Centos 7.9部署ldap 2.4.44

1、环境准备

[root@ldap81 openldap]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@ldap81 openldap]# uname  -r
3.10.0-1160.119.1.el7.x86_64

systemctl stop firewalld
systemctl disable firewalld
setenforce 0
hostnamectl set-hostname ldap81
reboot

2、安装

yum install -y openldap openldap-servers openldap-clients compat-openldap openldap-devel


rpm -qa|grep ldap
compat-openldap-2.3.43-5.el7.x86_64
openldap-devel-2.4.44-25.el7_9.x86_64
openldap-clients-2.4.44-25.el7_9.x86_64
openldap-2.4.44-25.el7_9.x86_64
openldap-servers-2.4.44-25.el7_9.x86_64

3、初始化

cd /etc/openldap/
mv slapd.d slapd.d.bak
mkdir slapd.d
# 生成管理员密码,建议设置的复杂一些
slappasswd
cp /usr/share/openldap-servers/slapd.ldif ./
  • vim修改slapd.ldif配置文件,修改前后对比

ll /etc/openldap/schema/*ldif|awk '{print "include: file://"$NF}'|grep -v core.ldif
# ldif的文件可以通过该命令找到
include: file:///etc/openldap/schema/collective.ldif
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/pmi.ldif
include: file:///etc/openldap/schema/ppolicy.ldif

image

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
slapadd -n 0 -F slapd.d -l slapd.ldif
chown ldap:ldap -R slapd.d
chown ldap:ldap -R /var/lib/ldap
systemctl start slapd
systemctl status slapd

cat config_init.ldif
dn: dc=cjqifu,dc=cn
objectclass: dcObject
objectclass: organization
o: chuangjinqifu
dc: cjqifu

ldapadd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -f config_init.ldif
ldapsearch -x -b 'dc=cjqifu,dc=cn' "objectclass=*"
ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q

4、添加部门

cat department.ldif
# 创建 HR 部门条目
dn: ou=hr,dc=cjqifu,dc=cn
objectClass: organizationalUnit
ou: HR

# 创建 IT 部门条目
dn: ou=it,dc=cjqifu,dc=cn
objectClass: organizationalUnit
ou: IT

# 创建 RD 部门条目
dn: ou=rd,dc=cjqifu,dc=cn
objectClass: organizationalUnit
ou: RD

ldapadd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -f department.ldif

ldapsearch -x -b "dc=cjqifu,dc=cn" "(objectClass=organizationalUnit)"

5、部门添加用户

cat user.ldif
# HR 部门中的用户
dn: uid=linan,ou=HR,dc=cjqifu,dc=cn
objectClass: inetOrgPerson
uid: linan
cn: linan
sn: linan
mail: linan@cjqifu.cn
userPassword: linanpassword

# IT 部门中的用户
dn: uid=suyajun,ou=IT,dc=cjqifu,dc=cn
objectClass: inetOrgPerson
uid: suyajun
cn: su yajun
sn: yajun
mail: suyajun@cjqifu.cn
userPassword: suyajunpassword

dn: uid=Admin,ou=IT,dc=cjqifu,dc=cn
objectClass: inetOrgPerson
uid: Admin
cn: zabbix
sn: zabbix
mail: zabbix@cjqifu.cn
userPassword: zabbixpassword


ldapadd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -f user.ldif

6、用户修改密码

ldappasswd -x -D "cn=admin,dc=cjqifu,dc=cn" -W -S "uid=suyajun,ou=IT,dc=cjqifu,dc=cn"
New password:
Re-enter new password:
Enter LDAP Password: #管理员密码
posted @   Hello_worlds  阅读(24)  评论(0编辑  收藏  举报
相关博文:
· zabbix 7.0.3 接入ldap
· CICD Day1、Centos 7.9快速部署 Gitlab habar jenkins
· Linux(centos7.9)搭建ldap服务器
· Centos7.9安装openldap
· centos7LDAP服务搭建
阅读排行:
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通
点击右上角即可分享
微信分享提示