烂泥行天下本文由ilanniweb微信公众号提供友情赞助,首发于烂泥行天下
jenkins技术分享QQ群:571981257
有关openldap的安装与配置,我在前一篇文章《烂泥:OpenLDAP安装与配置》已经做过介绍,但是那个方法比较复杂。
今天我们再来介绍下直接通过添加ldif文件的方式,安装与配置openldap。
PS:以下安装步骤,不再做过多的文字说明。直接上详细的配置步骤。
一、安装openldap软件
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap -R /var/lib/ldap
chmod 700 -R /var/lib/ldap
ll /var/lib/ldap/
systemctl enable slapd
systemctl start slapd
systemctl status slapd
二、配置openldap管理员密码
cat >/root/chrootpw.ldif << “EOF”
#specify the password generated above for “olcRootPW” section
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}FC/YWM2DGSuhn5vuKaK92pF1EwGVdznj
EOF
ldapadd -Y EXTERNAL -H ldapi:/// -f /root/chrootpw.ldif
三、导入相关openldap属性
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
四、修改openldap的基本配置
cat >/root/chdomain.ldif << “EOF”
#replace to your own domain name for “dc=***,dc=***” section
#specify the password generated above for “olcRootPW” section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth”
read by dn.base=”cn=root,dc=ilanni,dc=com” read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=ilanni,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=root,dc=ilanni,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}FC/YWM2DGSuhn5vuKaK92pF1EwGVdznj
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn=”cn=root,dc=ilanni,dc=com” write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”” by * read
olcAccess: {2}to * by dn=”cn=root,dc=ilanni,dc=com” write by * read
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/chdomain.ldif
五、导入基础数据库
cat >/root/basedomain.ldif << “EOF”
#replace to your own domain name for “dc=***,dc=***” section
dn: dc=ilanni,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server cn
dc: ilanni
dn: cn=root,dc=ilanni,dc=com
objectClass: organizationalRole
cn: root
description: Directory root
dn: ou=People,dc=ilanni,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=ilanni,dc=com
objectClass: organizationalUnit
ou: Group
EOF
ldapadd -x -D cn=root,dc=ilanni,dc=com -w “ilanni” -f /root/basedomain.ldif
六、导入用户
cat > /root/users.ldif << “EOF”
dn: uid=ldapuser1,ou=People,dc=ilanni,dc=com
uid: ldapuser1
cn: 测试用户1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$pmVuchTg$kLzWnW0J1CS3LTWrzMu4PVnjROjXaoVUlr8Em3HzIH6wAK74Gzor7yiuRbrOoYCRGHmSNhAGBxMTNEcTkfpUt1
shadowLastChange: 17642
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/ldapuser1
dn: uid=ldapuser2,ou=People,dc=ilanni,dc=com
uid: ldapuser2
cn: 测试用户2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$NC7BvWQW$b.ceEn5zl7tOf0upfR3E5057um5ovIDo4Xf5sCOZVhwrr01nOfPmqXB0pNBtQCjzahP1lW3DLW5WKBp.qddeT0
shadowLastChange: 17642
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/ldapuser2
EOF
上述命令中,有关ldap用户密码的部分,我们可以是明文的形式存在。也可以是通过slappasswd命令生成的加密后的密码。
ldapadd -x -w “ilanni” -D “cn=root,dc=ilanni,dc=com” -f /root/users.ldif
七、导入用户组
cat > /root/groups.ldif << “EOF”
dn: cn=ldapgroup1,ou=Group,dc=ilanni,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapgroup1
userPassword: {crypt}x
gidNumber: 1000
dn: cn=ldapgroup2,ou=Group,dc=ilanni,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapgroup2
userPassword: {crypt}x
gidNumber: 1001
EOF
ldapadd -x -w “ilanni” -D “cn=root,dc=ilanni,dc=com” -f /root/groups.ldif
八、把用户加入到用户组
cat > /root/add_user_to_groups.ldif << “EOF”
dn: cn=ldapgroup1,ou=Group,dc=ilanni,dc=com
changetype: modify
add: memberuid
memberuid: ldapuser1
dn: cn=ldapgroup2,ou=Group,dc=ilanni,dc=com
changetype: modify
add: memberuid
memberuid: ldapuser2
EOF
ldapadd -x -w “ilanni” -D “cn=root,dc=ilanni,dc=com” -f /root/add_user_to_groups.ldif
九、查看openldap
十、开启openldap日志功能
cat > /root/loglevel.ldif << “EOF”
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/loglevel.ldif
systemctl restart slapd
cat >> /etc/rsyslog.conf << “EOF”
local4.* /var/log/slapd.log
EOF
systemctl restart rsyslog
tail -f /var/log/slapd.log
PS:以上所有的操作步骤,可以下载,点我下载。
未经允许不得转载:烂泥行天下 » 烂泥:OpenLDAP安装与配置(二)
烂泥:OpenLDAP安装与配置,通过docker方式(三)
烂泥:通过docker加速下载国外文件
烂泥:base64加密与解密
烂泥:jfrog artifactory的安装与使用
烂泥:yum安装php5.6
烂泥:openldap主从搭建与配置
烂泥:squid与openldap集成
烂泥:squid代理服务器安装与配置
