ldapserver
============
setenforce 0
iptables -F
base
yum install openldap-servers openldap-clients -y
cd /etc/openldap
rm -rf slapd.d
cp slapd.conf.bak slapd.conf
chown ldap.ldap slapd.conf
vim slapd.conf
modify
suffix "dc=linux.org"
rootdn "cn=Manager,dc=linux.org"
rootpw redhat
access to *
by dn.exact="cn=Manager,dc=linux.org" read
by * none
cd /usr/share/doc/openldap-servers-2.4.19
less README.migration
yum install migrationtools
cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG
cd /var/lib/ldap/
chown ldap.ldap DB_CONFIG
service slapd start
ll /var/lib/ldap/
-rw-r--r--. 1 ldap ldap 2048 Apr 27 06:41 alock
-rw-------. 1 ldap ldap 24576 Apr 27 06:41 __db.001
-rw-------. 1 ldap ldap 17629184 Apr 27 06:41 __db.002
-rw-------. 1 ldap ldap 335552512 Apr 27 06:41 __db.003
-rw-------. 1 ldap ldap 2359296 Apr 27 06:41 __db.004
-rw-------. 1 ldap ldap 802816 Apr 27 06:41 __db.005
-rw-------. 1 ldap ldap 32768 Apr 27 06:41 __db.006
-rw-r--r--. 1 ldap ldap 921 Apr 27 06:41 DB_CONFIG
-rw-------. 1 ldap ldap 8192 Apr 27 06:41 dn2id.bdb
-rw-------. 1 ldap ldap 32768 Apr 27 06:41 id2entry.bdb
-rw-------. 1 ldap ldap 10485760 Apr 27 06:41 log.0000000001
useradd ldapuser1
useradd ldapuser2
useradd ldapuser3
cd /usr/share/migrationtools
vim migrate_common.ph
modify
$DEFAULT_MAIL_DOMAIN = "linux.org";
$DEFAULT_BASE = "dc=linux.org";
./migrate_passwd.pl /etc/passwd > users.ldif
./migrate_group.pl /etc/group > groups.ldif
./migrate_base.pl > base.ldif
vim users.ldif
modify
dn: uid=ldapuser1,ou=People,dc=linux.org
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}!!
shadowLastChange: 15457
shadowMin: 0 只留下ldapuser用户其他删除
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/ldapuser1
*******
vim groups.ldif
dn: cn=ldapuser1,ou=Group,dc=linux.org
objectClass: posixGroup
objectClass: top
cn: ldapuser1
userPassword: {crypt}x
gidNumber: 500
dn: cn=ldapuser2,ou=Group,dc=linux.org
objectClass: posixGroup 只留下ldapuser用户其他删除
objectClass: top
cn: ldapuser2
userPassword: {crypt}x
gidNumber: 501
dn: cn=ldapuser3,ou=Group,dc=linux.org
objectClass: posixGroup
objectClass: top
cn: ldapuser3
userPassword: {crypt}x
gidNumber: 502
vim base.ldif
dn: dc=linux.org
dc: linux.org
objectClass: top
objectClass: domain
dn: ou=People,dc=linux.org
ou: People
objectClass: top
objectClass: organizationalUnit 只留下dn,ou是people,group 其他删除
dn: ou=Group,dc=linux.org
ou: Group
objectClass: top
objectClass: organizationalUnit
userdel ldapuser1
userdel ldapuser2
userdel ldapuser3
echo westos | passwd --stdin ldapuser1
echo westos | passwd --stdin ldapuser2
echo westos | passwd --stdin ldapuser3
ldapadd
ldapadd -W -x -D "cn=manager,dc=linux.org" -f base.ldif
ldapadd -W -x -D "cn=manager,dc=linux.org" -f users.ldif 添加ldap用户
ldapadd -W -x -D "cn=manager,dc=linux.org" -f groups.ldif
tls
vim /etc/openldap/slapd.conf
modify
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
cd /etc/pki/tls/certs
rm -rf slapd.pem
make slapd.pem
Common Name (eg, your name or your server's hostname) desktop67.example.com 必须是服务器hostname
test
client
yum groupinstall directory-client -y
authconfig-tui
phpldap
tar zxf phpldapadmin-*.tgz -C /var/www/html
cd /var/www/html
mv phpldapadmin-* ldap
cd /var/www/html/ldap/config
cp config.php.example config.php
yum install php php-ldap -y
service httpd restart
syncrepl
server1
/usr/lib64/openldap
vim /etc/openldap/slapd.conf
add
moduleload syncprov.la 添加模块
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
server2
vim /etc/openldap/slapd.conf
add
syncrepl rid=001
provider=ldap://192.168.0.28:389
type=refreshOnly
searchbase="dc=linux.org"
attrs=*
schemachecking=off
bindmethod=simple
binddn="cn=Manager,dc=linux.org"
credentials="redhat"
retry="60 +"
阅读(1124) | 评论(0) | 转发(0) |
