
  7. 验证

2.所需安装包说明

  1. openldap,openldap-devel服务端和客户端必须用的库文件
  2. openldap-clients 用于查看和修改目录的命令行包
  3. openldap-servers 用于启动服务和设置,包含单独的ldap后台守护程序
  4. openldap-servers-sql 支持sql模块
  5. compat-openldap openldap兼容性库

3. 服务基本配置

  1. 设置主机名
  2. 关闭防火墙
  3. 关闭selinux
  4. 设置时间同步

5.安装

1. yum install  openldap-servers openldap-clients -y
2. yum install openldap openldap-devel compat-openldap -y

6.初始化配置

1. cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
2. cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
3. cd /etc/openldap
4. cp  -r slapd.d slapd.d.bak
5. rm -rf slapd.d/*
4. chown -R ldap.ldap /etc/openldap
5. chown -R ldap.ldap /var/lib/ldap

7. 修改slapd.conf

#slappasswd
输入密码
New password: 我就不告诉你
Re-enter new password: 我就不告诉你
{SSHA}我就不告诉你
#vim /etc/openldap/slapd.conf
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
database config
access to *
        by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
        by * none

database monitor
access to *
        by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=root,dc=liuyao,dc=com" read
        by * none
database        bdb
suffix          "dc=liuyao,dc=com"
checkpoint      1024 15
rootdn          "cn=root,dc=liuyao,dc=com"
rootpw        {SSHA}我就不告诉你
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

8.生成相关数据

#slaptest -f /etc/openldap/slapd.conf
config file testing succeeded
#slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
#chown -R ldap.ldap /etc/openldap

7. 日志配置

创建日志目录
#mkdir /var/log/slapd
授权
#chown ldap.ldap /var/log/slapd
替换日志等级
#sed -i "/local4.*/d" /etc/rsyslog.conf 
替换
#cat >> /etc/rsyslog.conf << EOF
> local4.* /var/log/slapd/slapd.log
> EOF
启动
#/etc/init.d/rsyslog start

8. 修改日志级别

#cat << EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype = modify
delete: olcLogLevel
olcLogLevel: 0
EOF

#cat << EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=config                 
changetype: modify
add: olcLogLevel
olcLogLevel: 32
EOF

9.启动

/etc/init.d/slapd start
netstat -tnlp | grep 389
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      1907/slapd

10.创建dn和ou

#cat dn.ldif 
内容如下
    dn: dc=liuyao,dc=com
    dc: liuyao
    objectclass: top
    objectclass: domain
#执行操作 需要输入密码 就是刚刚在上面生成的
ldapadd -xWD "cn=root,dc=liuyao,dc=com" -f  dn.ldif 

#cat ou.ldif
内容如下
    dn: ou=devops, dc=liuyao,dc=com
    changetype: add
    objectclass: top
    objectclass: organizationalUnit
    ou: devops
#执行操作 需要输入密码 就是刚刚在上面生成的
#ldapadd -xWD "cn=root,dc=liuyao,dc=com" -f ou.ldif

11. 查看dn和ou

# ldapsearch -x -LLL
dn: dc=liuyao,dc=com
dc: ixianlai
objectClass: top
objectClass: domain
    
dn: ou=devops,dc=liuyao,dc=com
objectClass: top
objectClass: organizationalUnit
ou: devops
posted @ 2017-08-01 22:27  刘耀  阅读(536)  评论(0编辑  收藏  举报