1)安装需要的软件包
[root@localhost ~]# ls /media/CentOS_5.3_Final/CentOS/ | grep ldap
mod_authz_ldap-0.26-8.el5.i386.rpm
openldap-2.3.43-3.el5.i386.rpm
openldap-clients-2.3.43-3.el5.i386.rpm
openldap-devel-2.3.43-3.el5.i386.rpm
openldap-servers-2.3.43-3.el5.i386.rpm
上面的东东都装了
2)配置/etc/openldap/slapd.conf
备份原始配置档 (Linux/Unix管理员都应该养成这样的好习惯)
[root@mail openldap]# cp /etc/openldap/slapd.conf /etc/openldap/slapd.conf-orig
配置openldap的主配置文件
[root@mail openldap]# vi /etc/openldap/slapd.conf
....
database bdb
suffix "dc=example,dc=com" #一条记录所属区域#
rootdn "cn=admin,dc=example,dc=com"
rootpw 1234567 #定义LDAP根管理员的密码(强烈建议使用加密的密码)
......
将系统账户转移到openldap中
[root@localhost ~]# vi /usr/share/openldap/migration/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "example.com";
Default base
$DEFAULT_BASE = "dc=example,dc=com";
[root@localhost ~]# cd /usr/share/openldap/migration/
[root@localhost ~]# ./migrate_passwd.pl /etc/passwd > /etc/openldap/user.ldif
[root@localhost ~]# ./migrate_group.pl /etc/group > /etc/openldap/group.ldif
建立example.ldif,ou_people.ldif, ou_group.ldif三个文件
[root@localhost ~]# cd /etc/openldap/
[root@localhost ~]# cat example.ldif
dn: dc=example,dc=com
dc: example
objectClass: dcObject
objectClass: organizationalUnit
ou: example.com
[root@mail openldap]# cat ou_people.ldif
dn: ou=people, dc=example, dc=com
objectclass: organizationalunit
ou: people
[root@mail openldap]# cat ou_group.ldif
dn: ou=group, dc=example, dc=com
objectclass: organizationalunit
ou: group
停止ldap服务
[root@mail openldap]# service ldap stop
转换原有Linux 账号至OpenLDAP服务器上:
[root@localhost ~]# slapadd -vl example.ldif
added: "dc=example,dc=com" (00000001)
[root@localhost ~]# slapadd -vl ou_people.ldif
added: "ou=people,dc=example,dc=com" (00000002)
[root@localhost ~]# slapadd -vl ou_group.ldif
added: "ou=group,dc=example,dc=com" (00000043)
[root@localhost ~]# slapadd -vl user.ldif
[root@localhost ~]# slapadd -vl group.ldif
配置DB_CONFIG配置文件
[root@localhost ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
把/var/lib/ldap/目录内的档案变更拥有者及群组为ldap
[root@localhost ~]# chown -R ldap.ldap /var/lib/ldap
为了检查服务是否正在运行并且被正确配置,可以对服务器运行一个搜索命令,使用ldapsearch
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts;
注意命令行参数中单引号的使用,它们阻止特殊的字符被shell解析。这应该返回:
[root@mail openldap]# service ldap start
[root@mail openldap]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts;
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
or
[root@localhost openldap]# ldapsearch -x -b 'dc=example,dc=com'
3,GUI的好像是phpLDAPadmin不喜欢GUI
阅读(989) | 评论(0) | 转发(0) |